* [ISSUE] users running unprivileged lxc container no worky no more.
@ 2022-08-15 9:06 egrain
2022-08-16 19:25 ` CameronNemo
` (15 more replies)
0 siblings, 16 replies; 17+ messages in thread
From: egrain @ 2022-08-15 9:06 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 2414 bytes --]
New issue by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682
Description:
### Is this a new report?
Yes
### System Info
5.18.17_1 #1 SMP PREEMPT_DYNAMIC Fri Aug 12 13:53:18 UTC 2022 x86_64 GNU/Linux musl.
### Package(s) Affected
lxc-5.0.1_1
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
_No response_
### Expected behaviour
It working like it did before the update. All I did was XBoxPlayStation-install -Su and init 6.
### Actual behaviour
lxc-start: alpina: ../src/lxc/network.c: lxc_create_network_unpriv_exec: 2990 lxc-user-nic failed to configure requested network: ../src/lxc/cmd/lxc_user_nic.c: 802: create_db_dir - Permission denied - Failed to create /run/lxc
../src/lxc/cmd/lxc_user_nic.c: 1125: main: Failed to create directory for db file
lxc-start: alpina: ../src/lxc/start.c: lxc_spawn: 1840 Failed to create the network
lxc-start: alpina: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "alpina"
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
and if i mkdir /run/lxc, chown lxcuser /run/lxc i get this:
lxc-start: alpina: ../src/lxc/network.c: lxc_create_network_unpriv_exec: 2990 lxc-user-nic failed to configure requested network: ../src/lxc/cmd/lxc_user_nic.c: 474: instantiate_veth - Operation not permitted - Failed to create veth1003_cv7j-veth1003_cv7jp
../src/lxc/cmd/lxc_user_nic.c: 529: create_nic: Error creating veth tunnel
../src/lxc/cmd/lxc_user_nic.c: 720: get_nic_if_avail: Failed to create new nic
../src/lxc/cmd/lxc_user_nic.c: 1206: main: Quota reached
lxc-start: alpina: ../src/lxc/start.c: lxc_spawn: 1840 Failed to create the network
lxc-start: alpina: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "alpina"
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
### Steps to reproduce
Have a working lxc user + container.
Update the system.
Reboot.
Try and start it with: lxc-start -n nameofyourcontainer -F
Thanks for reading.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
@ 2022-08-16 19:25 ` CameronNemo
2022-08-16 19:35 ` egrain
` (14 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 19:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 798 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217066107
Comment:
> ../src/lxc/cmd/lxc_user_nic.c: 720: get_nic_if_avail: Failed to create new nic
> ../src/lxc/cmd/lxc_user_nic.c: 1206: main: Quota reached
From the [lxc-user-nic manpage](https://man.voidlinux.org/lxc-user-nic):
```
lxc-user-nic is a setuid-root program with which unprivileged users may
manage network interfaces for use by a lxc container.
It will consult the configuration file /etc/lxc/lxc-usernet to
determine the number of interfaces which the calling user is allowed to
create, and which bridge they may attach them to.
```
What is the contents of that file? See also [lxc-usernet(5)](https://man.voidlinux.org/lxc-usernet).
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
2022-08-16 19:25 ` CameronNemo
@ 2022-08-16 19:35 ` egrain
2022-08-16 20:15 ` CameronNemo
` (13 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: egrain @ 2022-08-16 19:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1124 bytes --]
New comment by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217079670
Comment:
As I said I haven't changed anything. The file is the same it was before the system upgrade:
lexie veth skib 1
Also I think that doesn't touch the first issue with the /run/lxc permissions. But of course I prefer to solve things my own self, so i turned it up to 11 (50 actually) before I asked in the void channel, but still no cigar.
Also since I'm guessing you'll ask for this next:
9: skib: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 56:d4:0f:45:0e:f1 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/30 scope global skib
valid_lft forever preferred_lft forever
inet6 fe80::54d4:fff:fe45:ef1/64 scope link
valid_lft forever preferred_lft forever
but i have a script for creating it and i didn't change that either. I upgraded and rebooted the box quite a few times and it always worked. I really don't think I did anything wrong, ... otherwise I wouldn't have reported it obviously.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
2022-08-16 19:25 ` CameronNemo
2022-08-16 19:35 ` egrain
@ 2022-08-16 20:15 ` CameronNemo
2022-08-16 20:15 ` CameronNemo
` (12 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 20:15 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 216 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217114765
Comment:
Maybe this will fix it:
chmod +s /usr/libexec/lxc/lxc-user-nic
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (2 preceding siblings ...)
