On 2/6/2011 3:56 PM, John Drescher wrote:
>> Is this important if, say, a malicious user has access to a container?
>> Or, can a container be configured such that they could do little harm?
>
> You can easily make a container have its own filesystem and no access
> to the host's filesystem or devi
On Sat, Feb 5, 2011 at 1:44 PM, Daniel Lezcano wrote:
> On 02/04/2011 07:24 PM, Andre Nathan wrote:
>> Hello
>>
>> Is it possible to have everything inside a container (including init,
>> getty and whatever daemons are installed) being run as a normal user?
>> That is, can I have a container with
> Is this important if, say, a malicious user has access to a container?
> Or, can a container be configured such that they could do little harm?
You can easily make a container have its own filesystem and no access
to the host's filesystem or devices. Is that what you are getting at?
John
-
On 2/6/2011 10:44 AM, Daniel Lezcano wrote:
> On 02/04/2011 07:24 PM, Andre Nathan wrote:
>> Hello
>>
>> Is it possible to have everything inside a container (including init,
>> getty and whatever daemons are installed) being run as a normal user?
>> That is, can I have a container with no root use
On 02/05/2011 07:14 AM, Nirmal Guhan wrote:
> On Fri, Feb 4, 2011 at 4:08 PM, Daniel Lezcano wrote:
>> On 02/04/2011 03:43 PM, Andre Nathan wrote:
>>> Hello
>>>
>>> I have the following container network configuration:
>>>
>>> lxc.network.type = veth
>>> lxc.network.link = br0
>>> lxc.network.flag
On 02/04/2011 07:24 PM, Andre Nathan wrote:
> Hello
>
> Is it possible to have everything inside a container (including init,
> getty and whatever daemons are installed) being run as a normal user?
> That is, can I have a container with no root user in /etc/passwd?
Not yet. The user namespace is p
On 02/04/2011 01:40 PM, Bernd Becker wrote:
> Hi,
>
> looking at http://sourceforge.net/projects/lxc/ It is stated lxc is under
> LGPL v3, in the code (both tarball and git repository) I saw LGPL v2.1
> Are there code parts under the LGPL v3?
No, the code was made under the v2.1 version but the s
You don't mention what kernel you are using, but this is probably due
to the maturity of your kernel; for example, the RHEL6 2.6.32 kernel
does not allow movement of physical devices into a network namespace.
As a test, try creating a VLAN device on your eth3, and configure your
container to use th
Hello all
Using lxc since many months, i decided to add a network card on my host. I
thought it could be assigned to the lxc-guests i will create later.
But ... it doesn't work.
when i try to start the container i get this error:
root@p733:/opt/lxc/vm1733# lxc-start -n vm1733 -d -o /tmp/outvm1
