Can LXC_NET_NS be exported when net hook being executed? #3066
Comments
|
Seems reasonable to me, can you send a PR that adds the environment variable? |
|
I found that the |
|
But if |
|
@brauner @tomponline I'm guessing you two will have a stronger opinion than I do |
|
@brauner has said in the past that LXC_PID can.be used for this as @ss1h2a3tw says. |
|
I found that the time that the hook being executed will differ by whether the lxc is running as root. If it is running as root, the hook will be executed before clone(). If not running as root, the hook will be executed after clone(). So |
|
For containers started as root neither LXC_PID nor LXC_NET_NS can be made available since it is done before the container is started. But I'm sure we could redesign this. |
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Closes lxc#3066. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Make sure that network creation happens at the same time for containers started by privileged and unprivileged users. The only reason we didn't do this so far was to avoid sending network device ifindices around in the privileged case. Link: lxc#3066 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Closes #3066. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Issue description
Since the net hook script may need to modify the network configs in the lxc's network namespace. Exporting this variable will be helpful.
The text was updated successfully, but these errors were encountered: