Discussion:
Bug#934155: lxc: unprivileged lxc container with veth does not start since update to 1:3.1.0+really3.0.4-1 amd64
Add Reply
Jarek Slosarczyk
2019-08-07 15:20:02 UTC
Reply
Permalink
Package: lxc
Version: 1:3.1.0+really3.0.4-1
Severity: important

Dear Maintainer,

since update to 1:3.1.0+really3.0.4-1 i cannot use my unprivileged lxc containers with network over veth.
containers refuse to start with interfaces like 'lxc.net.0.type = veth'.

removing 'lxc.net.0.type = veth' from the config file makes the container "usable" again.

downgrade of lxc (liblxc1, libpam-cgfs) to previous version 1:3.1.0+really3.0.3-8 resolves this issue - i can start _with_ veth and have access to network.

this is how the network part of my config file looks like:

#
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.name = eth0
lxc.net.0.hwaddr = 00:16:3e:aa:bb:cc
#
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.link = br1
lxc.net.1.name = eth1
lxc.net.1.hwaddr = 00:16:3e:dd:ee:ff



-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii debconf [debconf-2.0] 1.5.73
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libgcc1 1:9.1.0-10
ii liblxc1 1:3.1.0+really3.0.4-1
ii libseccomp2 2.4.1-2
ii libselinux1 2.9-2
ii lsb-base 10.2019051400

Versions of packages lxc recommends:
ii apparmor 2.13.3-4
ii bridge-utils 1.6-2
ii debootstrap 1.0.115
ii dirmngr 2.2.17-3
ii dnsmasq-base [dnsmasq-base] 2.80-1
ii gnupg 2.2.17-3
ii iproute2 5.2.0-1
ii iptables 1.8.3-2
ii libpam-cgfs 1:3.1.0+really3.0.4-1
ii lxc-templates 3.0.3-1+b1
ii lxcfs 3.0.4-1
ii nftables 0.9.1-2+b1
ii openssl 1.1.1c-1
ii rsync 3.1.3-6+b1
ii uidmap 1:4.7-2

Versions of packages lxc suggests:
ii btrfs-progs 5.2.1-1
ii lvm2 2.03.02-3
ii python3-lxc 1:3.0.3-1+b1

-- Configuration Files:
/etc/apparmor.d/usr.bin.lxc-start changed:
/usr/bin/lxc-start flags=(attach_disconnected, audit) {
#include <abstractions/lxc/start-container>
}

/etc/default/lxc changed:
LXC_AUTO="false"
BOOTGROUPS="onboot,"
SHUTDOWNDELAY=5
OPTIONS=
STOPOPTS="-a -A -s"
USE_LXC_BRIDGE="false" # overridden in lxc-net
[ ! -f /etc/default/lxc-net ] || . /etc/default/lxc-net

/etc/lxc/default.conf changed:
lxc.net.0.type = empty
lxc.net.1.type = empty

/etc/sysctl.d/30-lxc-inotify.conf [Errno 2] No such file or directory: '/etc/sysctl.d/30-lxc-inotify.conf'

-- debconf information:
lxc/auto_update_config:
Jarek Slosarczyk
2019-08-07 16:00:02 UTC
Reply
Permalink
attached a log file generated with :
lxc-start -F tex --logile texdebug0 --logpriority DEBUG
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
Taavi Ilves
2019-08-11 16:40:01 UTC
Reply
Permalink
I had same issue & same error like seen in texdebug0.

I downgraded to 1:3.1.0+really3.0.3-8 from testing and containers
started normally.

Loading...