Comment 32 for bug 1654676

One bug we should resolve after this is released is that "lxc-user-nic" doesn't clean after itself on failure. It really ought to destroy any interface it created if it fails.

This means that even with this security fix, a trusted user will be able to create host veth device pairs but those devices will not be brought UP and the user will not be able to choose their name. The number of devices created will also be tracked and the quota enforced, so this can't be used for DoS.