New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lxc 5.0.1 does not autostart container after unpriviledged user slice has been established #4232
Comments
Hi @stgraber - Any pointers for me this time around? |
Thinking more about what I did above, simply copying
At least now I get some meaningful error:
Unfortunately in the user scope there is no So it seems like the whole issue comes down to the Again, if I log in, open a terminal, and execute Any pointers how to delay the user service startup until all prerequisites are met? There must be some documentation how to configure a LXC user service. |
Anyone please; you guys must have an answer how to auto-start an unprivileged container? |
Hi @tglaeser! Please, show the full log line for:
Have you tried to start the container "manually" just by invoking |
Sorry, I didn't notice that the logging was cut off; here are the full
Running commands In this case the following network interface gets created successfully.
Compared to this, the failed interface name |
I can guess that the problem comes from:
Then in the kernel:
The root reason is that the the bridge device doesn't exist when the container starts. |
get_mtu() returns int, but "mtu" variable has unsigned int type. It leads to logical error in error handling, which can end up with strange -EINVAL error in lxc_veth_create(), cause (mtu > 0) condition is met, but negative "mtu" value is too large when set as mtu for network device. Issue lxc#4232 Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
get_mtu() returns int, but "mtu" variable has unsigned int type. It leads to logical error in error handling, which can end up with strange -EINVAL error in lxc_veth_create(), cause (mtu > 0) condition is met, but negative "mtu" value is too large when set as mtu for network device. Issue lxc#4232 Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
get_mtu() returns int, but "mtu" variable has unsigned int type. It leads to logical error in error handling, which can end up with strange -EINVAL error in lxc_veth_create(), cause (mtu > 0) condition is met, but negative "mtu" value is too large when set as mtu for network device. Issue lxc#4232 Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Your analysis seems to be correct:
So we have timestamp But the bridge is created as user |
get_mtu() returns int, but "mtu" variable has unsigned int type. It leads to logical error in error handling, which can end up with strange -EINVAL error in lxc_veth_create(), cause (mtu > 0) condition is met, but negative "mtu" value is too large when set as mtu for network device. Issue #4232 Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
My current workaround is
which delays the startup of the container by 10 seconds; I don't really like that fixed delay approach, would rather prefer to declare |
The above mentioned workaround only works when logging in as unprivileged user
This I don't quite understand: I have not yet logged in as unprivileged user |
It's more about systemd rather than LXC. Unfortunately, I can't give you quick advice regarding this stuff with service dependencies. |
I understand that the answer to the problem described here relates to the |
Sorry for long delay, @tglaeser I have re-read this thread again. Couldn't you try to reformulate the question that you still have? As far as I understand the problem was with the race condition between bridge creation and container start. Now you have fixed that by adjusting configuration a bit. Last question is about why you are getting errors when logging-in as a root? From what I see in your logs:
uid range is not allowed for the |
I haven't tried this for some time now, instead I had configured
and would start the container manually when needed. That always worked. Now, to verify if this is still a problem, I ran
again, rebooted the host, waited some time, logged in as user
My current configuration:
|
Required information
lxc-start --version
:5.0.1
uname -a
:Linux lipari 5.15.75-gentoo #6 SMP Sun Nov 27 18:13:41 EST 2022 x86_64 12th Gen Intel(R) Core(TM) i7-1260P GenuineIntel GNU/Linux
cat /proc/self/cgroup
:0::/user.slice/user-0.slice/session-5.scope
Issue description
Invoking
form a terminal after logging in as user
admin
works just fine, so I would expect that after executingthe service auto-starts during login, however
is observed after login.
Further information
I have a working system running
lxc
4.0.12
andsystemd
251
using file.config/systemd/user/lxc@.service
:On the new system running
lxc
5.0.1
andsystemd
251
old file.config/systemd/user/lxc@.service
from above doesn't work anymore, therefore I copied the default from/lib/systemd/system/lxc@.service
to/home/admin/.config/systemd/user/lxc@.service
:With this configuration the above described behavior can be observed.
To me it seems that changes to the
systemd
configuration are needed when upgradinglxc
from version4.0.12
to5.0.1
.What am I missing; how exactly should I configure
systemd
for an unprivileged user so that the container auto-starts while logging in?The text was updated successfully, but these errors were encountered: