Add port isolation

This commit is contained in:
Benoît S 2021-09-04 08:54:52 +00:00
parent 3276a4ab60
commit cfae1b2c4c

View file

@ -12,13 +12,15 @@ $ lxc config set <name> limits.cpu 2
$ lxc config set <name> limits.cpu.allowance 50%
$ lxc config set <name> limits.memory.swap false
$ lxc config device set <name> root limits.read 30MB
$ lxc config device set <name> root.limits.write 10MB
$ lxc config device set <name> root limits.write 10MB
$ lxc config device set <name> root limits.read 20Iops
$ lxc config device set <name> root limits.write 10Iops
$ lxc config device set <name> root size 20GB
$ lxc config device override <name> root size=20GB
$ lxc profile device set default eth0 limits.ingress 100Mbit
$ lxc profile device set default eth0 limits.egress 100Mbit
# Port isolation make the container unable to see other containers
$ lxc config device override <name> eth0 security.port_isolation=true
$ lxc
$ lxc launch images:debian/11 <name>
$ lxc config set <name> environment.LC_ALL=en_US.UTF-8
$ lxc list