Hello! I have been trying to run Alpine (edge) containers on Debian (bookworm unstable, kernel 6.1.0, lxd/lxc version 5.0.2), but every time I run lxc stop
or lxc restart
, the host’s network adapter goes down, and my SSH connection hangs.
Based on this discussion, I’ve tried statically defining the bridge.hwaddr
for the lxdbr0
bridge config
config:
bridge.hwaddr: 02:3a:f6:d5:08:f1
ipv4.address: 10.128.37.1/24
ipv4.nat: "true"
ipv6.address: fd42:fb55:60e2:5f53::1/64
ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/profiles/default
- /1.0/instances/still-elk
- /1.0/instances/above-cockatoo
[truncating instance list for brevity]
managed: true
status: Created
locations:
- none
but to no avail.
Based on this discussion, I disabled the Docker userlandproxy, and added the ENV{INTERFACE}=="veth*", ENV{NM_UNMANAGED}="1"
udev rule.
After running lxc reboot
on one of the containers, the network froze, and I used Linode’s lish to check the kernel logs, which show this, but I couldn’t see anything that stood out to me.
[ 103.846824] veth755f10f4: renamed from physpVCCoj
[ 103.854632] lxdbr0: port 1(vethc5d309a8) entered disabled state
[ 104.019509] device vethc5d309a8 left promiscuous mode
[ 104.020028] lxdbr0: port 1(vethc5d309a8) entered disabled state
[ 104.749945] kauditd_printk_skb: 7 callbacks suppressed
[ 104.749949] audit: type=1400 audit(1677465441.806:61): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="lxd-above-cockatoo_</var/lib/lxd>" pid=6774 comm="apparmor_parser"
[ 104.782461] lxdbr0: port 1(vethe3381d02) entered blocking state
[ 104.783109] lxdbr0: port 1(vethe3381d02) entered disabled state
[ 104.783699] device vethe3381d02 entered promiscuous mode
[ 104.784269] lxdbr0: port 1(vethe3381d02) entered blocking state
[ 104.784840] lxdbr0: port 1(vethe3381d02) entered forwarding state
[ 104.862468] lxdbr0: port 1(vethe3381d02) entered disabled state
[ 104.872434] audit: type=1400 audit(1677465441.930:62): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxd-above-cockatoo_</var/lib/lxd>" pid=6807 comm="apparmor_parser"
[ 104.927807] physBKzS9V: renamed from veth911ecca6
[ 104.938745] eth0: renamed from physBKzS9V
[ 104.951534] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 104.952262] lxdbr0: port 1(vethe3381d02) entered blocking state
[ 104.952934] lxdbr0: port 1(vethe3381d02) entered forwarding state
[ 104.972410] Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist.
[ 105.116836] audit: type=1400 audit(1677465442.174:63): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-above-cockatoo_</var/lib/lxd>" name="/dev/" pid=7052 comm="busybox" flags="rw, nosuid, noexec, remount, silent"
[ 105.120142] audit: type=1400 audit(1677465442.182:64): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-above-cockatoo_</var/lib/lxd>" name="/dev/" pid=7052 comm="busybox" flags="ro, nosuid, noexec, remount, silent"
Even though “link becomes ready” is shown, I am still unable to ssh back in.
I have no problem starting containers, or using the network within the containers once they are up.
My apologies if this post is a bit unwieldy, I’m still new to the forum!