Open luckyyyyy opened 3 years ago
lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir 已经不适用现在的了 引用:https://northes.io/posts/pve/lxc-netowrk/
lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir 已经不适用现在的了 引用:https://northes.io/posts/pve/lxc-netowrk/
从pve7开始 需要写为cgroup2而不是cgroup
https://www.kernel.org/doc/Documentation/networking/tuntap.txt
TUN/TAP provides packet reception and transmission for user space programs. It can be seen as a simple Point-to-Point or Ethernet device, which, instead of receiving packets from physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program.
部分 VPN 软件例如 OpenConnect 和 OpenVPN 需要用到 /dev/net/tun 有些还需要用到 tap,如果在 LXC 中默认是没有这部分设备的,非特权容器需要设置才可以。
cgroup 怎么写? 如果不懂是什么先看 https://linuxcontainers.org/lxc/manpages//man1/lxc-cgroup.1.html 由于这里不介绍 LXC,不展开。
cgroup 怎么写其实很简单,注意看下面, c 10 200
root@pve /dev/net$ ls -l /dev crw-rw-rw- 1 root root 10, 200 Sep 21 14:17 tun crw-rw-rw- 1 root root 10, 200 Sep 21 14:17 tun