nixpkgs/nixos
Eelco Dolstra 895bcdd1cb Add support for running a container with a private network interface
For example, the following sets up a container named ‘foo’.  The
container will have a single network interface eth0, with IP address
10.231.136.2.  The host will have an interface c-foo with IP address
10.231.136.1.

  systemd.containers.foo =
    { privateNetwork = true;
      hostAddress = "10.231.136.1";
      localAddress = "10.231.136.2";
      config =
        { services.openssh.enable = true; };
    };

With ‘privateNetwork = true’, the container has the CAP_NET_ADMIN
capability, allowing it to do arbitrary network configuration, such as
setting up firewall rules.  This is secure because it cannot touch the
interfaces of the host.

The helper program ‘run-in-netns’ is needed at the moment because ‘ip
netns exec’ doesn't quite do the right thing (it remounts /sys without
bind-mounting the original /sys/fs/cgroups).
2014-03-18 10:49:25 +01:00
..
doc nixos manual: make nixos options linkable 2014-03-08 19:34:28 +01:00
gui
lib Move generation of coverage reports from nixos/lib/testing to releaseTools 2014-03-03 13:57:08 +01:00
maintainers Add all AWS regions to EBS AMI creation script. 2014-02-11 13:26:46 +01:00
modules Add support for running a container with a private network interface 2014-03-18 10:49:25 +01:00
tests remove users.jenkins config start on slave config. 2014-03-13 13:01:50 -07:00
COPYING
default.nix
README
release-combined.nix Disable efi tests again 2014-03-01 09:51:28 -05:00
release.nix Move generation of coverage reports from nixos/lib/testing to releaseTools 2014-03-03 13:57:08 +01:00

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
http://nixos.org/nixos and in the manual in doc/manual.