Re: [libvirt] IPv6 in Libvirt LXC
On Mon, Jun 2, 2014 at 6:22 PM, Daniel P. Berrange <berrange(a)redhat.com> wrote:
IIUC, we'd need to recursively chown the files under
/proc/sys/net to
give them the remapped UID/GID of the root user in the container, in
order that they can be used.
So overall I think we'd have to do
- Make either /proc/sys/net or /proc/sys read-write
- If userns is active, recursive chown /proc/sys/net (or a subset of
files in it that we explicitly want to grant access to)
Please just make /proc/ and /sys writeable (or at least the setting
optional for paranoid folks).
If the userns was setup correctly by libvirt and a container user/root still
can do bad things this a plain kernel bug and needs fixing.
No need to paper over it in libvirt.
--
Thanks,
//richard