Re: [libvirt] [PATCH]LXC doc: Add warns if net namespace not enabled

9 Sep 2013

ping...
...
-----Original Message-----
From: libvir-list-bounces@redhat.com
[mailto:libvir-list-bounces@redhat.com]
On Behalf Of Chen Hanxiao
Sent: Tuesday, September 03, 2013 10:04 AM
To: 'Daniel P. Berrange'
Cc: libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH]LXC doc: Add warns if net namespace not
enabled
Hi
  Any comments?
Thanks
...
-----Original Message-----
From: Chen Hanxiao [mailto:chenhanxiao@cn.fujitsu.com]
Sent: Friday, August 23, 2013 1:18 PM
To: libvir-list@redhat.com
Cc: chenhanxiao@cn.fujitsu.com
Subject: [libvirt][PATCH]LXC doc: Add warns if net namespace not
enabled
From: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
If we don't enable network namespace, we could shutdown host by
executing command 'shutdown' inside container.
This patch will add some warnings in LXC docs and give some advice to
readers.
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
---
 docs/drvlxc.html.in |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index
640968f..8f3a36a
100644
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -50,6 +50,13 @@ processes inside containers cannot be securely
isolated from host  process without the use of a mandatory access
control technology such as SELinux or AppArmor.</strong>  </p>
+<p>
+<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
+host OS could be <i>shutdown</i> by executing command like 'reboot'
+inside container.<br/>So make sure 'net' namespace was available and
+set the <privnet/> feature in the XML, or configure virtual NICs.
+Then this issue could be circumvented.</strong> </p>
<h2><a name="init">Default container setup</a></h2>
--
1.7.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

    