containers with network='filtered' cannot talk to each other
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Arkose - Desktop Application Sandboxing |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
In bug #807315, you say that two arkose containers with network='filtered' will be able to talk to each other as the host will route between them.
I tried using the simple:
con = ArkoseContainer
con.run_
and the host could ping both containers, the containers could ping the host, but they could not ping each other. I got Destination Host Unreachable.
the routing tables were:
# container 1: 169.254.1.2/8
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 169.254.1.1 0.0.0.0 UG 0 0 0 eth0
# container 2: 169.254.1.10/8
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 169.254.1.9 0.0.0.0 UG 0 0 0 eth0
and Host:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.254.1.8 0.0.0.0 255.255.255.252 U 0 0 0 tmpGP7lkQ
169.254.1.0 0.0.0.0 255.255.255.252 U 0 0 0 tmpXBrWp7
10.10.10.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 10.10.10.10 0.0.0.0 UG 0 0 0 eth0
| Brian Parma (bj0) wrote | #1 |
| Stéphane Graber (stgraber) wrote | #2 |
| Stéphane Graber (stgraber) wrote | #3 |
| Changed in arkose: | |
| status: | New → Fix Committed |
| Changed in arkose: | |
| status: | Fix Committed → Fix Released |
i forgot to mention I tried it with the lp branch