In vz7 mounting overlayfs in nested userns was prohibited and
we used FS_VIRTUALIZED | FS_VE_MOUNT fs_flags to allow mounting it
inside top Container userns.
In vz9 kernel mounting overlayfs in nested userns is enabled already:
ms commit 459c7c565ac3 ("ovl: unprivieged mounts")
So now we should
Dear friends,
Recently one of OpenVZ users reported that they have issues with network
availability of some containers. It was discovered that the reason is absence
of ARP replies from the Host Node on the requests about container IPs.
Of course, we started from tcpdump analysis and noticed that
