I believe I’m having a very interesting issue with lxc.
I’m using Arch, specifically if I use uname -a
I get
Linux 6.7.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 21 Jan 2024 22:14:10 +0000 x86_64 GNU/Linux
I’ve installled the lxc package found here, which gives me the lxc utilities
When I use
# lxc-create -n demo -t download – --dist ubuntu --release jammy --arch amd64
I get the following output
Using image from local cache
Unpacking the rootfs
---
You just created an Ubuntu jammy amd64 (20240120_07:42) container.
To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC
which is perfectly fine, but when I check the container with lxc-ls -f
I see
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
demo STOPPED 0 - - - true
which should not be happening if I understand correctly as I’m using all the above commands with root privileges (using sudo), so the containers that I’m creating should also be privileged containers right?
I have been using lxc so far without realising that I’ve been creating unprivileged containers.
Now I’m trying to run a kubernetes cluster inside LXC which led me to try to get nested containers working.
I honestly have no clue why I’m not able to create a privileged container.
Here’s the output of lxc-checkconfig
LXC version 5.0.3
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Warning: newuidmap is not setuid-root
Warning: newgidmap is not setuid-root
Network namespace: enabled
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
- /sys/fs/cgroup
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
Here’s my /etc/lxc/default.conf
, /etc/subuid/
and /etc/subgid
/etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
/etc/subuid
, /etc/subgid
root:100000:65536
I have no clue why this might be happening and would love to hear your take on it
I mainly followed the arch wikis lxc article to setup
Thank you in advance for your help