[pkg-lxc-devel] Bug#857295: Bug#857295: Info received ([oss-security] LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership)

Evgeni Golov evgeni at debian.org
Fri Mar 24 09:17:59 UTC 2017


Hi,

On Fri, Mar 24, 2017 at 05:03:57AM -0400, Stiepan wrote:
> Fyi, now that lxc 2.0.7-2 landed in jessie-backports, I am getting a new error when trying to start an lxc instance (running jessie as well) using a virtual br0 rather than "plain old" br0 (all of this in unprivileged mode), namely: lxc_delete_network:3028 - Failed to remove interface "vethXJW6PL" from host: Operation not permitted. With "plain old" br0, it still works as expected.

Can you alaborate a bit more on your network setup please?
What is a "virtual br0"? How do you you set this up?

My setup uses brctl to setup the bridge and then unpviliged containers
work fine. I guess that is "plain old" for ya?

Regards
Evgeni



More information about the Pkg-lxc-devel mailing list