2022-08-16 20:15 ` CameronNemo
@ 2022-08-16 20:15 ` CameronNemo
2022-08-16 20:16 ` CameronNemo
` (11 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 20:15 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 212 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217114765
Comment:
Maybe this will fix it: `chmod +s /usr/libexec/lxc/lxc-user-nic`
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (3 preceding siblings ...)
2022-08-16 20:15 ` CameronNemo
@ 2022-08-16 20:16 ` CameronNemo
2022-08-16 20:20 ` CameronNemo
` (10 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 20:16 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 213 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217114765
Comment:
Maybe this will fix it: `chmod o+s /usr/libexec/lxc/lxc-user-nic`
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (4 preceding siblings ...)
2022-08-16 20:16 ` CameronNemo
@ 2022-08-16 20:20 ` CameronNemo
2022-08-16 20:27 ` egrain
` (9 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 20:20 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 213 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217114765
Comment:
Maybe this will fix it: `chmod u+s /usr/libexec/lxc/lxc-user-nic`
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (5 preceding siblings ...)
2022-08-16 20:20 ` CameronNemo
@ 2022-08-16 20:27 ` egrain
2022-08-16 20:32 ` CameronNemo
` (8 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: egrain @ 2022-08-16 20:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 269 bytes --]
New comment by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217125836
Comment:
That works, but that can't be right. Root created the file so I would be running it as root. I don't think that's a good idea.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (6 preceding siblings ...)
2022-08-16 20:27 ` egrain
@ 2022-08-16 20:32 ` CameronNemo
2022-08-16 20:35 ` egrain
` (7 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 20:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 270 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217129847
Comment:
@egrain that is exactly how networking works for unprivileged LXC containers. Re-read my first comment / read the manpage.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (7 preceding siblings ...)
2022-08-16 20:32 ` CameronNemo
@ 2022-08-16 20:35 ` egrain
2022-08-16 20:38 ` CameronNemo
` (6 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: egrain @ 2022-08-16 20:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 202 bytes --]
New comment by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217132653
Comment:
Why did it change the permission though? I for sure didn't.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (8 preceding siblings ...)
2022-08-16 20:35 ` egrain
@ 2022-08-16 20:38 ` CameronNemo
2022-08-16 20:39 ` egrain
` (5 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2022-08-16 20:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 383 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217135722
Comment:
Upstream migrated from autotools to meson. Autotools was setting the bit before, now meson does not set it as setuid so we have to set it manually. That is my best guess. Sorry I broke your use case, hopefully the fix gets merged soon.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (9 preceding siblings ...)
2022-08-16 20:38 ` CameronNemo
@ 2022-08-16 20:39 ` egrain
2022-08-17 0:44 ` eli-schwartz
` (4 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: egrain @ 2022-08-16 20:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 244 bytes --]
New comment by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217136864
Comment:
No need to apologize. Learned something in the process. All good. Keep up the good work and all that.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (10 preceding siblings ...)
2022-08-16 20:39 ` egrain
@ 2022-08-17 0:44 ` eli-schwartz
2022-08-17 2:56 ` eli-schwartz
` (3 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: eli-schwartz @ 2022-08-17 0:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 495 bytes --]
New comment by eli-schwartz on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217313363
Comment:
> Upstream migrated from autotools to meson. Autotools was setting the bit before, now meson does not set it as setuid so we have to set it manually. That is my best guess.
That's interesting because it's actually set in Meson's permissions:
https://github.com/lxc/lxc/blob/1df8895204244384c468a809f2da5cae2bc44c57/src/lxc/cmd/meson.build#L99
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (11 preceding siblings ...)
2022-08-17 0:44 ` eli-schwartz
@ 2022-08-17 2:56 ` eli-schwartz
2022-08-17 3:01 ` eli-schwartz
` (2 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: eli-schwartz @ 2022-08-17 2:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 194 bytes --]
New comment by eli-schwartz on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217399023
Comment:
I discovered the issue, and it's a Meson bug.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (12 preceding siblings ...)
