Using archlinux.
I was able to set it up fine on privileged containers but now moving to unprivileged ones I can't get network going as yet. I followed the archwiki for linux conatiners and used the same details which worked for privileged ones, changing the respective paths to reflect their unprivileged equivalents. Below is the container's config file.
Code:
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# Template script checksum (SHA-1): b7de1d7259bdd66f5b8f0347f74b18c19729883a
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/archlinux.common.conf
lxc.include = /usr/share/lxc/config/archlinux.userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.rootfs.path = dir:/home/user1/.local/share/lxc/base-arch/rootfs
lxc.uts.name = base-arch
## network
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.name = eth0
lxc.net.0.hwaddr = ee:ec:fa:e9:56:7d
When I try and ping `network in unreachable`. `lxc-net` bridge is running.
Code:
/etc/lxc/lxc-usernet
----------
user1 veth lxcbr0 10
When I restarted and looked in the container output
Code:
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Stopped Network Name Resolution.
Starting Network Name Resolution...
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
Or that is just a symptom rather than a cause?
When I looked in journalctl in the running container I see
Code:
systemd-networkd.service: Failed to change ownership of session keyring: Permission denied
systemd-networkd.service: Failed to set up kernel keyring: Permission denied
systemd-networkd.service: Failed at step KEYRING spawning /usr/lib/systemd/systemd-networkd: Permission denied
Hmm ...
Also when I do `lspci -v` I get
Code:
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 09)
Subsystem: ASUSTeK Computer Inc. P8 series motherboard
Flags: bus master, fast devsel, latency 0, IRQ 45, NUMA node 0
I/O ports at d000 [size=256]
Memory at fa104000 (64-bit, prefetchable) [size=4K]
Memory at fa100000 (64-bit, prefetchable) [size=16K]
Capabilities: <access denied>
Kernel driver in use: r8169
So it is showing access denied under capabilities.
Could it still be a problem with not setting enough permissions on the $HOME folder? I did it in ACL with
Code:
setfacl -m "u:100000:--x" /home/user1
. Is it still not sufficient?