On 08/23/2013 01:18 PM, Chen Hanxiao wrote: > From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx> > > If we don't enable network namespace, we could shutdown host > by executing command 'shutdown' inside container. > This patch will add some warnings in LXC docs and give some > advice to readers. > > Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx> > --- ACK > docs/drvlxc.html.in | 7 +++++++ > 1 files changed, 7 insertions(+), 0 deletions(-) > > diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in > index 640968f..8f3a36a 100644 > --- a/docs/drvlxc.html.in > +++ b/docs/drvlxc.html.in > @@ -50,6 +50,13 @@ processes inside containers cannot be securely isolated from host > process without the use of a mandatory access control technology > such as SELinux or AppArmor.</strong> > </p> > +<p> > +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container, > +host OS could be <i>shutdown</i> by executing command like 'reboot' > +inside container.<br/>So make sure 'net' namespace was available and > +set the <privnet/> feature in the XML, or configure virtual NICs. > +Then this issue could be circumvented.</strong> > +</p> > > <h2><a name="init">Default container setup</a></h2> > > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list