Control: tags -1 +moreinfo Le lundi 16 août 2021 à 14:48:33+0200, Jean-Michel Vourgère a écrit : > Package: lxc-templates > Version: 3.0.4-5 > Severity: normal > Affects: openvpn > > Dear Maintainer, > > After upgrading to bullseye, my container with openvpn failed to start. > > The syslog error message is: > ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1) > and indeed "cat /dev/net/tun" fails with that same error. > > I traced the problem to cgroup2 migration. > > Adding > lxc.cgroup2.devices.allow = c 10:200 rwm > in my container config file fixed the issue. > > I believe cgroup2 support should be added generally in > /usr/share/lxc/config/debian.common.conf > with keys for both cgroup1 and cgroup2 in a way that is similar to > /usr/share/lxc/config/common.conf > > Please add cgroup2 support.
I have an unprivileged container with openvpn under bullseye and my host is also under bullseye with cgroup2 active and I am unable to reproduce. Is your bug specific to privileged containers? Regards, -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for principles than to live up to them.
signature.asc
Description: PGP signature
