the gateway. <option>auto</option> is only available when
using the <option>veth</option>,
<option>macvlan</option> and <option>ipvlan</option> network types.
+ Can also have the special value of <option>dev</option>,
+ which means to set the default gateway as a device route.
+ This is primarily for use with layer 3 network modes, such as IPVLAN.
</para>
</listitem>
</varlistentry>
the gateway. <option>auto</option> is only available when
using the <option>veth</option>,
<option>macvlan</option> and <option>ipvlan</option> network types.
+ Can also have the special value of <option>dev</option>,
+ which means to set the default gateway as a device route.
+ This is primarily for use with layer 3 network modes, such as IPVLAN.
</para>
</listitem>
</varlistentry>
process wants to inherit the other's network namespace it usually
needs to inherit the user namespace as well.
</para>
+
+ <para>
+ Note that without careful additional configuration of an LSM,
+ sharing user+pid namespaces with a task may allow that task to
+ escalate privileges to that of the task calling liblxc.
+ </para>
</listitem>
</varlistentry>
</variablelist>
<para>
Specifying "errno" as action will cause LXC to register a seccomp filter
- that will cause a specific errno to be returned ot the caller. The errno
+ that will cause a specific errno to be returned to the caller. The errno
value can be specified after the "errno" action word.
</para>
projects / mirror_lxc.git / blobdiff