[pkg-lxc-devel] Bug#1116615: Bug#1116615: Unprivileged containers using veth have stopped working after upgrading from bookworm to trixie

Fri Dec 26 19:05:16 GMT 2025

Hi Matthias,

When you tried to reproduce this issue, what did you actually do? What
did you attempt, and at which stage did things "just work" for you? I
can try to walk you through the steps until you hit failure. Can you
give a specific list of steps to the failure-to-reproduce point?  I
cannot really guess what it is that you did, or how you did it. You'd
have to be more specific.

But I'm also confused about what you are asking for: clearly, many
other people have tripped over this; you can find umpteen discussions
on various forums describing the bug(s). The lxc maintainers found the
bug and fixed it; the 28 Sept 2025 lxc git tree contains working code.
I can't tell which pull req it is that provided the fix.  Are you
asking me to git bisect to find the specific fix?

Let's work on getting this reproduced on your machine; it should not
be that hard to do.

On Fri, Dec 26, 2025 at 11:29 AM Mathias Gibbens <gibmat at debian.org> wrote:
>
> On Wed, 2025-11-05 at 23:24 -0600, Linas Vepstas wrote:
> > On Sun, Oct 26, 2025 at 1:08 PM Mathias Gibbens <gibmat at debian.org>
> > wrote:
> > >
> > >   I think there must be something specific to your setup and/or
> > > container configuration, as I can successfully start an unprivilged
> > > trixie container using the steps below, both on a clean bookworm VM
> > > upgraded to trixie after the container is created/started, as well
> > > as a clean trixie VM.
> >
> > I have no doubt that this is true, but this misses the point. The LXC
> > developers have found a bug in their own code, and they fixed that
> > bug, and that fix allows me to run my containers. They have published
> > their fix;  I tested their patch, it works for me.
>
>   A link to the upstream pull request with the fix would be most
> appreciated. Bug fixes for stable must be specific and targeted; since
> I can't reproduce the issue on my end I can't git bisect down to the
> commit that fixes your issue.
>
> > I am not about to turn around and say something like "no, you LXC
> > developers should revert your own patch because there's a mistake in
> > my config" -- that's goofy. Maybe there's a mistake in my configs,
> > maybe there isn't, but I'm not going to argue with the developers --
> > they know better than I. FWIW, I did spend like 8 or twelve hours
> > tracking this down over two days: this was a highly non-trivial
> > issue.
> >
> > So what I am trying to say is this: "Hey Debian, here's a real issue
> > that really happens, and the LXC guys have already patched it, and
> > the patch works, so please backport to Debian stable." If you don't
> > want to backport ... well, what more can I say? I've already bashed
> > my head on this far longer than I would have ever hoped. It was a
> > bear.
>
>   Without additional information to help other people reproduce your
> issue, there's really nothing that can be done about this bug.
>
> Mathias

-- 
Patrick: Are they laughing at us?
Sponge Bob: No, Patrick, they are laughing next to us.