Comment 0 for bug 1584953

Philipp Gassmann (phiphi.g) wrote :

Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4 for xenial and if possible to lts kernel for 14.04

Change upstream:
netfilter: Set /proc/net entries owner to root in namespace

This is the Kernel-side part of the fix for "iptables-save does not work inside lxd containers"

The necessary changes in lxc landed in lxc/lxd and is available in version 2.0.1, currently in xenial-proposed.

It would be great if this would be backported asap. As it allows to manage the firewall within lxd instances using Puppet and probably other configuration management systems. And to use iptables-save manually