Can application in LXC listen to the netlink message from the host kernel?

kaka1902 · March 27, 2018, 4:51am

Hi,
I have one requirement to have the application running in the LXC to get the event for host kernel to get the notification for some events, such as key pressed.
Currently the host kernel driver is publishing the event via the netlink interface, I’m wondering if the application in the LXC also can use the netlink to receive such notification?
Please someone help on this for I’m pretty new to LXC.

Thanks.

stgraber · March 27, 2018, 1:58pm

Normally, no, netlink events are namespaced by the network namespace.
@brauner has done some work that would allow you to directly send events to the container’s namespace, but that’d require a kernel change (which hasn’t been merged yet) as well as extra userspac code to send such an event.

A probably easier alternative for you would be to bind-mount /proc/1/ns/net from the host into the container, you could then have your software in the container use setns against that file descriptor to attach to the host’s network namespace, allowing it to see all hosts uevents.

The obvious downside to this is that the container would then be able to do anything it wants against the host’s network namespace too, so depending on your security concerns, that may be a problem.

kaka1902 · March 28, 2018, 3:28am

Thanks @stgraber.
BTW, as for the work you mentioned by @brauner, will it be partial of official linux kernel in the future?

stgraber · March 28, 2018, 3:36am

Yes, if all goes well, it should be merged in the next dev cycle, so probably in 4.17 or so.

kaka1902 · March 28, 2018, 3:38am

Great, thank you @stgraber for the help.

woojaelee · March 3, 2022, 2:22am

Hello @stgraber
when i mount --bind /proc/1/ns/net and then setns. permission denied because maybe root persmission
Could you update the way to netlink access host eth0 by container?

lrwxrwxrwx 1 root root 0 Jan 1 01:35 net → net:[4026531920]

and there are many folder like /proc/[pid]/ns/. why use 1 folder?

i use lxc 4.0.2

root@sa81x5:/etc/lxc# lxc-ls --version
4.0.2

i found LXC 3.0.3 release note as below

*** Added support for netlink strict property checking on newer kernels**
*** Added support for new netlink interface/address netns API**

above items has relation with for container listen to netlink msg from host?
Could you let me know how to host access by netlink?

Thank you