[lxc-users] Trying to create a lxc container for running Visual Studio Code

Serge E. Hallyn serge at hallyn.com
Thu Feb 11 17:54:05 UTC 2021 

On Wed, Feb 10, 2021 at 10:49:55PM +0100, Peter Carlsson wrote:
> On Wed, Feb 10, 2021 at 07:08:09AM -0600, Serge E. Hallyn wrote:
> 
> Hello again!
> 
> Thanks for your help.
> 
> I decided to start fresh and create the container as unprivileged. I
> therefor deleted the old thread.
> 
> Here is basically what I did:
> 
> As root:
> 
>   usermod -v 100000-200000 -w 100000-200000 peter
>   cat /etc/subuid
>     peter:100000:100001
>   cat /etc/subgid
>     peter:100000:100001
> 
>   nano /etc/sysctl.conf
>     # Added by Peter Carlsson 2021-02-10 for lxc
>     kernel.unprivileged_userns_clone=1
> 
>   nano /etc/default/lxc-net
>     #USE_LXC_BRIDGE="true"
> 
>   nano /etc/lxc/default.conf
>     lxc.net.0.type = veth
>     lxc.net.0.link = lxcbr0
>     lxc.net.0.flags = up
> 
>     lxc.apparmor.profile = generated
>     lxc.apparmor.allow_nesting = 1
> 
> As user peter:
> 
>   mkdir /home/peter/.config/lxc
>   nano /home/peter/.config/lxc/default.conf
>     lxc.net.0.type = veth
>     lxc.net.0.link = lxcbr0
>     lxc.net.0.flags = up
> 
>     lxc.apparmor.profile = generated
>     lxc.apparmor.allow_nesting = 1
> 
>     lxc.idmap = u 0 100000 100001
>     lxc.idmap = g 0 100000 100001

This all looks good.

> Don't know if this was necessary but I ran this after reading a link found on Google
> 
>   lxc-usernsexec

Sorry I'm not following here.  lxc-usernsexec without any arguments
will put you in a shell in a user namespace.  I assume you exited that
before going on with lxc-create, right?

>   lxc-create -t download -n VisualStudioCode -- -d debian -r buster -a amd64
> 
>   lxc-start -n VisualStudioCode -F
>  
>     lxc-start: VisualStudioCode: network.c: lxc_create_network_unpriv_exec: 2178 lxc-user-nic failed to configure requested network: No such file or directory - Failed to open "/etc/lxc/lxc-usernet"
>     cmd/lxc_user_nic.c: 1296: main: Quota reached
>     lxc-start: VisualStudioCode: start.c: lxc_spawn: 1777 Failed to create the configured network
>     lxc-start: VisualStudioCode: start.c: __lxc_start: 1951 Failed to spawn container "VisualStudioCode"
>     lxc-start: VisualStudioCode: tools/lxc_start.c: main: 330 The container failed to start
>     lxc-start: VisualStudioCode: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
> 
> What should I put in /etc/lxc/lxc-usernet?

cat << EOF | sudo tee /etc/lxc/lxc-usernet
# USERNAME TYPE BRIDGE COUNT
peter veth lxcbr0 10

> Do you see something else I have missed or should have done differently?

Not offhand.  But do make sure that lxc-net is running, i.e. make sure
that 'brctl show' shows lxcbr0

> Note that I had the network working for the container created by root.
> 
> Best regards,
> Peter Carlsson
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list