On Wed, Feb 18, 2015 at 12:27 AM, Serge Hallyn wrote:
> Quoting Fajar A. Nugraha (l...@fajar.net):
>> # c1's veth name on host side
>> auto v-c1-0
>> iface v-c1-0 inet static
>
> I'm probably just ignorant here, but - does this not cause 'ifup -a' to
> fail when the containers are not up?
ifup th
Is there a way to alter the selinux context of certain directories or
files in /proc and /sys inside the container? AppArmor looks to have
the an easier config in this matter but I can't seem to get it to build
correctly on Fedora 21.
Most of these files share the same context, so I don't see
Quoting Serge Hallyn (serge.hal...@ubuntu.com):
> Quoting Rory McCann (rory.mcc...@riverbed.com):
> > Serge Hallyn writes:
> > >
> > > Quoting Serge Hallyn (serge.hallyn ubuntu.com):
> > > > Quoting Rory McCann (Rory.McCann riverbed.com):
> > > ..
> > > > > Now, after exiting the container and
Quoting Fajar A. Nugraha (l...@fajar.net):
> On Mon, Feb 16, 2015 at 9:52 PM, Serge Hallyn wrote:
> > Quoting overlay fs (overla...@gmail.com):
>
> >> > > However veth works
> >> > > just fine. And you don't have to put your public link (e.g. eth0) on
> >> > > bridge mode to have a working contai
Quoting Rory McCann (rory.mcc...@riverbed.com):
> Serge Hallyn writes:
> >
> > Quoting Serge Hallyn (serge.hallyn ubuntu.com):
> > > Quoting Rory McCann (Rory.McCann riverbed.com):
> > ..
> > > > Now, after exiting the container and re-running the lxc-execute
> command, I straightaway get a
> >
Cool, thanks, that is very nicely done :)
I'll leave it to you and Stéphane to decide whether this ought to be
integrated with the config scripts shipped in lxc or not. The
way you have it set up doesn't appear to lose any of the protections
for the host from the unprivileged users, so I'd be all
Serge Hallyn writes:
>
> Quoting Serge Hallyn (serge.hallyn ubuntu.com):
> > Quoting Rory McCann (Rory.McCann riverbed.com):
> ..
> > > Now, after exiting the container and re-running the lxc-execute
command, I straightaway get a
> segmentation fault, and the following kernel stacktrace:
> > >
Hi Serge,
I did some tries with Ubuntu 14.04 and you are right, this does not make
things easier. Thus, I came back to Debian Jessie and I have written a
small tool to automate the configuration tweaks, create the useful
cgroups and autostart the unprivileged containers on boot.
This is a ve