[libvirt] [PATCH]LXC doc: Add warns if net namespace not enabled

Chen Hanxiao chenhanxiao at cn.fujitsu.com
Fri Aug 23 05:18:08 UTC 2013


From: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>

If we don't enable network namespace, we could shutdown host
by executing command 'shutdown' inside container.
This patch will add some warnings in LXC docs and give some
advice to readers.

Signed-off-by: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
---
 docs/drvlxc.html.in |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in
index 640968f..8f3a36a 100644
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -50,6 +50,13 @@ processes inside containers cannot be securely isolated from host
 process without the use of a mandatory access control technology
 such as SELinux or AppArmor.</strong>
 </p>
+<p>
+<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
+host OS could be <i>shutdown</i> by executing command like 'reboot'
+inside container.<br/>So make sure 'net' namespace was available and
+set the <privnet/> feature in the XML, or configure virtual NICs.
+Then this issue could be circumvented.</strong>
+</p>
 
 <h2><a name="init">Default container setup</a></h2>
 
-- 
1.7.1




More information about the libvir-list mailing list