On Tue, 2024-03-12 at 15:36 -0700, Mike Wright wrote:
On 3/11/24 14:41, Patrick O'Callaghan wrote:
On Sun, 2024-03-10 at 16:39 +0000, Patrick O'Callaghan wrote:
I'd like to play with LXC but I find the docs not very newbie- friendly. I'm trying to follow a guide at:
https://brandonrozek.com/blog/lxc-fedora-38/
(basically because it mentions Fedora). I followed the steps closely and rebooted, but I get the following error:
$ systemd-run --unit=my-unit --user --scope -p "Delegate=yes"
lxc-start test Running scope as unit: my-unit.scope lxc-start: test: lxccontainer.c: wait_on_daemonized_start: 877 Received container state "ABORTING" instead of "RUNNING" lxc-start: test: tools/lxc_start.c: main: 306 The container failed to start lxc-start: test: tools/lxc_start.c: main: 309 To get more details, run the container in foreground mode lxc-start: test: tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and -- logpriority options Any insights would be welcome. (Just in case, I tried running with SElinux turned off, but it made no difference.)
One thing: on running lxc-checkconfig I get: ... Cgroup v1 systemd controller: missing Cgroup v1 freezer controller: missing Cgroup ns_cgroup: required
...
(everything else is OK).
The first two are irrelevant. It uses cgroup2 now. 3rd one I don't understand.
How is your test container working?
It isn't. I still get the same errors on startup.
I've been playing along over here and now have a container that reports "UNPRIVILEGED true" using lxc-ls -f. It starts and runs but is unusable. lxc-start -n C1 -F shows the bootup sequence and it is full of [FAILED] sections. root can't even change to /root: permission denied. Almost everything is owned by 65534:65534. If I manually set an IP and default route I have networking and it uses my DNS container successfully.
I found this: https://brandonrozek.com/blog/lxc-fedora-38/%C2%A0%22Setting up unprivileged containers with LXC on Fedora 38" and how to use systemd to start and stop the containers. It works but doesn't solve the other problems I'm seeing.
Yes, I'd found that page a couple of days ago and tried following it. Same problems as before.
I'm thinking this isn't worth the hassle. My main interest in lxc was to run a small containerised VPN, but Fedora seems to have much better support for docker (via podman) so I'll probably concentrate on that.
poc