Re: [lxc-users] macvlan-based networking for unprivileged containers

On Wed, Feb 18, 2015 at 12:27 AM, Serge Hallyn wrote: > Quoting Fajar A. Nugraha (l...@fajar.net): >> # c1's veth name on host side >> auto v-c1-0 >> iface v-c1-0 inet static > > I'm probably just ignorant here, but - does this not cause 'ifup -a' to > fail when the containers are not up? ifup th

[lxc-users] Change selinux context of /sys and /proc inside container

Is there a way to alter the selinux context of certain directories or files in /proc and /sys inside the container? AppArmor looks to have the an easier config in this matter but I can't seem to get it to build correctly on Fedora 21. Most of these files share the same context, so I don't see

Re: [lxc-users] Seg fault when using VLAN mode network

Quoting Serge Hallyn (serge.hal...@ubuntu.com): > Quoting Rory McCann (rory.mcc...@riverbed.com): > > Serge Hallyn writes: > > > > > > Quoting Serge Hallyn (serge.hallyn ubuntu.com): > > > > Quoting Rory McCann (Rory.McCann riverbed.com): > > > .. > > > > > Now, after exiting the container and

Re: [lxc-users] macvlan-based networking for unprivileged containers

Quoting Fajar A. Nugraha (l...@fajar.net): > On Mon, Feb 16, 2015 at 9:52 PM, Serge Hallyn wrote: > > Quoting overlay fs (overla...@gmail.com): > > >> > > However veth works > >> > > just fine. And you don't have to put your public link (e.g. eth0) on > >> > > bridge mode to have a working contai

Re: [lxc-users] Seg fault when using VLAN mode network

Quoting Rory McCann (rory.mcc...@riverbed.com): > Serge Hallyn writes: > > > > Quoting Serge Hallyn (serge.hallyn ubuntu.com): > > > Quoting Rory McCann (Rory.McCann riverbed.com): > > .. > > > > Now, after exiting the container and re-running the lxc-execute > command, I straightaway get a > >

Re: [lxc-users] Unprivileged containers on Debian Jessie

Cool, thanks, that is very nicely done :) I'll leave it to you and Stéphane to decide whether this ought to be integrated with the config scripts shipped in lxc or not. The way you have it set up doesn't appear to lose any of the protections for the host from the unprivileged users, so I'd be all

Re: [lxc-users] Seg fault when using VLAN mode network

Serge Hallyn writes: > > Quoting Serge Hallyn (serge.hallyn ubuntu.com): > > Quoting Rory McCann (Rory.McCann riverbed.com): > .. > > > Now, after exiting the container and re-running the lxc-execute command, I straightaway get a > segmentation fault, and the following kernel stacktrace: > > >

Re: [lxc-users] Unprivileged containers on Debian Jessie

Hi Serge, I did some tries with Ubuntu 14.04 and you are right, this does not make things easier. Thus, I came back to Debian Jessie and I have written a small tool to automate the configuration tweaks, create the useful cgroups and autostart the unprivileged containers on boot. This is a ve