[libvirt] Networking options in libvirt_lxc

Hello, I am doing some research on [subject] and I would like to find out some information regarding various scenarios. I've studied the official documentation at [1] and some of the mailing list archives. The configurations I have in mind are somewhat inspired by what the sf LXC package offers in terms of networking. What I've tested so far and works: - Shared networking - all host interfaces are present in the container if no <interface> tag has been specified in the domain configuration. I'm assuming this is because the container is started in the same network namespace like the host. Is it possible to make only a subset of these interfaces visible inside the container? - Bridge to LAN - connecting a domain interface to a host bridge; - Direct attachment through a Macvtap device - all 3 modes (vepa, bridge and private) work as expected, "passthrough" requires some capabilities in the physical device (SRIOV), which I don't have - assuming I have a device with this capability, is this configuration supported by (implemented in) the libvirt_lxc driver? What other scenarios I would be interested in: - host network interface private to the container - much like what lxc.network.phys is offering: "dedicated NIC from host passed through". I've read some documentation about <hostdev> and how to assign PCI devices to virtual machine, but I understand this is only possible with KVM - it's assigned from the kernel, it makes more sense, etc. However, I've also read a thread on the mailing list regarding <hostdev mode="capabilities">, which offers access from a container to a device, but it's currenly only applicable to block and character devices. Is there currently any way to make a host interface private to a container? Thank you very much! Best regards, Bogdan P. [1] http://libvirt.org