Chris78
February 23, 2026, 10:32pm
3
So, guessing it’s related to the Deb 13 LXC instance running unprivileged, as the systemd-networkd logs report a few non-permitted operations:Feb 23 22:11:44 third systemd-networkd[217]: eth0: Configuring with /etc/systemd/network/eth0.network.Feb 23 22:11:44 third systemd[1]: Started systemd-networkd.service - Network Configuration.Feb 23 22:25:31 third systemd[1]: Stopping systemd-networkd.service - Network Configuration…Feb 23 22:25:31 third systemd[1]: systemd-networkd.service: Deactivated successfully.Feb 23 22:25:31 third systemd[1]: Stopped systemd-networkd.service - Network Configuration.Feb 23 22:25:31 third systemd[1]: Starting systemd-networkd.service - Network Configuration…Feb 23 22:25:31 third systemd-networkd[250]: Failed to increase receive buffer size for general netlink socket, ignoring: Operation not permittedFeb 23 22:25:31 third systemd-networkd[250]: lo: Link UPFeb 23 22:25:31 third systemd-networkd[250]: lo: Gained carrierFeb 23 22:25:31 third systemd-networkd[250]: eth0: Link UPFeb 23 22:25:31 third systemd-networkd[250]: eth0: Gained carrierFeb 23 22:25:31 third systemd-networkd[250]: eth0: Gained IPv6LLFeb 23 22:25:31 third systemd-networkd[250]: Unable to load sysctl monitor BPF program, ignoring: Operation not permitted.
Seems like this person ran into a similar issue, but not sure if/how they solved it:
I am not sure what the issue is, but I am on Debian 11, my containers are arch, when I go to start them I am not getting my eth0 assigned an ip via dhcp, just getting this error now:
Nov 05 05:55:18 test systemd-networkd[77]: Failed to increase receive buffer size for general netlink socket, ignoring: Operation not permitted
I added a bunch of entries to my config file but it doesn’t appear to be helping
...
# Container specific configuration
lxc.mount.entry = /sys/kernel/debug sys/kernel/de…
EDIT: Seems to be a common issue, will have to keep reading:
opened 09:17AM - 20 Apr 21 UTC
closed 03:06PM - 26 Apr 21 UTC
# Required information
* Distribution: Debian
* Distribution version: test… ing (11 pre)
* The output of "lxc info" or if that fails:
```
config:
core.https_address: '[::]:8443'
core.trust_password: true
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- snapshot_schedule_aliases
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- container_nic_routed_host_table
- container_nic_ipvlan_host_table
- container_nic_ipvlan_mode
- resources_system
- images_push_relay
- network_dns_search
- container_nic_routed_limits
- instance_nic_bridged_vlan
- network_state_bond_bridge
- usedby_consistency
- custom_block_volumes
- clustering_failure_domains
- resources_gpu_mdev
- console_vga_type
- projects_limits_disk
- network_type_macvlan
- network_type_sriov
- container_syscall_intercept_bpf_devices
- network_type_ovn
- projects_networks
- projects_networks_restricted_uplinks
- custom_volume_backup
- backup_override_name
- storage_rsync_compression
- network_type_physical
- network_ovn_external_subnets
- network_ovn_nat
- network_ovn_external_routes_remove
- tpm_device_type
- storage_zfs_clone_copy_rebase
- gpu_mdev
- resources_pci_iommu
- resources_network_usb
- resources_disk_address
- network_physical_ovn_ingress_mode
- network_ovn_dhcp
- network_physical_routes_anycast
- projects_limits_instances
- network_state_vlan
- instance_nic_bridged_port_isolation
- instance_bulk_state_change
- network_gvrp
- instance_pool_move
- gpu_sriov
- pci_device_type
- storage_volume_state
- network_acl
- migration_stateful
- disk_state_quota
- storage_ceph_features
- projects_compression
