On Thu, Aug 22, 2013 at 09:23:50AM +0800, Gao feng wrote:
> On 08/21/2013 05:53 PM, Daniel P. Berrange wrote:
> > On Wed, Aug 21, 2013 at 05:49:05PM +0800, Chen Hanxiao wrote:
> >> From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> >>
> >> If we don't enable network namespace, we could shutdown host
> >> inside container by command 'shutdown', which is unacceptable.
> >> This patch will force users to enable network namespace
> >> before they start container.
> >>
> >> Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> >> ---
> >> src/lxc/lxc_container.c | 6 ++++++
> >> 1 files changed, 6 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> >> index c7a22ab..5631ad7 100644
> >> --- a/src/lxc/lxc_container.c
> >> +++ b/src/lxc/lxc_container.c
> >> @@ -1937,6 +1937,12 @@ int lxcContainerStart(virDomainDefPtr def,
> >> if (lxcNeedNetworkNamespace(def)) {
> >> VIR_DEBUG("Enable network namespaces");
> >> cflags |= CLONE_NEWNET;
> >> + } else {
> >> + errno = EINVAL;
> >> +
> >> + virReportSystemError(errno, "%s",
> >> + _("Network namespace needed"));
> >> + return -1;
> >> }
> >>
> >> pid = clone(lxcContainerChild, stacktop, cflags, &args);
> >
> > NACK.
> >
> > We explicitly want to allow containers sharing the host's network
> > namespace. If you wish to prevent the problem you describe, then
> > set the <privnet/> feature in the XML, or configure virtual NICs
> >
>
> At least we should give user some warning message or add a notification
> about the probable reboot problem if user doesn't configure private
> net namespace for container.
That can be documented in the drvlxc.html.in page
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list