You are not logged in.
I've installed lxc from the extra repository, specifically this package here.
I've succesfully created containers and hooked them up to a bridge adapter following the Arch Linux wiki entry on LXC
I've been creating all my containers with sudo, just because it seemed like it would make everything easier in the long run and it has been working just fine.
Recently, I had a need to run nested containers and had to edit my config for that which made me realize that all the containers that I've created using
# lxc-create -n <container name here> -t download
were unprivileged containers. When I run
# lxc-ls -f
I see the following
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
container1 STOPPED 0 - - - true
container2 STOPPED 0 - - - true
container3 STOPPED 0 - - - true
container4 STOPPED 0 - - - true
container5 STOPPED 0 - - - true I have no idea why this is happening as I'm creating all these containers with the root UID.
I'm including the files that I've edited based on the Arch Wiki and my configuration for the container that I'm trying to create as privileged.
Thanks in advanced for your opinion and help
/etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
/etc/subuid,/etc/subgid (they are identical)
root:100000:65536
Created the NAT bridge with
# ip link add name lxcbr0 type bridge
and copied the sample /etc/default/lxc-net from the wiki which goes as follows
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers. Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
# Once these changes are made, restart the lxc-net and network-manager services.
# 'container1.lxc' will then resolve on your host.
#LXC_DOMAIN="lxc"
I cannot tell what I'm doing wrong and would really appreciate the advice.
I've already posted on the LXC forums and tried the LXC IRC chat to no avail.
Thank you again!
Offline
For anyone who's having the same issue, the problem is that the followings lines are in the global lxc config
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
When you take these off you will be able to create privileged containers again, I guess they are meant to be put in each containers individual config.
Offline