|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [MirageOS-devel] Travis and tuntap (was: Re: OPW intern checking in!)
On 11 Jun 2014, at 11:29, David Sheets <sheets@xxxxxxxxxxxx> wrote: > > Last I saw, Travis uses OpenVZ which was an LXC/namespaces/cgroups > precursor provided by a (very) large kernel patch. Privileged LXC > containers (started by a privileged user) do support tuntap if the > executor allows the dev node to be created with something like: > > lxc.cgroup.devices.allow = c 10:200 rwm > > See also <https://www.kernel.org/doc/Documentation/cgroups/devices.txt>. > > I'm not sure if this satisfies your use case but, on its face, it > looks possible. I raised the issue here on the Travis CI tracker: https://github.com/travis-ci/travis-ci/issues/1503 and they turned it down. It does seem reasonable to be paranoid about this, since it could expose their internal network topology more than intended if the containers can send raw network traffic out (although, hopefully their scheme also bans raw sockets). -anil _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |