[Users] Give kernel modules access to VE
Galia Lisovskaya
inbox at shaggy-cat.ru
Wed Jun 30 10:35:35 EDT 2010
2010/6/30 Alfred Sawaya <wildhuji.lists at gmail.com>:
> Le 25/06/2010 20:29, Galia Lisovskaya a écrit :
>>
>> To some devices(in devfs) you may take access, see examples:
>>
>> http://wiki.openvz.org/USB_Printing_in_VE
>> http://wiki.openvz.org/Installing_Trixbox_2.0_in_CentOS_VE
>> http://wiki.openvz.org/VPN_via_the_TUN/TAP_device
>>
>>
>
> Well, I see on Wikipedia that OpenVZ doesn't support IPSec and L2TP into a
> VE, and it was just what I wanted to do by inserting kernel module into a
> VE...
Wy you want use VPN inside _container_ (not VirtualMachine)? You may
use IPsec on hardware node...
We use IPsec beetween HW nodes in VE0
But, we use OpenVPN server (it's user-mode part) inside container,
and, please see this:
http://wiki.openvz.org/Download/vzctl/3.0.24
> Why there is such a limitation ? If a VE can access the kernel, why it can't
> access a module ? (as the module IS inserting from de host !)
Becouse OpenVZ has virtualizated network stack inside containers. But,
in OpenVPN container, you may add permishions "net_admin" to this
container
--
Galina Lisovskaya
More information about the Users
mailing list