← Back to team overview

touch-packages team mailing list archive

[Bug 1470580] Re: unprivileged lxc containers fails with custom bridge

 

cat /etc/lxc/lxc-usernet                                                                                                                            
# USERNAME TYPE BRIDGE COUNT
x veth ibr1 8
x veth xbr1 8
x veth ubr1 8

cat .local/share/lxc/asterisk/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: -d ubuntu -r vivid -a amd64
# For additional config options, please look at lxc.container.conf(5)

# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86_64

# Container specific configuration
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/x/.local/share/lxc/asterisk/rootfs
lxc.utsname = asterisk

# Network configuration
lxc.network.type = veth
lxc.network.link = ubr1
lxc.network.flags = up
lxc.network.name = internal
#lxc.network.ipv4 = 10.1.8.2/24
#lxc.network.ipv4.gateway = 10.1.8.1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1470580

Title:
  unprivileged lxc containers fails with custom bridge

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  Using 15.04 x86_64 with all the updates installed.
  I'd like 2 containers to communicate with each other via bridge interface. For that I've created interface as follows:
  /etc/systemd/network/internalbridge1.netdev:
  [NetDev]
  Name=ibr1
  Kind=bridge

  /etc/lxc/lxc-usernet:
  # USERNAME TYPE BRIDGE COUNT
  x veth ibr1 8

  The 'x' is my username, it's first and only user configured in the
  system so default id map should work fine.

  The container network is configured as follows:
  lxc.network.type = veth
  lxc.network.link = ibr1
  lxc.network.flags = up
  lxc.network.name = internal
  lxc.network.ipv4 = 10.1.8.2/24
  lxc.network.ipv4.gateway = 10.1.8.1

  I've enabled the service and brought the bridge up - showing ok via
  'ip a' and 'brctl show'. Also works fine with priviledged containers.
  However with unpriviledged containers it fails:

  lxc-start -n asterisk -l debug -F --logfile lxc-user.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470580/+subscriptions


References