Re: [libvirt] [PATCH]LXC doc: Add warns if net namespace not enabled

-----Original Message----- From: libvir-list-bounces(a)redhat.com

On Behalf Of Chen Hanxiao Sent: Tuesday, September 03, 2013 10:04 AM To: 'Daniel P. Berrange' Cc: libvir-list(a)redhat.com Subject: Re: [libvirt] [PATCH]LXC doc: Add warns if net namespace not

Hi Any comments? Thanks > -----Original Message----- > From: Chen Hanxiao [mailto:chenhanxiao@cn.fujitsu.com] > Sent: Friday, August 23, 2013 1:18 PM > To: libvir-list(a)redhat.com > Cc: chenhanxiao(a)cn.fujitsu.com > Subject: [libvirt][PATCH]LXC doc: Add warns if net namespace not > enabled > > From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com&gt; > > If we don't enable network namespace, we could shutdown host by > executing command 'shutdown' inside container. > This patch will add some warnings in LXC docs and give some advice to readers. > > Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com&gt; > --- > docs/drvlxc.html.in | 7 +++++++ > 1 files changed, 7 insertions(+), 0 deletions(-) > > diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index > 640968f..8f3a36a > 100644 > --- a/docs/drvlxc.html.in > +++ b/docs/drvlxc.html.in > @@ -50,6 +50,13 @@ processes inside containers cannot be securely > isolated from host process without the use of a mandatory access > control technology such as SELinux or AppArmor.</strong> </p> > +<p> > +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container, > +host OS could be <i>shutdown</i> by executing command like 'reboot' > +inside container.<br/>So make sure 'net' namespace was available and > +set the &lt;privnet/&gt; feature in the XML, or configure virtual NICs. > +Then this issue could be circumvented.</strong> </p> > > <h2><a name="init">Default container setup</a></h2> > > -- > 1.7.1 -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list