[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvz-users
Subject:    [Users] Unable to remove venet0 interface from a container
From:       dowdle () montanalinux ! org (Scott Dowdle)
Date:       2013-01-15 18:36:43
Message-ID: 8ef0667c-16c0-4cf2-93d6-1bd0a696812c () mail ! montanalinux ! org
[Download RAW message or body]

Dan Bassett,

----- Original Message -----
> I have been investigating using OpenVZ in our environment to provide
> virtual machines to students for learning systems administration.  In
> order to provide a realistic environment, I'd like to be able to
> remove the venet0 interface and only have loopback, eth0 and eth1 interfaces
> in the container.

The venet network device is the DEFAULT network device.  The alternative is a veth \
device.  To see what the difference is, view this wiki page:

http://wiki.openvz.org/Differences_between_venet_and_veth

Assuming you've read that now, you'll see that venet is configurable from the host \
node by root and not really made to be configurable by the container user.  veth is \
designed so that container users have more control over the device and change \
configure it... which could lead to them doing things like assigning it an address \
that conflicts with another container/machine.  Users can also put the veth device \
into promiscuous mode and potentially sniff traffic for other containers and the host \
node.

In any event, my little paragraph above is a poor substitute for the wiki page so be \
sure and read that.

So, if you want a container to look like a physical machine and have the same device \
names and be configurable... that just ain't going to happen.  Next question? :)

TYL,
-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]


[prev in list] [next in list] [prev in thread] [next in thread]