[lxc-users] iptabes kernel modules not loading in containers
John Baker
johnnyb at marlboro.edu
Tue Jan 14 20:38:49 UTC 2014
Yes, that was it thanks.
On Tue, Jan 14, 2014 at 3:31 PM, Stéphane Graber <stgraber at ubuntu.com>wrote:
> On Tue, Jan 14, 2014 at 03:00:32PM -0500, John Baker wrote:
> > Hi,
> >
> > I'm using lxc in 12.04.4 LTS and seem to have a chronic issue with the
> > iptables modfule not loading inside a container. I have found that it
> does
> > sometimes work and my coworker never seems to have problems with it in
> the
> > servers he runs. But it happens all the time on mine and I can't see
> > anything at all that we do differently. Sometimes it will start running
> > inside a container and then mysteriously have stopped next time I check
> in.
> > I can't find any error messages pertaining to it besides the one I get
> when
> > I try to load rules or view the set loaded.
> >
> > The only fix I have been able to come up with is to manually
> > copy /lib/modules/<kernel ver.>-generic/modules.dep and net directory
> from
> > the host into the container. Then it seems willing to load iptables
> modules
> > consistently but always breaks when the kernel is updated on the host and
> > has to be redone.
> >
> > Any ideas on what I might be missing? Is there a cgroup I should include
> > for sharing iptables modules?
>
> Kernel modules aren't loaded per-container but globally for the whole host.
>
> It's not recommended (and usually blocked by either dropping the
> capability or by having apparmor prevent it) to load modules from within
> a container. Instead you should make sure all your kernel modules are
> loaded from the host before you start your containers.
>
> I suspect the difference between your server and your colleague's is
> that he has some init scripts or something else calling iptables before
> he starts his containers which will load any modules required by his
> container.
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
--
John Baker
Network Administrator
Marlboro College
Phone: 451-7551 Cell: 490-0066
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140114/351e9405/attachment.html>
More information about the lxc-users
mailing list