[Users] Unable to remove venet0 interface from a container
Scott Dowdle
dowdle at montanalinux.org
Tue Jan 15 13:36:43 EST 2013
Dan Bassett,
----- Original Message -----
> I have been investigating using OpenVZ in our environment to provide
> virtual machines to students for learning systems administration. In
> order to provide a realistic environment, I'd like to be able to
> remove the venet0 interface and only have loopback, eth0 and eth1 interfaces
> in the container.
The venet network device is the DEFAULT network device. The alternative is a veth device. To see what the difference is, view this wiki page:
http://wiki.openvz.org/Differences_between_venet_and_veth
Assuming you've read that now, you'll see that venet is configurable from the host node by root and not really made to be configurable by the container user. veth is designed so that container users have more control over the device and change configure it... which could lead to them doing things like assigning it an address that conflicts with another container/machine. Users can also put the veth device into promiscuous mode and potentially sniff traffic for other containers and the host node.
In any event, my little paragraph above is a poor substitute for the wiki page so be sure and read that.
So, if you want a container to look like a physical machine and have the same device names and be configurable... that just ain't going to happen. Next question? :)
TYL,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
More information about the Users
mailing list