System: Debian Jessie amd64 LXC: 1.0.6 I've used LXC for a little while with system containers. After recently upgraded my system to Debian Jessie I've started working with user containers. A problem I seem to be having is that under unprivileged containers, the Avahi daemon does not seem to work. It worked as a system container, only requiring removing the nprocs limit.
Containers are set up using cgmanager: cgm create, cgm chmod, cgm movepid, lxc-start, and so on. The network is configured to use veth bridged with host device br0, which is also the master of eth0. When I run Wireshark and monitor the veth interface from the host, if I run "mdns-scan" in the container, I get MDNS traffic, but if just run "ping main-machine.local" in the container there is no MDNS traffic. If I run "ping guest.local" from the host, I do get MDNS traffic". I try to debug this by directly running avahi-daemon (avahi-daemon --debug) in the guest to view the stderr output. There is no activity regardless of a ping from the host or the guest. Running "mdns-scan" from the guest generates activity. Somehow the guest finds the host's _workstation._tcp.local. Running "mdns-scan" from the host, there is no activity in the guest stderr output. After searching online, the closest thing I could find was this post: http://lists.freedesktop.org/archives/avahi/2015-February/002345.html This seems to suggest from my minimum understanding that there is some bug in the kernel code, and that the credentials at line 85 of avahi-core/netlink.c is seeing the "outside" user id value instead of the container user id value. However, there are no work-arounds mentioned. Has anyone managed to get Avahi working with unprivileged containers or workarounds to get this to work? Thanks, Brian Allen Vanderburg II
signature.asc
Description: OpenPGP digital signature
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users