Rancher 2.5 privileged Docker container in (privileged) LXC

So this is a question somewhat related to Running Rancher 2 or Kubernetes in unprivileged LXC container - however this time it’s about Rancher 2.5 which requires a privileged Docker container.

After using the LXC container config mentioned in Can't run a privileged docker container in LXC container · Issue #4902 · lxc/lxd · GitHub, I am able to successfully start Docker containers with the docker run --privilege flag inside the LXC container.
However when doing this with a Rancher 2.5 container, Rancher does not launch the installation.

I’ve opened Running Rancher 2.5 (Single Install) in LXC container fails · Issue #33322 · rancher/rancher · GitHub but maybe someone here has an idea how to find out more, find out what is missing (or maybe Rancher falsely thinks something is missing)?

thx in advance!

I should post more often here. As soon as I do, the answer sooner or later falls into my lap. :sweat_smile:

I finally came across the following commit: Detect and require --privileged on container start · rancher/rancher@b0919dd · GitHub

This specifically requires /dev/kmsg to exist in the Docker Host (meaning the LXC container in this situation).

An additional mount in the LXC container’s config does the job:

lxc.mount.entry = /dev/kmsg dev/kmsg none defaults,bind,create=file
1 Like