From: Stéphane Graber <stgraber@ubuntu.com>
Date: Wed, 16 Jul 2014 01:32:46 +0000 (-0400)
Subject: doc: Mention that veth.pair is ignored for unpriv
X-Git-Tag: lxc-1.1.0.alpha2~132
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8982c0fd5e1db818803e8c9cdee588a8a13d8fd2;p=thirdparty%2Flxc.git

doc: Mention that veth.pair is ignored for unpriv

veth.pair is ignore for unprivileged containers as allowing an
unprivileged user to set a specific device name would allow them to
trigger actions in tools like NetworkManager or other uevent based
handlers that may react based on specific names or prefixes being used.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 2050d7c46..4f8e4e9ec 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -259,7 +259,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 	      by <command>lxc</command>, but if you wish to handle
 	      this name yourself, you can tell <command>lxc</command>
 	      to set a specific name with
-	      the <option>lxc.network.veth.pair</option> option.
+	      the <option>lxc.network.veth.pair</option> option (except for
+	      unprivileged containers where this option is ignored for security
+	      reasons).
 	    </para>
 
 	    <para>