Re: [lxc-users] LXD firewall container?

I know that's only touching your point slightly but (as far as I know) pfSense requires 2 physical WAN ports in order to run. So I'd doubt is can be containerized to begin with On 4/25/2017 12:10 AM, Ron Kelley wrote: Greetings all, I am looking for an easy-to-configure firewall tool that

Re: [lxc-users] does running NTP in an LXC improve security?

First of all, an "unprivileged" container is still pretty insecure if you don't have a proper Linux Security Module (LSM) enforcing Mandatory Access Control to restrict what the container can do. LXD takes a decent stab at integrating the AppArmor LSM and applies it pretty well to secure and

[lxc-users] does running NTP in an LXC improve security?

I need to run NTP on a Xen dom0. (I'm running it in the dom0 in order to have all the Xen guests and host synchronized.) I'm concerned about remote code execution exploits via buffer overflows, for example. I have no experience with unprivileged LXCs yet. Would it provide useful protection of

Re: [lxc-users] lxc launch + "-c" option - how to set "raw.lxc: lxc.aa_allow_incomplete=1"?

On Tue, Apr 25, 2017 at 12:07:18AM +0900, Tomasz Chmielewski wrote: > This one works: > > lxc launch images:ubuntu/trusty/amd64 test1 -c "security.privileged=true" > > > These don't: > > lxc launch images:ubuntu/trusty/amd64 test2 -c "security.privileged=true" -c > "raw.lxc:

[lxc-users] LXD firewall container?

Greetings all, I am looking for an easy-to-configure firewall tool that provides NAT/Gateway/Firewall functions for other containers. I know I can use iptables, etc, but I would like something more easily managed (web-based tool?) like pfSense, IPFire, IPCop, etc. Unfortunately, many of the

[lxc-users] lxc launch + "-c" option - how to set "raw.lxc: lxc.aa_allow_incomplete=1"?

This one works: lxc launch images:ubuntu/trusty/amd64 test1 -c "security.privileged=true" These don't: lxc launch images:ubuntu/trusty/amd64 test2 -c "security.privileged=true" -c "raw.lxc: lxc.aa_allow_incomplete=1" lxc launch images:ubuntu/trusty/amd64 test3 -c "raw.lxc:

Re: [lxc-users] [python-lxc] Store attach_wait in variable

I wrote this little snippet, it might give you an idea of how I "got around" it... import lxc c = lxc.Container('tmp_container') import tempfile def run(container, command): with tempfile.NamedTemporaryFile() as t: container.attach_wait(lxc.attach_run_command, command,

Re: [lxc-users] Device hot-plug for unprivileged lxc container.

UP. Does someone have an idea how to make device hot-plug for unprivileged containers? Mit freundlichen Grüßen / Best regards Ivan Bludov Engineering SW Operating Systems (CM/ESO6) Tel. +49(5121)49-3129 | Fax +49(711)811-5053129 | ivan.blu...@de.bosch.com