Re: [PATCH]LXC doc: Add warns if net namespace not enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/23/2013 01:18 PM, Chen Hanxiao wrote:
> From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> 
> If we don't enable network namespace, we could shutdown host
> by executing command 'shutdown' inside container.
> This patch will add some warnings in LXC docs and give some
> advice to readers.
> 
> Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> ---

ACK

>  docs/drvlxc.html.in |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in
> index 640968f..8f3a36a 100644
> --- a/docs/drvlxc.html.in
> +++ b/docs/drvlxc.html.in
> @@ -50,6 +50,13 @@ processes inside containers cannot be securely isolated from host
>  process without the use of a mandatory access control technology
>  such as SELinux or AppArmor.</strong>
>  </p>
> +<p>
> +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
> +host OS could be <i>shutdown</i> by executing command like 'reboot'
> +inside container.<br/>So make sure 'net' namespace was available and
> +set the &lt;privnet/&gt; feature in the XML, or configure virtual NICs.
> +Then this issue could be circumvented.</strong>
> +</p>
>  
>  <h2><a name="init">Default container setup</a></h2>
>  
> 

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]