doc: Mention that veth.pair is ignored for unpriv

veth.pair is ignore for unprivileged containers as allowing an
unprivileged user to set a specific device name would allow them to
trigger actions in tools like NetworkManager or other uevent based
handlers that may react based on specific names or prefixes being used.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 2050d7c46285c587187d4b3e9d10b7e21deb5b80..4f8e4e9ec4208db15bb7a7246353b53876118357 100644 (file)
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -259,7 +259,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
              by <command>lxc</command>, but if you wish to handle
              this name yourself, you can tell <command>lxc</command>
              to set a specific name with
-             the <option>lxc.network.veth.pair</option> option.
+             the <option>lxc.network.veth.pair</option> option (except for
+             unprivileged containers where this option is ignored for security
+             reasons).
            </para>
 
            <para>