[lxc-users] Numerous errors running unprivileged container on Arch Linux x86_64

John da_audiophile at yahoo.com
Wed Jan 11 20:02:41 UTC 2017 





>________________________________
> From: Fajar A. Nugraha <list at fajar.net>
>To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org> 
>Sent: Tuesday, January 10, 2017 10:23 PM
>Subject: Re: [lxc-users] Numerous errors running unprivileged container on Arch Linux x86_64
>
>Short version: if you can get login prompt, and the system works as expected (e.g. services are running, you get ip address, etc), then it's safe to ignore the errors. Mostly they're just warnings due to running unprivileged.
>
>
>Some distro versions (e.g. debian jessie) requires systemd update (e.g. from debian stretch packages) to work properly as unpriv container, but from what you pasted, archlinux should be fine.
>


Thank you for the kind reply.  My goal is to have openvpn and a LAMP stack run from within the 
unprivileged container.  The problem (perhaps related to my config being incorrectly configured) is that openvpn will not run when systemd starts it. Interestingly, if I run openvpn as root from within the container, it runs just fine.  Is there a way to use the systemd service to run openvpn?


Error:
# systemctl status openvpn-server at splus.serviceopenvpn-server at splus.service - OpenVPN service for splus
Loaded: loaded (/usr/lib/systemd/system/openvpn-server at .service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2017-01-11 19:56:49 UTC; 7s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 49 ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --co
Main PID: 49 (code=exited, status=1/FAILURE)

Jan 11 19:56:49 nw openvpn[49]: TUN/TAP device tun0 opened
Jan 11 19:56:49 nw openvpn[49]: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Jan 11 19:56:49 nw openvpn[49]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 11 19:56:49 nw openvpn[49]: /usr/bin/ip link set dev tun0 up mtu 1500
Jan 11 19:56:49 nw openvpn[49]: openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
Jan 11 19:56:49 nw openvpn[49]: Exiting due to fatal error
Jan 11 19:56:49 nw systemd[1]: openvpn-server at splus.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 19:56:49 nw systemd[1]: Failed to start OpenVPN service for splus.
Jan 11 19:56:49 nw systemd[1]: openvpn-server at splus.service: Unit entered failed state.
Jan 11 19:56:49 nw systemd[1]: openvpn-server at splus.service: Failed with result 'exit-code'.


Config:
---
lxc.include = /usr/share/lxc/config/archlinux.common.conf
lxc.include = /usr/share/lxc/config/archlinux.userns.conf
lxc.arch = x86_64
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /var/lib/lxc/nw/rootfs
lxc.rootfs.backend = dir
lxc.utsname = nw
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.cgroup.devices.allow = c 10:200 rwm
---

More information about the lxc-users mailing list