On Thu, Feb 11, 2021 at 11:54:05AM -0600, Serge E. Hallyn wrote:
> On Wed, Feb 10, 2021 at 10:49:55PM +0100, Peter Carlsson wrote:
> > On Wed, Feb 10, 2021 at 07:08:09AM -0600, Serge E. Hallyn wrote:
> >
> > Hello again!
> >
> > Thanks for your help.
> >
> > I decided to start fresh and create the container as unprivileged. I
> > therefor deleted the old thread.
> >
> > Here is basically what I did:
> >
> > As root:
> >
> > usermod -v 100000-200000 -w 100000-200000 peter
> > cat /etc/subuid
> > peter:100000:100001
> > cat /etc/subgid
> > peter:100000:100001
> >
> > nano /etc/sysctl.conf
> > # Added by Peter Carlsson 2021-02-10 for lxc
> > kernel.unprivileged_userns_clone=1
> >
> > nano /etc/default/lxc-net
> > #USE_LXC_BRIDGE="true"
> >
> > nano /etc/lxc/default.conf
> > lxc.net.0.type = veth
> > lxc.net.0.link = lxcbr0
> > lxc.net.0.flags = up
> >
> > lxc.apparmor.profile = generated
> > lxc.apparmor.allow_nesting = 1
> >
> > As user peter:
> >
> > mkdir /home/peter/.config/lxc
> > nano /home/peter/.config/lxc/default.conf
> > lxc.net.0.type = veth
> > lxc.net.0.link = lxcbr0
> > lxc.net.0.flags = up
> >
> > lxc.apparmor.profile = generated
> > lxc.apparmor.allow_nesting = 1
> >
> > lxc.idmap = u 0 100000 100001
> > lxc.idmap = g 0 100000 100001
>
> This all looks good.
>
> > Don't know if this was necessary but I ran this after reading a link found
> > on Google
> >
> > lxc-usernsexec
>
> Sorry I'm not following here. lxc-usernsexec without any arguments
> will put you in a shell in a user namespace. I assume you exited that
> before going on with lxc-create, right?
Never mind. To try to solve my problems I googled and tried out
different advices but this was something I don't think I did anything
successful with.
> > lxc-create -t download -n VisualStudioCode -- -d debian -r buster -a amd64
> >
> > lxc-start -n VisualStudioCode -F
> >
> > lxc-start: VisualStudioCode: network.c: lxc_create_network_unpriv_exec:
> > 2178 lxc-user-nic failed to configure requested network: No such file or
> > directory - Failed to open "/etc/lxc/lxc-usernet"
> > cmd/lxc_user_nic.c: 1296: main: Quota reached
> > lxc-start: VisualStudioCode: start.c: lxc_spawn: 1777 Failed to create
> > the configured network
> > lxc-start: VisualStudioCode: start.c: __lxc_start: 1951 Failed to spawn
> > container "VisualStudioCode"
> > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 330 The container
> > failed to start
> > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 336 Additional
> > information can be obtained by setting the --logfile and --logpriority
> > options
> >
> > What should I put in /etc/lxc/lxc-usernet?
>
> cat << EOF | sudo tee /etc/lxc/lxc-usernet
> # USERNAME TYPE BRIDGE COUNT
> peter veth lxcbr0 10
>
> > Do you see something else I have missed or should have done differently?
>
> Not offhand. But do make sure that lxc-net is running, i.e. make sure
> that 'brctl show' shows lxcbr0
>
> > Note that I had the network working for the container created by root.
Now I have also done these things and had some progress:
systemctl enable lxc-net
systemctl start lxc-net
nano /etc/lxc/lxc-usernet
# USERNAME TYPE BRIDGE COUNT
peter veth lxcbr0 10
chmod 755 /home/peter/.local/share/
chmod 755 /home/peter/.local/share/lxc/
lxc-start -n VisualStudioCode -F
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied
[!!!!!!] Failed to mount API filesystems.
Exiting PID 1...
For me it is not obvious what my next step should be. Any help would be
appreciated.
Best regards,
Peter Carlsson
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
