Re: [Lxc-users] Hiding PCI devices inside the container

[Serge Hallyn]

Quoting Devendra K. Modium (dmod...@isi.edu):
> Hi
> 
> Please let me know is it possible to hide PCI devices inside the container.
> Although I used the cgroups.deny=a option in the configuration script.
> When I run the  command lspci inside container, I can see all the devices 
> connected to host machine.
> 
> Please let me know if I can avoid it someway or is there any development 
> going on currently.

Not currently possible.  Things that would help this are /proc and
/sys filtering and device namespaces.  Daniel was looking into a
/proc filtering approach recently, but noone is working on device
namespaces that I know of.

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

[Lxc-users] Hiding PCI devices inside the container

[Devendra K. Modium]

Hi

Please let me know is it possible to hide PCI devices inside the container.
Although I used the cgroups.deny=a option in the configuration script.
When I run the  command lspci inside container, I can see all the devices 
connected to host machine.

Please let me know if I can avoid it someway or is there any development going 
on currently.

Thanks in advance

Regards
Devendra

--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

[Lxc-users] Problem with network start on Arch Linux (with revised rc.conf)

[l...@jelmail.com]

Hi list, 

I've just updated my container config to use the new way of configuring the
network on Arch Linux. This does not use the net-tools (ifconfig) package
any more but instead uses ip.

The container rc.conf file contains the simple static network setup:

# Static IP example
interface=eth0
address=192.168.0.2
netmask=255.255.255.0
gateway=192.168.0.1

The problem I have is that when /etc/rc.d/network tries to add the ip
address to the network this fails with a "RTNETLINK answers: file exists"
and bails out.

It would appear that the IP address is already added when the script tries
to do it. This causes it to fail and, therefore, not bother doing anything
else. This means the routes (default gatweay) don't get set up so the
network is left half-baked. 

Trying to shut down the network (/etc/rc.d/network stop) then fails because
it can't delete the route that wasn't added (RTNETLINK answers: file not
found).

If I comment out the line from /etc/rc.d/network that adds the IP address
(ip addr add...) everything then works fine when I start the container.
However, If I manually stop the network, and then manually start the
network it won't start because the IP address does not get added (due to
that line being commented out).

Very strange. 

I wondered if the LXC environment is adding the IP address when the
container starts and if there is a way to stop this so it just lets the
container do it ?

I'm looking for some advice on how to get the network setup working
correctly on Arch Linux. I may need new init scripts (rc.sysinit,
rc.shutdown) also.

Thanks in advance,
John.


myhosting.com - Premium Microsoft® Windows® and Linux web and application
hosting - http://link.myhosting.com/myhosting



--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users