- projects_images_remote_cache_expiry
- certificate_project
- network_ovn_acl
- projects_images_auto_update
- projects_restricted_cluster_target
- images_default_architecture
- network_ovn_acl_defaults
- gpu_mig
- project_usage
- network_bridge_acl
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses:
- 172.18.18.18:8443
- '[2001:aaaa:bbbb:cccc::abcd]:8443'
architectures:
- x86_64
- i686
driver: lxc | qemu
driver_version: 4.0.0 (devel) | 5.2.0
firewall: nftables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "true"
seccomp_listener: "true"
seccomp_listener_continue: "true"
shiftfs: "false"
uevent_injection: "true"
unpriv_fscaps: "true"
kernel_version: 5.10.0-6-amd64
lxc_features:
cgroup2: "true"
devpts_fd: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_allow_deny_syntax: "true"
seccomp_notify: "true"
seccomp_proxy_send_notify_fd: "true"
os_name: Debian GNU/Linux
os_version: ""
project: default
server: lxd
server_clustered: false
server_name: roundabout
server_pid: 3595
server_version: "4.13"
storage: dir
storage_version: "1"
```
# Issue description
Unprivileged container (Debian 11 bullseye/testing) fails to obtain an IPv4 address. Works when same container is set to privileged.
# Steps to reproduce
Unpriv (failing) `journalctl -b -u systemd-networkd.service`:
```
Apr 20 08:27:38 ctest systemd-networkd[52]: SELinux enabled state cached to: disabled
Apr 20 08:27:38 ctest systemd-networkd[52]: Failed to increase receive buffer size for general netlink socket, ignoring: Operation not permitted
Apr 20 08:27:38 ctest systemd-networkd[52]: sd-device-monitor: The udev service seems not to be active, disabling the monitor
Apr 20 08:27:38 ctest systemd-networkd[52]: sd-device-monitor: Failed to stat PID1's netns: No such file or directory
Apr 20 08:27:38 ctest systemd-networkd[52]: Failed to increase buffer size for device monitor, ignoring: Operation not permitted
Apr 20 08:27:38 ctest systemd-networkd[52]: Bus bus-api-network: changing state UNSET → OPENING
Apr 20 08:27:38 ctest systemd-networkd[52]: sd-bus: starting bus bus-api-network by connecting to /run/dbus/system_bus_socket...
Apr 20 08:27:38 ctest systemd-networkd[52]: Added inotify watch for /run on bus bus-api-network: 2
Apr 20 08:27:38 ctest systemd-networkd[52]: Added inotify watch for /run/dbus on bus bus-api-network: -1
Apr 20 08:27:38 ctest systemd-networkd[52]: sd-bus: starting bus bus-api-network by connecting to /run/dbus/system_bus_socket...
Apr 20 08:27:38 ctest systemd-networkd[52]: Bus bus-api-network: changing state OPENING → WATCH_BIND
Apr 20 08:27:38 ctest systemd-networkd[52]: Registering bus object implementation for path=/org/freedesktop/LogControl1 iface=org.freedesktop.LogContro>
Apr 20 08:27:38 ctest systemd-networkd[52]: timestamp of '/etc/systemd/network' changed
Apr 20 08:27:38 ctest systemd-networkd[52]: eth0: New device has no master, continuing without
Apr 20 08:27:38 ctest systemd-networkd[52]: eth0: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
Apr 20 08:27:38 ctest systemd-networkd[52]: eth0: Link 45 added
Apr 20 08:27:38 ctest systemd-networkd[52]: eth0: link pending udev initialization...
Apr 20 08:27:38 ctest systemd-networkd[52]: eth0: Saved original MTU: 1500
```
Priv (working) `journalctl -b -u systemd-networkd.service`:
```
Apr 20 08:35:53 ctest systemd-networkd[51]: SELinux enabled state cached to: disabled
Apr 20 08:35:53 ctest systemd-networkd[51]: Bus bus-api-network: changing state UNSET → OPENING
Apr 20 08:35:53 ctest systemd-networkd[51]: sd-bus: starting bus bus-api-network by connecting to /run/dbus/system_bus_socket...
