Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#75257 - [lxc] mount entry for /dev/net prevents unprivileged container to start (version 5.0.0)

Attached to Project: Community Packages
Opened by Robert de Jager (blob) - Wednesday, 06 July 2022, 12:22 GMT
Last edited by Morten Linderud (Foxboron) - Tuesday, 23 August 2022, 17:50 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
Morten Linderud (Foxboron)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Starting from version 5.0.0, lxc containers fail to start with an "operation not permitted" error when the following conditions apply:
- the container is unprivileged
- the config file contains the line "lxc.mount.entry = /dev/net dev/net none bind,create=dir" (see

Additional info:
* lxc 1:5.0.0-4

Steps to reproduce:
- Create an unprivileged archlinux container
- Add the folowing lines to the container config file:

## for openvpn
lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.cgroup.devices.allow = c 10:200 rwm # lxc.cgroup2.devices.allow results into a different error inside the container, and failure to set up /dev/net

- Start the container

- Downgrade to lxc 1:4.0.12-1
This task depends upon

Closed by  Morten Linderud (Foxboron)
Tuesday, 23 August 2022, 17:50 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed with 5.0.1-1
Comment by Robert de Jager (blob) - Sunday, 17 July 2022, 19:56 GMT