[libvirt] [PATCH]LXC doc: Add warns if net namespace not enabled
Chen Hanxiao
chenhanxiao at cn.fujitsu.com
Mon Sep 9 08:33:54 UTC 2013
ping...
> -----Original Message-----
> From: libvir-list-bounces at redhat.com
[mailto:libvir-list-bounces at redhat.com]
> On Behalf Of Chen Hanxiao
> Sent: Tuesday, September 03, 2013 10:04 AM
> To: 'Daniel P. Berrange'
> Cc: libvir-list at redhat.com
> Subject: Re: [libvirt] [PATCH]LXC doc: Add warns if net namespace not
enabled
>
> Hi
> Any comments?
>
> Thanks
>
> > -----Original Message-----
> > From: Chen Hanxiao [mailto:chenhanxiao at cn.fujitsu.com]
> > Sent: Friday, August 23, 2013 1:18 PM
> > To: libvir-list at redhat.com
> > Cc: chenhanxiao at cn.fujitsu.com
> > Subject: [libvirt][PATCH]LXC doc: Add warns if net namespace not
> > enabled
> >
> > From: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
> >
> > If we don't enable network namespace, we could shutdown host by
> > executing command 'shutdown' inside container.
> > This patch will add some warnings in LXC docs and give some advice to
> readers.
> >
> > Signed-off-by: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
> > ---
> > docs/drvlxc.html.in | 7 +++++++
> > 1 files changed, 7 insertions(+), 0 deletions(-)
> >
> > diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index
> > 640968f..8f3a36a
> > 100644
> > --- a/docs/drvlxc.html.in
> > +++ b/docs/drvlxc.html.in
> > @@ -50,6 +50,13 @@ processes inside containers cannot be securely
> > isolated from host process without the use of a mandatory access
> > control technology such as SELinux or AppArmor.</strong> </p>
> > +<p>
> > +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
> > +host OS could be <i>shutdown</i> by executing command like 'reboot'
> > +inside container.<br/>So make sure 'net' namespace was available and
> > +set the <privnet/> feature in the XML, or configure virtual NICs.
> > +Then this issue could be circumvented.</strong> </p>
> >
> > <h2><a name="init">Default container setup</a></h2>
> >
> > --
> > 1.7.1
>
>
>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list