594
edits
Changes
tun device is required for Docker-ready containers
* Allow all iptables modules to be used in containers:
vzctl set $veid --netfilter full --save
* Enable tun device access for container:
vzctl set $veid --devnodes net/tun:rw --save
* Configure custom cgroups in systemd:
: <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small>
