[Users] Re: Traffic shaping *inside* OpenVZ containers

[Razvan Deaconescu]

On 09/15/2010 03:17 PM, Benny Amorsen wrote:
> Razvan Deaconescu <razvan-Z8229FDUryEdnm+yROfE0A at public.gmane.org>
> writes:
> 
>> I've added all sch_* modules on the hardware node. I've restarted the
>> OpenVZ container and tried running tc. It still doesn't work. Should
>> only the sch_* modules be inserted?
> 
> I'm not sure what you mean by "only the sch_* modules".
> 
> We use tc extensively with the RedHat/CentOS-based OpenVZ kernels... 
> 
> Ah, I think I know what the problem is. You need to give the guest
> additional privileges. Notice that this is dangerous if you have
> untrusted guests!
> 
> We use: CAPABILITY="NET_ADMIN:on NET_RAW:on SYS_ADMIN:on"

Hi, Benny!

I've added the capabilities as you've mentioned, restarted the VE but it
still doesn't work. I've done an strace on the tc command and the only
difference from the similar command of the base system (hardware node)
is the presence of the /proc/net/psched file[1].

Could the absence of /proc/net/psched affect tc's behavior?

Razvan

[1]
-----
ct# strace -e open tc qdisc add dev eth0 root handle 1: htb default 90
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libresolv.so.2", O_RDONLY)   = 3
open("/lib/libm.so.6", O_RDONLY)        = 3
open("/lib/libdl.so.2", O_RDONLY)       = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/proc/net/psched", O_RDONLY)      = -1 ENOENT (No such file or
directory)
open("/usr//lib/tc/q_htb.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
RTNETLINK answers: Invalid argument
---
hw# strace -e open tc qdisc add dev eth0 root handle 1: htb default 90
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libresolv.so.2", O_RDONLY)   = 3
open("/lib/libm.so.6", O_RDONLY)        = 3
open("/lib/libdl.so.2", O_RDONLY)       = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/proc/net/psched", O_RDONLY)      = 3
open("/usr//lib/tc/q_htb.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
---