Hi there,
I have a security related question, maybe related to privileged/unprivileged containers.
On a privileged LXC container on Proxmox 5.1 , you can list other containers' and KVM VMs' interfaces by issuing
cat /sys/fs/cgroup/net_cls/net_prio.ifpriomap
In my case, it shows
lo 0
eno1 0
eno2 0
eno3 0
eno4 0
vmbr0 0
tap24855i0 0
tap1851078i0 0
veth104104i0 0
veth10620i0 0
veth251180i0 0
Version information:
proxmox-ve: 5.1-32 (running kernel: 4.13.13-2-pve)
pve-manager: 5.1-41 (running version: 5.1-41/0b958203)
pve-kernel-4.13.13-2-pve: 4.13.13-32
pve-kernel-4.10.15-1-pve: 4.10.15-15
pve-kernel-4.10.17-1-pve: 4.10.17-18
libpve-http-server-perl: 2.0-8
lvm2: 2.02.168-pve6
corosync: 2.4.2-pve3
libqb0: 1.0.1-1
pve-cluster: 5.0-19
qemu-server: 5.0-18
pve-firmware: 2.0-3
libpve-common-perl: 5.0-25
libpve-guest-common-perl: 2.0-14
libpve-access-control: 5.0-7
libpve-storage-perl: 5.0-17
pve-libspice-server1: 0.12.8-3
vncterm: 1.5-3
pve-docs: 5.1-12
pve-qemu-kvm: 2.9.1-5
pve-container: 2.0-18
pve-firewall: 3.0-5
pve-ha-manager: 2.0-4
ksm-control-daemon: 1.2-2
glusterfs-client: 3.8.8-1
lxc-pve: 2.1.1-2
lxcfs: 2.0.8-1
criu: 2.11.1-1~bpo90
novnc-pve: 0.6-4
smartmontools: 6.5+svn4324-1
zfsutils-linux: 0.7.3-pve1~bpo9
I can't make any changes to try unprivileged or protection due to services reasons.
Can someone please confirm or clarify ? Is this a wanted feature ?
Regards,
Carlos
I have a security related question, maybe related to privileged/unprivileged containers.
On a privileged LXC container on Proxmox 5.1 , you can list other containers' and KVM VMs' interfaces by issuing
cat /sys/fs/cgroup/net_cls/net_prio.ifpriomap
In my case, it shows
lo 0
eno1 0
eno2 0
eno3 0
eno4 0
vmbr0 0
tap24855i0 0
tap1851078i0 0
veth104104i0 0
veth10620i0 0
veth251180i0 0
Version information:
proxmox-ve: 5.1-32 (running kernel: 4.13.13-2-pve)
pve-manager: 5.1-41 (running version: 5.1-41/0b958203)
pve-kernel-4.13.13-2-pve: 4.13.13-32
pve-kernel-4.10.15-1-pve: 4.10.15-15
pve-kernel-4.10.17-1-pve: 4.10.17-18
libpve-http-server-perl: 2.0-8
lvm2: 2.02.168-pve6
corosync: 2.4.2-pve3
libqb0: 1.0.1-1
pve-cluster: 5.0-19
qemu-server: 5.0-18
pve-firmware: 2.0-3
libpve-common-perl: 5.0-25
libpve-guest-common-perl: 2.0-14
libpve-access-control: 5.0-7
libpve-storage-perl: 5.0-17
pve-libspice-server1: 0.12.8-3
vncterm: 1.5-3
pve-docs: 5.1-12
pve-qemu-kvm: 2.9.1-5
pve-container: 2.0-18
pve-firewall: 3.0-5
pve-ha-manager: 2.0-4
ksm-control-daemon: 1.2-2
glusterfs-client: 3.8.8-1
lxc-pve: 2.1.1-2
lxcfs: 2.0.8-1
criu: 2.11.1-1~bpo90
novnc-pve: 0.6-4
smartmontools: 6.5+svn4324-1
zfsutils-linux: 0.7.3-pve1~bpo9
I can't make any changes to try unprivileged or protection due to services reasons.
Can someone please confirm or clarify ? Is this a wanted feature ?
Regards,
Carlos
