[Pkg-libvirt-maintainers] Bug#1088929: libvirt-daemon-driver-lxc: LXC creation fails: "System lacks NETNS support"

Christopher Irving c.irving at unsw.edu.au
Tue Dec 3 03:18:47 GMT 2024 

Package: libvirt-daemon-driver-lxc
Version: 10.9.0-1
Severity: normal
X-Debbugs-Cc: c.irving at unsw.edu.au

Dear Maintainer,

I recently upgraded software on a server which was running (among other things)
several
LXC containers via libvirt. Before the upgrade the containers worked fine;
after, the system refuses to allow any LXC containers to be created.

Both using virsh from the command line and using virt-manager to create an LXC
container
result in the message
"System lacks NETNS support"

Looking at the package source for libvirt-daemon-driver-lxc, the function
lxcCheckNetNsSupport in the file src/lxc/lxc_driver.c seems to be testing for
NETNS
support using the command "ip link set lo netns -1".

Comparing the server where I did the software upgrade with another which I
haven't upgraded,
the output of that ip command is different. On the upgraded server, 'ip link
set lo netns -1'
outpus 'Error: argument "-1" is wrong: Invalid "netns" value'.
On the unupgraded one where LXC containers still work, the same command outputs
'RTNETLINK answers: Operation not permitted'
and if I run it with sudo,
'RTNETLINK answers: No such process'
So I think the way that ip responds to invalid input has changed, which might
be
the reason libvirt is not correctly detecting NETNS support anymore.
While this implies the actual change occurred in ip, if it's a persistent
change then libvirt-daemon-driver-lxc will need to change to handle it.

Before the upgrade, libvirt-daemon-driver-lxc was on version 10-6-0.1 and
iproute2
(the package providing the ip command) was on 6.11.0-1. After the upgrade
libvirt-daemon-driver-lxc was on 10-9-0.1 and iproute2 was on 6.12.0-1.

Thank you.


-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.11.9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF8, LC_CTYPE=en_AU.UTF8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-driver-lxc depends on:
ii  libblkid1        2.40.2-11
ii  libc6            2.40-3
ii  libcap-ng0       0.8.5-3+b1
ii  libfuse3-3       3.14.0-10
ii  libgcc-s1        14.2.0-8
ii  libglib2.0-0t64  2.82.2-2
ii  libtirpc3t64     1.3.4+ds-1.3+b1
ii  libvirt-daemon   10.6.0-1
ii  libvirt0         10.6.0-1

libvirt-daemon-driver-lxc recommends no packages.

libvirt-daemon-driver-lxc suggests no packages.

-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list