I have been trying to get OpenVPN working in a LXD-managed LXC container on Ubuntu 16.04. I have added the tun device to the container config via lxc config edit container and it is properly created. I have run
lxc config set mycontainer raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'
and it shows up in the container config, but I when I run
systemctl start [email protected]
I get this in my error log:
Jul 13 09:52:56 lb systemd[1]: Failed to reset devices.list on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Starting OpenVPN connection to server...
-- Subject: Unit [email protected] has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit [email protected] has begun starting up.
Jul 13 09:52:56 lb systemd[1]: Failed to reset devices.list on /system.slice/ondemand.service: Operation not permitted
Here is my container config:
$ lxc config show --expanded lb
name: lb
profiles:
- default
config:
raw.lxc: lxc.cgroup.devices.allow = c 10:200 rwm
volatile.base_image: f452cda3bccb2903e56d53e402b9d35334b4276783d098a879be5d74b04e62e2
volatile.eth0.hwaddr: xx:xx:xx:xx:xx:xx
volatile.eth1.name: eth1
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":65536}]'
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
eth1:
hwaddr: xx:xx:xx:xx:xx:xx
nictype: bridged
parent: lxdbr1
type: nic
root:
path: /
type: disk
tun:
path: /dev/net/tun
type: unix-char
ephemeral: false
And the files in /dev/net:
$ ll /dev/net
total 0
drwxr-xr-x 2 root root 60 Jul 13 09:36 ./
drwxr-xr-x 9 root root 480 Jul 13 09:36 ../
crw-rw-rw- 1 root root 10, 200 Jul 13 09:36 tun
You still have a raw.lxc object. And according to the poster (see Edit1) he did exactly the same, didn't work, used "device add" and it worked. Give it a try...
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments