[systemd-bugs] [Bug 85464] systemd-nspawn --network-bridge breaks networking in container's host
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Oct 26 08:35:52 PDT 2014
https://bugs.freedesktop.org/show_bug.cgi?id=85464
--- Comment #5 from Ed Tomlinson <edt at aei.ca> ---
btw in comment 2 it should have read --network-interface=eth1
When using network-interface I configure eth0 in the kvm host, and pass eth1 to
the nspawn dev and configure it there. When dev is active I see the problem.
Another observation. If I create three interfaces when starting kvm eg.
-netdev bridge,id=hn0 -device virtio-net-pci,netdev=hn0,id=nic0 \
-netdev bridge,id=hn1 -device virtio-net-pci,netdev=hn1,id=nic1 \
-netdev bridge,id=hn2 -device virtio-net-pci,netdev=hn2,id=nic2 \
and pass eth1 to nspanw dev and pass eth2 to nspawn prd and configure all
interfaces on the same network then communication (as root) is possible prd,
host & grover or btween dev, host & grover but not between dev & prd.
Think in all cases I am seeing some side effects of network namespaces.
In any case it makes isolation of the interfaces networks used by dev & prd
almost useless. I realize that nspawn is not a security solution and that its
isolation very probably can be easily hacked. However, it would be nice to be
able to partition the networks - it makes the setup of programs running in them
simpler.
Ed
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20141026/e6a357a3/attachment.html>
More information about the systemd-bugs
mailing list