Unprivileged Containers

:one:modprobe tun不成功
wgengine.NewUserspaceEngine(tun “tailscale0”) …
modprobe: no module folders for kernel version 5.4.154 found【host的kernel version更高时好像能modprobe tun成功,但依然有如下permission denied】
is CONFIG_TUN enabled in your kernel? modprobe tun failed with:
wgengine.NewUserspaceEngine(tun “tailscale0”) error: permission denied
wgengine.New: permission denied
:two:可能是ipset不正常
/usr/bin/ssr-rules vssr-rules: Start failed!
/usr/bin/vssr-rules vssr-rules[1879]: Start failed!
Try `iptables -h’ or ‘iptables --help’ for more information.
ipset v7.6: Kernel error received: Invalid argument
ipset v7.6: Error in line 1: Kernel error received: Invalid argument.

——————————————————
privileged Containers 的日志 tailscaled: health(“overall”): ok

我在OpenWrt 21.02.1的LXC运行 openwrt,想要运行tailscale 和 某个上网代理
(ShadowSocksR Plus+ https://github.com/fw876/helloworld
Hello World https://github.com/jerrykuku/luci-app-vssr)
但是遇到了以上困难,请教有办法能解决问题吗
——————————————————————————————————————
LXC version 4.0.10
— Namespaces —
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

— Control groups —
Cgroups: enabled
Cgroup namespace: enabled

Cgroup v1 mount points:

Cgroup v2 mount points:
/sys/fs/cgroup

Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup ns_cgroup: required
Cgroup device: missing
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

— Misc —
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): enabled, loaded

— Checkpoint/Restore —
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: enabled
File capabilities:

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
————————————————————————————————————
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = x86_64

Container specific configuration

lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.rootfs.path = dir:/srv/lxc/net/rootfs
lxc.uts.name = net

Network configuration

#lxc.net.0.type = empty
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br-lan
lxc.mount.auto = sys:rw proc:rw
—————————————————————————————————————end