2022-08-17 2:56 ` eli-schwartz
@ 2022-08-17 3:01 ` eli-schwartz
2022-08-17 8:29 ` egrain
2022-08-17 14:31 ` [ISSUE] [CLOSED] " paper42
15 siblings, 0 replies; 17+ messages in thread
From: eli-schwartz @ 2022-08-17 3:01 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 506 bytes --]
New comment by eli-schwartz on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217402048
Comment:
Note the issue is kind of fun, because Void installs stuff as non-root, but mapped to root via userns, so the kernel doesn't give out its "you are root, so you're exempt from setuid wiping" thing.
And Meson's own testsuite didn't catch that, because our test for the setuid functionality working, didn't include a binary with a build rpath to be deleted.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (13 preceding siblings ...)
2022-08-17 3:01 ` eli-schwartz
@ 2022-08-17 8:29 ` egrain
2022-08-17 14:31 ` [ISSUE] [CLOSED] " paper42
15 siblings, 0 replies; 17+ messages in thread
From: egrain @ 2022-08-17 8:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 189 bytes --]
New comment by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682#issuecomment-1217680118
Comment:
Well if it's a fun issue who am I to complain?
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [ISSUE] [CLOSED] users running unprivileged lxc container no worky no more.
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
` (14 preceding siblings ...)
2022-08-17 8:29 ` egrain
@ 2022-08-17 14:31 ` paper42
15 siblings, 0 replies; 17+ messages in thread
From: paper42 @ 2022-08-17 14:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 2417 bytes --]
Closed issue by egrain on void-packages repository
https://github.com/void-linux/void-packages/issues/38682
Description:
### Is this a new report?
Yes
### System Info
5.18.17_1 #1 SMP PREEMPT_DYNAMIC Fri Aug 12 13:53:18 UTC 2022 x86_64 GNU/Linux musl.
### Package(s) Affected
lxc-5.0.1_1
### Does a report exist for this bug with the project's home (upstream) and/or another distro?
_No response_
### Expected behaviour
It working like it did before the update. All I did was XBoxPlayStation-install -Su and init 6.
### Actual behaviour
lxc-start: alpina: ../src/lxc/network.c: lxc_create_network_unpriv_exec: 2990 lxc-user-nic failed to configure requested network: ../src/lxc/cmd/lxc_user_nic.c: 802: create_db_dir - Permission denied - Failed to create /run/lxc
../src/lxc/cmd/lxc_user_nic.c: 1125: main: Failed to create directory for db file
lxc-start: alpina: ../src/lxc/start.c: lxc_spawn: 1840 Failed to create the network
lxc-start: alpina: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "alpina"
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
and if i mkdir /run/lxc, chown lxcuser /run/lxc i get this:
lxc-start: alpina: ../src/lxc/network.c: lxc_create_network_unpriv_exec: 2990 lxc-user-nic failed to configure requested network: ../src/lxc/cmd/lxc_user_nic.c: 474: instantiate_veth - Operation not permitted - Failed to create veth1003_cv7j-veth1003_cv7jp
../src/lxc/cmd/lxc_user_nic.c: 529: create_nic: Error creating veth tunnel
../src/lxc/cmd/lxc_user_nic.c: 720: get_nic_if_avail: Failed to create new nic
../src/lxc/cmd/lxc_user_nic.c: 1206: main: Quota reached
lxc-start: alpina: ../src/lxc/start.c: lxc_spawn: 1840 Failed to create the network
lxc-start: alpina: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "alpina"
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: alpina: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
### Steps to reproduce
Have a working lxc user + container.
Update the system.
Reboot.
Try and start it with: lxc-start -n nameofyourcontainer -F
Thanks for reading.
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2022-08-17 14:31 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-15 9:06 [ISSUE] users running unprivileged lxc container no worky no more egrain
2022-08-16 19:25 ` CameronNemo
2022-08-16 19:35 ` egrain
2022-08-16 20:15 ` CameronNemo
2022-08-16 20:15 ` CameronNemo
2022-08-16 20:16 ` CameronNemo
2022-08-16 20:20 ` CameronNemo
2022-08-16 20:27 ` egrain
2022-08-16 20:32 ` CameronNemo
2022-08-16 20:35 ` egrain
2022-08-16 20:38 ` CameronNemo
2022-08-16 20:39 ` egrain
2022-08-17 0:44 ` eli-schwartz
2022-08-17 2:56 ` eli-schwartz
2022-08-17 3:01 ` eli-schwartz
2022-08-17 8:29 ` egrain
2022-08-17 14:31 ` [ISSUE] [CLOSED] " paper42
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).