[systemd-devel] [Hackfest] nspawn a container with isolated network interface
Lennart Poettering
lennart at poettering.net
Fri Mar 1 05:33:28 PST 2013
On Fri, 22.02.13 16:23, Andreas Schultz (aschultz at tpip.net) wrote:
Heya!
> systemd-nspawn already allows you start a container with an
> all networking but lo disabled (--private-network).
> This experimental patch developed during Hackfest in Brno
> allows one to add up to 16 veth pairs to a containers with
> one end outside of the container and the other inside of the
> container.
>
> https://github.com/RoadRunnr/systemd/compare/master...nspawn-netif
Thanks! Sounds good in principle, definitely something we should have!
However, before we can merge this we really should convert this into
proper netlink code, rather than simply invoking the "ip" tool. We
already have netlink code in systemd, to configure the loopback device,
and doing the requests to create the veth device and assign it to the
namespace shouldn't be that hard, if we just use similar code bits.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list