Benny, > I opened bug 395 because of what I considered a regression in test007 > compared to test005. The original message: > > [EMAIL PROTECTED] ~]# uname -r > 2.6.18-ovz028test007.1-smp > [EMAIL PROTECTED] ~]# vzctl start 114 > Starting VE ... > VE is mounted > Setting CPU units: 1000 > VE start in progress... > [EMAIL PROTECTED] ~]# vzctl set 114 --netdev_add eth0.114 --save > Unable to add netdev eth0.114: Operation not permitted > Saved parameters for VE 114 > > It works with test005. > > There was quite a lot of back and forth between Andrey Mirkin and me. > So far it ended with this comment from Andrey Mirkin: > > "It is not secure to use VLANs from VE0 (by --netdev_add) inside VE as > they will operate from VE0 context." > > It confuses me that it is possible to use --netdev_add for physical > ethernet devices, but not for VLAN devices. it has nothing to do with security implications. Andrey just used incorrect reasoning. The original problem is the following: he virtualized VLANs and this created some implications requiring VLAN to be in the same VE as the real physical device.
> The alternative solution is to create veth devices and bridge them to > the VLAN devices in VE0. This is not very attractive, because there > will be hundreds of them in my setup. > Good ideas and explanations welcome... Benny, I will push guys to prepare patch today. Thanks for your patience and efforts! Thanks, Kirill _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
