Hi Shengjing Zhu,
On 2023-02-21 11:44, Shengjing Zhu wrote:
Please read message#91
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865975#91 and then
think about it.
If you still think there's a secure patch that we can apply, I'd like to review.
Hmm, you have some very valid points and concerns there. I should have
read the whole bug before commenting... :-)
What surprises me though is that on Ubuntu, this seemingly works
correctly (presuming that LXD is running as a snap in that case), as
pointed out by a colleague. I don't know why but it would be interesting
to dig deeper into the details here. I asked my colleague to check his
sysctl settings and they look identical to mine (IPv4 forwarding not
enabled in /etc/sysctl.conf). This is from his Ubuntu 22.04 machine:
user@host:~$ grep net.ipv4.ip_forward /etc/sysctl.conf
#net.ipv4.ip_forward=1
user@host:~$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
user@host:~$ grep ip_forward /etc/sysctl.d/*
/etc/sysctl.d/99-sysctl.conf:#net.ipv4.ip_forward=1
I'm almost inclined to set up an Ubuntu VM to test this in, but I don't
really have the time (at work) right now. If anyone reading this has
more insight into this, it would be incredibly interesting.
Best regards,
Per
