For starters, from "man lxc.container.conf"
lxc.hook.autodev
A hook to be run in the container's namespace after mounting
has been done and after any mount hooks have run, but before
the pivot_root, if lxc.autodev == 1.
You can never modprobe in unprivileged container's namespace.
Another thing, AFAIK the hooks only accepts one parameter: a script name. So
you need to have a script (e.g. /usr/local/bin/my_script) inside the container.
I actually tried that already as well and it resulted in the exact same error:
lxc.autodev = 1
lxc.hook.autodev = /home/lxcuser/.local/share/lxc/autodev/vpn_barracks
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 10:200 rwm
lxcuser@corsair:~/.local/share/lxc$ cat autodev/vpn_barracks
#!/bin/bash
cd ${LXC_ROOTFS_MOUNT}/dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun
lxc-start -n vpn_barracks --logpriority=DEBUG
...
lxc-start 1464620477.814 INFO lxc_conf - conf.c:run_script_argv:362 -
Executing script '/usr/share/lxcfs/lxc.mount.hook' for container
'vpn_barracks', config section 'lxc'
lxc-start 1464620477.893 INFO lxc_conf - conf.c:run_script_argv:362 -
Executing script '/home/lxcuser/.local/share/lxc/autodev/vpn_barracks' for
container 'vpn_barracks', config section 'lxc'
lxc-start 1464620477.900 ERROR lxc_conf - conf.c:run_buffer:342 -
Script exited with status 1
lxc-start 1464620477.900 ERROR lxc_conf - conf.c:lxc_setup:3947 -
failed to run autodev hooks for container 'vpn_barracks'.
lxc-start 1464620477.900 ERROR lxc_start - start.c:do_start:717 -
failed to setup the container
lxc-start 1464620477.900 ERROR lxc_sync - sync.c:__sync_wait:51 -
invalid sequence number 1. expected 2
lxc-start 1464620477.942 ERROR lxc_start - start.c:__lxc_start:1192 -
failed to spawn 'vpn_barracks'
lxc-start 1464620477.998 WARN lxc_commands -
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive
response
lxc-start 1464620477.999 WARN lxc_cgmanager - cgmanager.c:cgm_get:994
- do_cgm_get exited with error
lxc-start 1464620483.004 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start 1464620483.004 ERROR lxc_start_ui - lxc_start.c:main:346 -
To get more details, run the container in foreground mode.
lxc-start 1464620483.004 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
Since the error was exactly the same I figured LXC was simply executing
whatever parameter lxc.hook.autodev was provided, regardless of whether it was
a file or not.
My best advice is to bind-mount /dev/net/tun from the host (lxc.mount.entry) instead
of using lxc.hook.autodev, and try again. I"m not even sure that /dev/net/tun
works for unpriv containers (fuse doesn't), so if that still doesn't work, you
probably want to try privileged container.
Okay, thanks, I'll try this, especially after Wojtek's comments saying this
should work.
Thanks,
Joshua
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
