How can i disable ip addr flush dev eth0 inside containers


how can i disable ip addr flush dev eth0 inside containers? This end in error state of the container and the only way to fix it is to restart the host.

Hmm, what exactly happens when this is run?

This is most likely triggered by the container itself so may depend on the image you’re running, but I still find it confusing that it would somehow affect the host.


the container will be unreachable (that is correct because the ip config is deleted). lxc ls show state ERROR and lxc stop ; lxc start does not work. The error itself looks like a kernel problem. My question is if it is possible with some security rules to prevent this. (It takes a little bit until we can upgrade our kernel).

Not really, the APIs used for that aren’t think that can easily be filtered just for one particular command on one particular interface.

ok thank you for your help. I have checked also the kernel capabilities. But i have nothing found that helps me.