[lxc-users] iptables-persistent not loading rules
Sergey
sergeyn at gmail.com
Mon Nov 24 11:14:54 UTC 2014
Hi,
Is your container unprivileged?
I'm experiencing the same issue with unprivileged container on ubuntu
trusty.
I've tried to investigate it with strace. There is the log:
# strace iptables-save 2>&1 |tail
> mprotect(0x7fdd75e12000, 4096, PROT_READ) = 0
> mprotect(0x7fdd76019000, 4096, PROT_READ) = 0
> mprotect(0x613000, 4096, PROT_READ) = 0
> mprotect(0x7fdd7623d000, 4096, PROT_READ) = 0
> munmap(0x7fdd76238000, 11652) = 0
> brk(0) = 0x7cc000
> brk(0x7ed000) = 0x7ed000
> open("/proc/net/ip_tables_names", O_RDONLY|O_CLOEXEC) = -1 EACCES
> (Permission denied)
> exit_group(0) = ?
> +++ exited with 0 +++
>
# ls -l /proc/net/ip_tables_names
> -r--r----- 1 nobody nogroup 0 Nov 24 15:12 /proc/net/ip_tables_names
>
It looks like access permissions are the main issue.
On Fri, Nov 21, 2014 at 10:37 PM, Mark Fox <mark.fox at gmail.com> wrote:
> On Ubuntu Server 14.04.1, my containers allow iptables rules to be set up
> and saved with iptables-persistent, but they don't get loaded when starting
> the container. In fact, a *sudo service iptables-persistent reload*
> doesn't work either. I'm not seeing any errors. The rule chains just remain
> in their default configuration (ACCEPT everything).
>
> Probably not very helpful, but a *sudo service --status-all* shows
> iptables-persistent as [ ? ].
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
--
С уважением,
Sergey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141124/f4dbac77/attachment.html>
More information about the lxc-users
mailing list