Hello,
> If there are userspace processes involved, you might want
> to try to simply give all capabilities to a guest just to
> verify, in which case there will be no restrictions compared
> to the host.
Is it possible to change an entry in /proc inside a vserver? Or even
better, set it only once at vserver start? Probably the problem is that,
because of my kernel and nftables versions, I have to enable automatic
connection tracking helpers by 'echo 1 >
/proc/sys/net/nethelper/nf_conntrack_helper' and the vservers do not
have the same value in that file as the real host.
Regards
Christoph
Received on Fri Apr 20 13:01:37 2018