FS#75257 - [lxc] mount entry for /dev/net prevents unprivileged container to start (version 5.0.0)
Attached to Project:
Community Packages
Opened by Robert de Jager (blob) - Wednesday, 06 July 2022, 12:22 GMT
Last edited by Morten Linderud (Foxboron) - Tuesday, 23 August 2022, 17:50 GMT
Opened by Robert de Jager (blob) - Wednesday, 06 July 2022, 12:22 GMT
Last edited by Morten Linderud (Foxboron) - Tuesday, 23 August 2022, 17:50 GMT
|
Details
Description:
Starting from version 5.0.0, lxc containers fail to start with an "operation not permitted" error when the following conditions apply: - the container is unprivileged - the config file contains the line "lxc.mount.entry = /dev/net dev/net none bind,create=dir" (see https://wiki.archlinux.org/title/OpenVPN_client_in_Linux_Containers) Additional info: * lxc 1:5.0.0-4 Steps to reproduce: - Create an unprivileged archlinux container - Add the folowing lines to the container config file: ## for openvpn lxc.mount.entry = /dev/net dev/net none bind,create=dir lxc.cgroup.devices.allow = c 10:200 rwm # lxc.cgroup2.devices.allow results into a different error inside the container, and failure to set up /dev/net - Start the container Workaround: - Downgrade to lxc 1:4.0.12-1 |
This task depends upon
Closed by Morten Linderud (Foxboron)
Tuesday, 23 August 2022, 17:50 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 5.0.1-1
Tuesday, 23 August 2022, 17:50 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 5.0.1-1
https://github.com/lxc/lxc/issues/4160
https://github.com/lxc/lxc/issues/4162