Re: [PATCH]LXC doc: Add warns if net namespace not enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

ping...

> -----Original Message-----
> From: libvir-list-bounces@xxxxxxxxxx
[mailto:libvir-list-bounces@xxxxxxxxxx]
> On Behalf Of Chen Hanxiao
> Sent: Tuesday, September 03, 2013 10:04 AM
> To: 'Daniel P. Berrange'
> Cc: libvir-list@xxxxxxxxxx
> Subject: Re:  [PATCH]LXC doc: Add warns if net namespace not
enabled
> 
> Hi
> 	Any comments?
> 
> Thanks
> 
> > -----Original Message-----
> > From: Chen Hanxiao [mailto:chenhanxiao@xxxxxxxxxxxxxx]
> > Sent: Friday, August 23, 2013 1:18 PM
> > To: libvir-list@xxxxxxxxxx
> > Cc: chenhanxiao@xxxxxxxxxxxxxx
> > Subject: [PATCH]LXC doc: Add warns if net namespace not
> > enabled
> >
> > From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> >
> > If we don't enable network namespace, we could shutdown host by
> > executing command 'shutdown' inside container.
> > This patch will add some warnings in LXC docs and give some advice to
> readers.
> >
> > Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> > ---
> >  docs/drvlxc.html.in |    7 +++++++
> >  1 files changed, 7 insertions(+), 0 deletions(-)
> >
> > diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index
> > 640968f..8f3a36a
> > 100644
> > --- a/docs/drvlxc.html.in
> > +++ b/docs/drvlxc.html.in
> > @@ -50,6 +50,13 @@ processes inside containers cannot be securely
> > isolated from host  process without the use of a mandatory access
> > control technology such as SELinux or AppArmor.</strong>  </p>
> > +<p>
> > +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
> > +host OS could be <i>shutdown</i> by executing command like 'reboot'
> > +inside container.<br/>So make sure 'net' namespace was available and
> > +set the &lt;privnet/&gt; feature in the XML, or configure virtual NICs.
> > +Then this issue could be circumvented.</strong> </p>
> >
> >  <h2><a name="init">Default container setup</a></h2>
> >
> > --
> > 1.7.1
> 
> 
> 
> 
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]