[Users] Unable to set NET_ADMIN capability in a container
Tren Blackburn
iam at theendoftime.net
Tue Nov 22 16:10:34 PST 2016
Hello! I am attempting to use ipvsadm inside a centos 7 container. The
documentation for OpenVZ 7 states that you can add capabilities via
the “vzctl set” command - webpage:
https://docs.openvz.org/openvz_users_guide.webhelp/_available_capabilities_for_containers.html
Neither vzctl nor prlctl have options for setting capabilities
anymore. I attempted to add it by hand to the container config via
CAPABILITY=“net_admin:on” - however it doesn’t seem to work. When I
attempt to run ipvsadm in the container, I get the following error:
[0] root at director1.office:~# ipvsadm -L
modprobe: ERROR: could not insert 'ip_vs': Operation not permitted
Can't initialize ipvs: No space left on device
I’ve asked the IRC channel, and was recommended to ask on list. Does
OpenVZ 7 support container capabilities anymore? Any help would be
appreciated.
Please let me know if you need more information.
Regards,
Tren Blackburn
More information about the Users
mailing list