doc: Mention that veth.pair is ignored for unpriv

veth.pair is ignore for unprivileged containers as allowing an unprivileged user to set a specific device name would allow them to trigger actions in tools like NetworkManager or other uevent based handlers that may react based on specific names or prefixes being used. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

doc: Mention that veth.pair is ignored for unpriv
8982c0fd · Stéphane Graber · 7edae51e · 8982c0fd
Unverified Commit 8982c0fd authored Jul 15, 2014 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

lxc.container.conf.sgml.in doc/lxc.container.conf.sgml.in +3 -1

No files found.
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -259,7 +259,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 	      by <command>lxc</command>, but if you wish to handle
 	      this name yourself, you can tell <command>lxc</command>
 	      to set a specific name with
-	      the <option>lxc.network.veth.pair</option> option.
+	      the <option>lxc.network.veth.pair</option> option (except for
+	      unprivileged containers where this option is ignored for security
+	      reasons).
 	    </para>

 	    <para>