Bug#934155: lxc: unprivileged lxc container with veth does not start since update to 1:3.1.0+really3.0.4-1 amd64

Jarek Slosarczyk Wed, 07 Aug 2019 08:18:27 -0700

Package: lxc
Version: 1:3.1.0+really3.0.4-1
Severity: important

Dear Maintainer,


since update to 1:3.1.0+really3.0.4-1 i cannot use my unprivileged lxc 
containers with network over veth.
containers refuse to start with interfaces like 'lxc.net.0.type = veth'.

removing 'lxc.net.0.type = veth' from the config file makes the container 
"usable" again.

downgrade of lxc (liblxc1, libpam-cgfs) to previous version 
1:3.1.0+really3.0.3-8 resolves this issue - i can start _with_ veth and have 
access to network.

this is how the network part of my config file looks like:

#
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.name = eth0
lxc.net.0.hwaddr = 00:16:3e:aa:bb:cc
#
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.link = br1
lxc.net.1.name = eth1
lxc.net.1.hwaddr = 00:16:3e:dd:ee:ff



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.73
ii  libc6                  2.28-10
ii  libcap2                1:2.25-2
ii  libgcc1                1:9.1.0-10
ii  liblxc1                1:3.1.0+really3.0.4-1
ii  libseccomp2            2.4.1-2
ii  libselinux1            2.9-2
ii  lsb-base               10.2019051400

Versions of packages lxc recommends:
ii  apparmor                     2.13.3-4
ii  bridge-utils                 1.6-2
ii  debootstrap                  1.0.115
ii  dirmngr                      2.2.17-3
ii  dnsmasq-base [dnsmasq-base]  2.80-1
ii  gnupg                        2.2.17-3
ii  iproute2                     5.2.0-1
ii  iptables                     1.8.3-2
ii  libpam-cgfs                  1:3.1.0+really3.0.4-1
ii  lxc-templates                3.0.3-1+b1
ii  lxcfs                        3.0.4-1
ii  nftables                     0.9.1-2+b1
ii  openssl                      1.1.1c-1
ii  rsync                        3.1.3-6+b1
ii  uidmap                       1:4.7-2

Versions of packages lxc suggests:
ii  btrfs-progs  5.2.1-1
ii  lvm2         2.03.02-3
ii  python3-lxc  1:3.0.3-1+b1

-- Configuration Files:
/etc/apparmor.d/usr.bin.lxc-start changed:
/usr/bin/lxc-start flags=(attach_disconnected, audit) {
  #include <abstractions/lxc/start-container>
}

/etc/default/lxc changed:
LXC_AUTO="false"
BOOTGROUPS="onboot,"
SHUTDOWNDELAY=5
OPTIONS=
STOPOPTS="-a -A -s"
USE_LXC_BRIDGE="false"  # overridden in lxc-net
[ ! -f /etc/default/lxc-net ] || . /etc/default/lxc-net

/etc/lxc/default.conf changed:
lxc.net.0.type = empty
lxc.net.1.type = empty

/etc/sysctl.d/30-lxc-inotify.conf [Errno 2] No such file or directory: 
'/etc/sysctl.d/30-lxc-inotify.conf'

-- debconf information:
  lxc/auto_update_config:

Bug#934155: lxc: unprivileged lxc container with veth does not start since update to 1:3.1.0+really3.0.4-1 amd64

Reply via email to