Devuan bug report logs -
#502
LXC unprivileged containers
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#502; Package lxc.
(Mon, 03 Aug 2020 01:18:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Saman Behnam <sbehnam73@googlemail.com>:
New bug report received and forwarded. Copy sent to devuan-dev@lists.dyne.org.
(Mon, 03 Aug 2020 01:18:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: lxc
Version: 1:3.1.0+really3.0.3-8
System: Devuan Beowulf
After a clean install of lxc package containers do not work unless i have
to do the following.
add to sysctl.conf
##################
# LXC Devuan unpriviliged
# containers
kernel.unprivileged_userns_clone = 1
# LXC kernel setting (optional)
# Makes dmesg work for
# non root users.
kernel.dmesg_restrict = 0
create and configure
####################
/etc/lxc/lxc-usernet
/etc/default/lxc-net
I suggest adding a file with above settings that goes to
"/etc/sysctl.d"
And make
"sysctl.conf"
include
"/etc/sysctl.d"
Also add files:
/etc/lxc/lxc-usernet
/etc/default/lxc-net
~ $ cat /etc/lxc/lxc-usernet
# USERNAME TYPE BRIDGE COUNT
# examplecontainer1 veth lxcbr0 1
# examplecontainer2 veth lxcbr0 2
~ $ cat /etc/default/lxc-net
# This file is auto-generated by lxc.postinst if it does not
# exist. Customizations will not be overridden.
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers. Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="false"
# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
# domain. You can then add "server=/lxc/10.0.3.1' (or your actual
$LXC_ADDR)
# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use
NetworkManager).
# Once these changes are made, restart the lxc-net and network-manager
services.
# 'container1.lxc' will then resolve on your host.
#LXC_DOMAIN="lxc"
Thank you for a great and clean distribution!
Saman
[Message part 2 (text/html, inline)]
Information forwarded
to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#502; Package lxc.
(Mon, 03 Aug 2020 12:03:02 GMT) (full text, mbox, link).
Message #8 received at 502@bugs.devuan.org (full text, mbox, reply):
Control: tags -1 debian moreinfo
On Sun, Aug 02, 2020 at 07:04:11PM -0600, Saman Behnam wrote:
> Package: lxc
> Version: 1:3.1.0+really3.0.3-8
> System: Devuan Beowulf
> After a clean install of lxc package containers do not work unless i
> have to do the following.
Saman,
Thanks for this.
lxc is not a forked package and Devuan uses Debian's packages directly without
recompilation. I (nor any of the Devuan Devs AFAIK) are active users of lxc. Do
you expect this to work out of the box or is this just necessary configuration?
If you really think there is a bug here to be addressed, please report it
directly to Debian's BTS.
Thanks.
Mark
Added tag(s) debian and moreinfo.
Request was from Mark Hindley <mark@hindley.org.uk>
to 502-submit@bugs.devuan.org.
(Mon, 03 Aug 2020 12:03:09 GMT) (full text, mbox, link).
Information forwarded
to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#502; Package lxc.
(Tue, 04 Aug 2020 08:48:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mark Hindley <mark@hindley.org.uk>:
Extra info received and forwarded to list. Copy sent to devuan-dev@lists.dyne.org.
(Tue, 04 Aug 2020 08:48:09 GMT) (full text, mbox, link).
Message #15 received at 502@bugs.devuan.org (full text, mbox, reply):
On Mon, Aug 03, 2020 at 02:49:24PM -0700, Saman Behnam wrote:
> Hi Mark,
> It's not a LXC bug. Else i would have filed it to the LXC devs.
> But it's very hard to get unprivileged running without those missing
> setup defaults.
>
> Stephan Graber (a main lxc dev) had hard times debugging and figuring
> out the problem.
> It would be a very nice default for the Devuan lxc package.
> I had LXC running on Ubuntu 18 and moved to Devuan.
> Obviously there seems to be differences between Ubuntu and Debian
> packaging.
Thanks for your analysis.
[…]
> Those settings were out of the box in Ubuntu.
> What you see above is my suggestion for Devuan.
> I recursively grepped /etc for those settings on Ubuntu and found
> nothing.
> Not sure if its just the kernel defaults in Ubuntu!
> The whole thing is more of a technical packaging issue than a bug.
> Since I've seen that behavior on a Devuan system I felt the Devuan
> package maintainer would be the right one to address.
OK, I understand that.
Devuan doesn't maintain separate lxc packages. We use the Debian packages
directly without recompilation. So the Debian package maintainer is the person
to ask to incorporate your suggested default config.
Does that make sense?
Thanks.
Mark
Send a report that this bug log contains spam.