I’m currently experiencing an issue where containers having bridged nic devices with security.mac_filtering set to true fail to start. The machine is running an up to date Ubuntu 18.04 and the problem is encountered with lxd 3.18 coming from snap and installed from the release tarball. NICs are attached to unmanaged bridges and the following error message is displayed:
Error: Common start logic: Failed to start device 'eth0': No such object
Try `lxc info --show-log contnr` for more info
I suspect this is related to the IP filtering feature, that requires static IP allocation and therefore can only work with a managed bridge. However in principle I believe MAC filtering only could be made to work with an unmanaged bridge. Either way its either a bug/improvement or the validation needs improving.
@stgraber would you expect MAC filtering feature to be usable with an unmanaged bridge?
It’s the second time I’m using that configuration and it worked with 3.16 or 3.17. Writing this makes me realize that I had a similar issue on another system where I had to disable mac filtering to be able to launch containers. I’ll double check if it’s a combination of setting hwaddr && security.mac_filtering and report back. Then I’ll downgrade to 3.17 and 3.16 if I have too to check if it’s a regression.
edit: I’ll send that configuration when I have access to the system later today.
@pgregoire that sounds like a bug to me, or at least a simple improvement.
@stgraber is there any reason you can think of why MAC filtering shouldn’t work on an unmanaged bridge, if not I think I can re-work the nic code a little to allow this.