[pkg-lxc-devel] Bug#992255: openvpn fails in a container (missing cgroup2 support)
Pierre-Elliott Bécue
peb at debian.org
Tue Aug 17 00:13:09 BST 2021
Control: tags -1 +moreinfo
Le lundi 16 août 2021 à 14:48:33+0200, Jean-Michel Vourgère a écrit :
> Package: lxc-templates
> Version: 3.0.4-5
> Severity: normal
> Affects: openvpn
>
> Dear Maintainer,
>
> After upgrading to bullseye, my container with openvpn failed to start.
>
> The syslog error message is:
> ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
> and indeed "cat /dev/net/tun" fails with that same error.
>
> I traced the problem to cgroup2 migration.
>
> Adding
> lxc.cgroup2.devices.allow = c 10:200 rwm
> in my container config file fixed the issue.
>
> I believe cgroup2 support should be added generally in
> /usr/share/lxc/config/debian.common.conf
> with keys for both cgroup1 and cgroup2 in a way that is similar to
> /usr/share/lxc/config/common.conf
>
> Please add cgroup2 support.
I have an unprivileged container with openvpn under bullseye and my host
is also under bullseye with cgroup2 active and I am unable to reproduce.
Is your bug specific to privileged containers?
Regards,
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20210817/7ac0c0ee/attachment-0001.sig>
More information about the Pkg-lxc-devel
mailing list