Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net_cls interfering with lxd #3651

Closed
Miosame opened this issue Jun 12, 2022 · 10 comments
Closed

net_cls interfering with lxd #3651

Miosame opened this issue Jun 12, 2022 · 10 comments
Assignees
@pinkisemils

Comments

@Miosame
Copy link

Miosame commented Jun 12, 2022

Issue report

Operating system: Arch Linux (5.18.3-zen1-1-zen)

App version: 2022.2-beta2

Issue description

mullvad automatically mounts what I assume is a v1 cgroup for net_cls, causing lxd to not be able to start containers as it now thinks it's an unsupported/broken cgroup host, unmounting net_cls makes mullvad-exclude (obviously) not work with No net_cls controller

reading #1893 supposedly there's some device setting you can do, to mount net_cls elsewhere? but I could not find such setting anywhere in the beta app, what's the solution to avoid having it break lxd?
@pinkisemils pinkisemils mentioned this issue Jun 14, 2022
Merged
@faern
Copy link
Member

faern commented Jun 14, 2022

Pleas see #3660. We have added more documentation on this now.

@faern faern closed this as completed Jun 14, 2022
@Miosame
Copy link
Author

Miosame commented Jun 15, 2022

@faern thanks! though would you be able to hint at where I should mount it to, so it doesn't interfere with v2?

@pinkisemils
Copy link
Collaborator

Technically any directory will work - any reasonable consumer of the old controller should be able to find it anywhere. If you believe our daemon will be the only user of the old controller, it'd be reasonable to mount it in /sys/fs/net-cls-v1, but Fedora mounts the V1 controller under the V2 cgroup - /sys/fs/cgroup/net_cls, and debian does the same.

@Miosame
Copy link
Author

Miosame commented Jun 16, 2022

@pinkisemils does that mean that net_cls is v1 only? so wherever I will mount it to, it'll taint v2 groups and make it mixed again?

@pinkisemils
Copy link
Collaborator

Yes.

@Miosame
Copy link
Author

Miosame commented Jun 16, 2022

I guess you can't use LXD/LXC together with mullvad-exclude then, that's unfortunate, is there any workarounds for this to still be able to keep using both?

@pinkisemils
Copy link
Collaborator

I've gotten it working by just mounting the net_cls crgoup literally anywhere else but /sys/fs/cgroup/net_cls. /tmp/whatever works, but you may want to mount it somewhere else with a saner name. I can confirm that mounting the old cgroup controller into cgroupv2 will fail. On a fresh install of Arch, LXD containers do work just fine as long as the mount directory of the V1 cgroup net_cls controller is put somewhere else.

@Miosame
Copy link
Author

Miosame commented Jun 16, 2022

oh wow I wasn't aware it can literally be mounted anywhere, will try that shortly, thanks!

@Miosame
Copy link
Author

Miosame commented Jun 16, 2022

that worked, thanks so much!

@derrickmehaffy derrickmehaffy mentioned this issue Dec 17, 2022
Closed
@paride
Copy link

paride commented Jan 16, 2023

Given that AIUI the mountpoint is arbitrary, can't the default be changed so that it doesn't interfere with LXD?

@ryanthomas-org ryanthomas-org mentioned this issue Jun 14, 2023
Open
@tomponline tomponline mentioned this issue Sep 24, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pinkisemils pinkisemils

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@faern @paride @pinkisemils @Miosame