[Users] Cannot add VLAN devices to guest with new kernel
Kirill Korotaev
dev at sw.ru
Tue Dec 19 04:30:40 EST 2006
Benny,
> I opened bug 395 because of what I considered a regression in test007
> compared to test005. The original message:
>
> [root at router01 ~]# uname -r
> 2.6.18-ovz028test007.1-smp
> [root at router01 ~]# vzctl start 114
> Starting VE ...
> VE is mounted
> Setting CPU units: 1000
> VE start in progress...
> [root at router01 ~]# vzctl set 114 --netdev_add eth0.114 --save
> Unable to add netdev eth0.114: Operation not permitted
> Saved parameters for VE 114
>
> It works with test005.
>
> There was quite a lot of back and forth between Andrey Mirkin and me.
> So far it ended with this comment from Andrey Mirkin:
>
> "It is not secure to use VLANs from VE0 (by --netdev_add) inside VE as
> they will operate from VE0 context."
>
> It confuses me that it is possible to use --netdev_add for physical
> ethernet devices, but not for VLAN devices.
it has nothing to do with security implications.
Andrey just used incorrect reasoning.
The original problem is the following:
he virtualized VLANs and this created some implications requiring VLAN
to be in the same VE as the real physical device.
> The alternative solution is to create veth devices and bridge them to
> the VLAN devices in VE0. This is not very attractive, because there
> will be hundreds of them in my setup.
> Good ideas and explanations welcome...
Benny, I will push guys to prepare patch today.
Thanks for your patience and efforts!
Thanks,
Kirill
More information about the Users
mailing list