[libvirt] [PATCH]LXC doc: Add warns if net namespace not enabled
Gao feng
gaofeng at cn.fujitsu.com
Fri Aug 23 08:20:35 UTC 2013
On 08/23/2013 01:18 PM, Chen Hanxiao wrote:
> From: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
>
> If we don't enable network namespace, we could shutdown host
> by executing command 'shutdown' inside container.
> This patch will add some warnings in LXC docs and give some
> advice to readers.
>
> Signed-off-by: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
> ---
ACK
> docs/drvlxc.html.in | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in
> index 640968f..8f3a36a 100644
> --- a/docs/drvlxc.html.in
> +++ b/docs/drvlxc.html.in
> @@ -50,6 +50,13 @@ processes inside containers cannot be securely isolated from host
> process without the use of a mandatory access control technology
> such as SELinux or AppArmor.</strong>
> </p>
> +<p>
> +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
> +host OS could be <i>shutdown</i> by executing command like 'reboot'
> +inside container.<br/>So make sure 'net' namespace was available and
> +set the <privnet/> feature in the XML, or configure virtual NICs.
> +Then this issue could be circumvented.</strong>
> +</p>
>
> <h2><a name="init">Default container setup</a></h2>
>
>
More information about the libvir-list
mailing list