Failed to increase receive buffer size for general netlink socket, ignoring: Operation not permitted

VTChevalier · November 5, 2022, 6:35am

I am not sure what the issue is, but I am on Debian 11, my containers are arch, when I go to start them I am not getting my eth0 assigned an ip via dhcp, just getting this error now:

Nov 05 05:55:18 test systemd-networkd[77]: Failed to increase receive buffer size for general netlink socket, ignoring: Operation not permitted

I added a bunch of entries to my config file but it doesn’t appear to be helping

...

# Container specific configuration
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br1
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:cb:8c:74

lxc.cgroup.memory.limit_in_bytes = 1G
limits.cpu 2

# kernel links
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
lxc.cgroup.devices.allow =
lxc.cgroup.devices.deny =
lxc.mount.auto = proc:mixed sys:mixed cgroup:rw:force

#lxc.cgroup.devices.allow = c 10:200 rwm
#lxc.mount.auto = cgroup:rw:force

lxc.autodev = 1

lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=1

When I turn on logging I get this message:

lxc-start test 20221105043112.676 ERROR    cgroup2_devices - cgroups/cgroup2_devices.c:bpf_program_load_kernel:348 - Operation not permitted - Failed to load bpf program: (null)

My lxc-checkconfig is this:

LXC version 4.0.6
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-5.10.0-19-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 


Cgroup v2 mount points: 
/sys/fs/cgroup

Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup namespace: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled```

KernelPanic · June 1, 2023, 11:15pm

Same trouble but with static IPv4.
IPv6 is working but not requested.

But It works for me with privileged container only.