$ sudo vim /var/lib/lxc/xxx/config lxc.cap.drop = lxc.cgroup.devices.allow = a lxc.mount.entry = /dev/net dev/net none rbind,create=dir 0 0
P.S. xxx是Container Name