[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH]LXC doc: Add warns if net namespace not enabled



Hi
	Any comments?

Thanks

> -----Original Message-----
> From: Chen Hanxiao [mailto:chenhanxiao cn fujitsu com]
> Sent: Friday, August 23, 2013 1:18 PM
> To: libvir-list redhat com
> Cc: chenhanxiao cn fujitsu com
> Subject: [libvirt][PATCH]LXC doc: Add warns if net namespace not enabled
> 
> From: Chen Hanxiao <chenhanxiao cn fujitsu com>
> 
> If we don't enable network namespace, we could shutdown host by executing
> command 'shutdown' inside container.
> This patch will add some warnings in LXC docs and give some advice to readers.
> 
> Signed-off-by: Chen Hanxiao <chenhanxiao cn fujitsu com>
> ---
>  docs/drvlxc.html.in |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index 640968f..8f3a36a
> 100644
> --- a/docs/drvlxc.html.in
> +++ b/docs/drvlxc.html.in
> @@ -50,6 +50,13 @@ processes inside containers cannot be securely isolated
> from host  process without the use of a mandatory access control technology
> such as SELinux or AppArmor.</strong>  </p>
> +<p>
> +<strong>WARNING: If 'net' namespace <i>not</i> enabled for container,
> +host OS could be <i>shutdown</i> by executing command like 'reboot'
> +inside container.<br/>So make sure 'net' namespace was available and
> +set the &lt;privnet/&gt; feature in the XML, or configure virtual NICs.
> +Then this issue could be circumvented.</strong> </p>
> 
>  <h2><a name="init">Default container setup</a></h2>
> 
> --
> 1.7.1





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]