On Wed, Feb 10, 2021 at 10:49:55PM +0100, Peter Carlsson wrote: > On Wed, Feb 10, 2021 at 07:08:09AM -0600, Serge E. Hallyn wrote: > > Hello again! > > Thanks for your help. > > I decided to start fresh and create the container as unprivileged. I > therefor deleted the old thread. > > Here is basically what I did: > > As root: > > usermod -v 100000-200000 -w 100000-200000 peter > cat /etc/subuid > peter:100000:100001 > cat /etc/subgid > peter:100000:100001 > > nano /etc/sysctl.conf > # Added by Peter Carlsson 2021-02-10 for lxc > kernel.unprivileged_userns_clone=1 > > nano /etc/default/lxc-net > #USE_LXC_BRIDGE="true" > > nano /etc/lxc/default.conf > lxc.net.0.type = veth > lxc.net.0.link = lxcbr0 > lxc.net.0.flags = up > > lxc.apparmor.profile = generated > lxc.apparmor.allow_nesting = 1 > > As user peter: > > mkdir /home/peter/.config/lxc > nano /home/peter/.config/lxc/default.conf > lxc.net.0.type = veth > lxc.net.0.link = lxcbr0 > lxc.net.0.flags = up > > lxc.apparmor.profile = generated > lxc.apparmor.allow_nesting = 1 > > lxc.idmap = u 0 100000 100001 > lxc.idmap = g 0 100000 100001
This all looks good. > Don't know if this was necessary but I ran this after reading a link found on > Google > > lxc-usernsexec Sorry I'm not following here. lxc-usernsexec without any arguments will put you in a shell in a user namespace. I assume you exited that before going on with lxc-create, right? > lxc-create -t download -n VisualStudioCode -- -d debian -r buster -a amd64 > > lxc-start -n VisualStudioCode -F > > lxc-start: VisualStudioCode: network.c: lxc_create_network_unpriv_exec: > 2178 lxc-user-nic failed to configure requested network: No such file or > directory - Failed to open "/etc/lxc/lxc-usernet" > cmd/lxc_user_nic.c: 1296: main: Quota reached > lxc-start: VisualStudioCode: start.c: lxc_spawn: 1777 Failed to create > the configured network > lxc-start: VisualStudioCode: start.c: __lxc_start: 1951 Failed to spawn > container "VisualStudioCode" > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 330 The container > failed to start > lxc-start: VisualStudioCode: tools/lxc_start.c: main: 336 Additional > information can be obtained by setting the --logfile and --logpriority options > > What should I put in /etc/lxc/lxc-usernet? cat << EOF | sudo tee /etc/lxc/lxc-usernet # USERNAME TYPE BRIDGE COUNT peter veth lxcbr0 10 > Do you see something else I have missed or should have done differently? Not offhand. But do make sure that lxc-net is running, i.e. make sure that 'brctl show' shows lxcbr0 > Note that I had the network working for the container created by root. > > Best regards, > Peter Carlsson > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users