LXC als priviligierte Version läuft bei mit schon länger einwandfrei.
Nun habe ich mich wieder an die unpriviligierte Version gemacht und bekomme den Testcontainer
einfach nicht mit Netzwerk zum laufen. Was habe ich gemacht:
Installation mit
Code: Alles auswählen
apt-get update
apt-get dist-upgrade
apt-get install lxc systemd uidmap
Code: Alles auswählen
usermod --add-subuids 100000-165536 $USER
usermod --add-subgids 100000-165536 $USER
chmod +x $HOME
Code: Alles auswählen
~/.config/lxc/default.conf
Code: Alles auswählen
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: -d debian -r bullseye -a amd64
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64
# Container specific configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0..hwaddr = 00:16:3e:55:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.rootfs.path = dir:/home/xxxxx/.local/share/lxc/p1/rootfs
lxc.uts.name = p1
#Netzwerkkonfiguration lokal und internet
lxc.net.0.type = macvlan
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.macvlan.mode = bridge
lxc.net.0.name = eth1
lxc.net.0.mtu = 1500
lxc.net.0.hwaddr = 00:16:3e:55:xx:xx
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
Code: Alles auswählen
/etc/lxc/lxc-usernet Row 1 Col 1
$USER macvlan br0 10
Die Installation eines Containers geht:
Code: Alles auswählen
lxc-create -t download -n p1 -d debian -r bullseye -a amd64
Die Mac-Adresse ist dann natürlich eine gültige!
Der Start schlägt fehl, egal ob mit veth, oder macvlan.
Code: Alles auswählen
xc-unpriv-start -n p1
Running scope as unit: run-rb712340243d148489d6a7be67b005555.scope
lxc-start: p1: lxccontainer.c: wait_on_daemonized_start: 859 Received container state "ABORTING" instead of "RUNNING"
lxc-start: p1: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: p1: tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: p1: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
Code: Alles auswählen
lxc-unpriv-attach -n p1
Running scope as unit: run-r260f8d8f213f44f88078516dec7c12fd.scope
root@p1:/# ls
bin dev home lib32 libx32 mnt proc run srv tmp var
boot etc lib lib64 media opt root sbin sys usr
root@p1:/# exit
exit