Yes, that was it thanks.
On Tue, Jan 14, 2014 at 3:31 PM, Stéphane Graber <[email protected]>wrote: > On Tue, Jan 14, 2014 at 03:00:32PM -0500, John Baker wrote: > > Hi, > > > > I'm using lxc in 12.04.4 LTS and seem to have a chronic issue with the > > iptables modfule not loading inside a container. I have found that it > does > > sometimes work and my coworker never seems to have problems with it in > the > > servers he runs. But it happens all the time on mine and I can't see > > anything at all that we do differently. Sometimes it will start running > > inside a container and then mysteriously have stopped next time I check > in. > > I can't find any error messages pertaining to it besides the one I get > when > > I try to load rules or view the set loaded. > > > > The only fix I have been able to come up with is to manually > > copy /lib/modules/<kernel ver.>-generic/modules.dep and net directory > from > > the host into the container. Then it seems willing to load iptables > modules > > consistently but always breaks when the kernel is updated on the host and > > has to be redone. > > > > Any ideas on what I might be missing? Is there a cgroup I should include > > for sharing iptables modules? > > Kernel modules aren't loaded per-container but globally for the whole host. > > It's not recommended (and usually blocked by either dropping the > capability or by having apparmor prevent it) to load modules from within > a container. Instead you should make sure all your kernel modules are > loaded from the host before you start your containers. > > I suspect the difference between your server and your colleague's is > that he has some init scripts or something else calling iptables before > he starts his containers which will load any modules required by his > container. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users > -- John Baker Network Administrator Marlboro College Phone: 451-7551 Cell: 490-0066
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