Apr 20 08:35:53 ctest systemd-networkd[51]: Bus bus-api-network: changing state OPENING → AUTHENTICATING
Apr 20 08:35:53 ctest systemd-networkd[51]: Registering bus object implementation for path=/org/freedesktop/LogControl1 iface=org.freedesktop.LogContro>
Apr 20 08:35:53 ctest systemd-networkd[51]: timestamp of '/etc/systemd/network' changed
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: New device has no master, continuing without
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Link 47 added
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Link state is up-to-date
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: State changed: pending -> initialized
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: found matching network '/etc/systemd/network/eth0.network'
Apr 20 08:35:54 ctest systemd-networkd[51]: Setting '/proc/sys/net/ipv6/conf/eth0/disable_ipv6' to '0'
Apr 20 08:35:54 ctest systemd-networkd[51]: Setting '/proc/sys/net/ipv6/conf/eth0/use_tempaddr' to '0'
Apr 20 08:35:54 ctest systemd-networkd[51]: Setting '/proc/sys/net/ipv6/conf/eth0/accept_ra' to '0'
Apr 20 08:35:54 ctest systemd-networkd[51]: Setting '/proc/sys/net/ipv6/conf/eth0/proxy_ndp' to '0'
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Setting nomaster
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: promote_secondaries is unset, setting it
Apr 20 08:35:54 ctest systemd-networkd[51]: Setting 'net/ipv4/conf/eth0/promote_secondaries' to '1'.
Apr 20 08:35:54 ctest systemd-networkd[51]: LLDP: Started LLDP client
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Started LLDP.
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Setting address genmode for link
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Failed to read sysctl property stable_secret: Input/output error
Apr 20 08:35:54 ctest systemd-networkd[51]: eth0: Saved original MTU: 1500
```
# Information to attach
Probably: https://discuss.linuxcontainers.org/t/systemd-247-with-lxd-4-04-breaks-systemd-networkd/9627
... but couldn't find a bug for that.
Container systemd debian package version is `247.3-3`
`lxc config show NAME --expanded`:
```
architecture: x86_64
config:
boot.autostart: "true"
image.architecture: amd64
image.description: Debian bullseye amd64 (20210320_05:24)
image.os: Debian
image.release: bullseye
image.serial: "20210320_05:24"
image.type: squashfs
image.variant: default
security.nesting: "true"
security.privileged: "false"
volatile.base_image: 4d20a3018f1879cd303cb045de56dc38dfd9c7a5c6a5ff416e3c7e8b42b5dfe7
volatile.eth0.host_name: vethcdf57d7e
volatile.eth0.hwaddr: 00:16:3e:a4:12:7e
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.power: RUNNING
volatile.uuid: 594e8f27-5fb9-4fd4-b32d-6a5b363ef915
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
security.mac_filtering: "true"
type: nic
localctest:
path: /srv/ctest
source: /srv/ctest
type: disk
root:
path: /
pool: new
type: disk
sndcontrolC0:
gid: "29"
path: /dev/snd/controlC0
type: unix-char
sndhwC0D0:
gid: "29"
path: /dev/snd/hwC0D0
type: unix-char
sndpcmC0D0c:
gid: "29"
path: /dev/snd/pcmC0D0c
type: unix-char
sndpcmC0D0p:
gid: "29"
path: /dev/snd/pcmC0D0p
type: unix-char
sndpcmC0D1p:
gid: "29"
path: /dev/snd/pcmC0D1p
type: unix-char
sndpcmC0D2c:
gid: "29"
path: /dev/snd/pcmC0D2c
type: unix-char
sndseq:
gid: "29"
path: /dev/snd/seq
type: unix-char
sndtimer:
gid: "29"
path: /dev/snd/timer
type: unix-char
ephemeral: false
profiles:
- default
- internalnet
stateful: false
description: ""
```