© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
@Clint,
Thanks. Then I see three possible workarounds:
1. The simplest way would be to have iscsid running on the host, and connect to it over tcp from the container.
2. You could also have a container without its own network namespace, and have iscsid running there.
3. You could open the netlink socket from the host network namespace, and pass that into the container.
If none of these suffices, then I'll mark this as affecting the kernel, and it'll take a new kernel feature to make this work. However controlling host devices from a container is in general deemed suboptimal (see user namespaces which may not access many devices at all). To solve the netlink part of the issue we would have to come up with a way to choose which containers may access the netlink socket.
It would still be useful for future consideration of this bug if you could attach an strace of the netlink failure to this bug.