[Users] Re: Traffic shaping *inside* OpenVZ containers

Benny Amorsen benny+usenet at amorsen.dk
Wed Sep 15 08:22:40 EDT 2010



Razvan Deaconescu <razvan-Z8229FDUryEdnm+yROfE0A at public.gmane.org>
writes:

> I've added all sch_* modules on the hardware node. I've restarted the
> OpenVZ container and tried running tc. It still doesn't work. Should
> only the sch_* modules be inserted?

I'm not sure what you mean by "only the sch_* modules".

We use tc extensively with the RedHat/CentOS-based OpenVZ kernels... 

Ah, I think I know what the problem is. You need to give the guest
additional privileges. Notice that this is dangerous if you have
untrusted guests!

We use: CAPABILITY="NET_ADMIN:on NET_RAW:on SYS_ADMIN:on"


/Benny



More information about the Users mailing list