Re: [lxc-users] Centos 8 error
1 view
Skip to first unread message
Serge E. Hallyn
Oct 18, 2021, 9:30:43 AM10/18/21
to Saint Michael, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
On Mon, Oct 18, 2021 at 01:31:37AM -0400, Saint Michael wrote:
> I installed lxc (not lxd) in centos 8, from sources, but when I try
> to attach to a container, of any favor, I get this error:
> lxc-attach: centos8: confile.c: set_config_unsupported_key: 153
> Invalid argument - Unsupported config key "lxc.seccomp"
>
> I used this script to install lxc (I am not the author). Is there an
> obvious problem?
> By the way, the script fails to create lxcbr0.
> Note: Centos 8 only supports lxc 3.0 and I wanted 4.0
>
> #!/bin/bash
>
> # do not forget to add below line to sudoers file
> # we need sudo to not ask for password for virl user
> # virl ALL=(ALL) NOPASSWD: ALL
>
>
> LXC_BRANCH="stable-4.0"
> LXC_NET_SCRIPT="/usr/local/libexec/lxc/lxc-net"
> LXC_NET_CONF="/usr/local/etc/sysconfig/lxc-net"
>
> sudo dnf update -y
> sudo dnf install epel-release -y
> sudo dnf groupinstall "Development Tools" -y
> # we need dnsmasq as it used by '/usr/local/libexec/lxc/lxc-net start'
> sudo dnf install dnsmasq -y
> sudo dnf install git htop libtool openssl-devel libcap-devel wget -y
>
> git clone https://github.com/lxc/lxc.git -b "$LXC_BRANCH"
> cd lxc || exit 1
> ./autogen.sh
> ./configure
> #--disable-dependency-tracking \
> #--enable-apparmor \
> #--enable-openssl \
> #--enable-selinux \
I guess you'll need to add --enable-seccomp
> #--enable-capabilities \
> #--enable-tests
>
> make
> sudo make install
>
> cd ~ || exit 1
> git clone https://github.com/lxc/lxc-templates.git
> cd lxc-templates || exit 1
> ./autogen.sh
> ./configure
> make
> sudo make install
>
> cd ~ || exit 1
>
> sudo chmod u+s /usr/bin/new{g,u}idmap
>
> mkdir -p ~/.config/lxc/
> cat >> ~/.config/lxc/default.conf<< EOF
> lxc.include = /usr/local/etc/lxc/default.conf
> lxc.idmap = u 0 100000 65536
> lxc.idmap = g 0 100000 65536
> EOF
>
> # in script /usr/local/libexec/lxc/lxc-net USE_LXC_BRIDGE=true
> # above script then loads /usr/local/etc/sysconfig/lxc where
> USE_LXC_BRIDGE=false
> # that in turn loads /usr/local/etc/sysconfig/lxc-net if exists (it
> doesn't by default)
> # that is why we create below file so the bridge will be created correctly
> echo 'USE_LXC_BRIDGE="true"' | sudo sh -c "cat >> $LXC_NET_CONF"
> [ -f "$LXC_NET_CONF" ] || exit 1
>
> # dnsmasq directory structure changed - we need to create dir for lxc
> # to store lease file
> # directory named 'misc' will be created in location defined by 'varlib'
> # variable in '/usr/local/libexec/lxc/lxc-net' script
> VARLIB=$(grep "varlib=" "$LXC_NET_SCRIPT" | awk -F= '{ print $2 }')
> sudo mkdir -p "${VARLIB:1:-1}/misc"
>
> sudo "$LXC_NET_SCRIPT" start
>
> LXC_BRIDGE=$(grep -w "LXC_BRIDGE=" "$LXC_NET_SCRIPT" | awk -F= '{ print $2 }')
>
> ip addr show "${LXC_BRIDGE:1:-1}" || exit 1
>
> echo "done"
>
> --
> You received this message because you are subscribed to the Google Groups "lxc-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to lxc-users+...@lists.linuxcontainers.org.
> To view this discussion on the web visit https://groups.google.com/a/lists.linuxcontainers.org/d/msgid/lxc-users/CAC9cSOCUhb_04X08YHKkN_%2BcN_HG12Lqbd2XGDwWbJLKBtsVUg%40mail.gmail.com.
> I installed lxc (not lxd) in centos 8, from sources, but when I try
> to attach to a container, of any favor, I get this error:
> lxc-attach: centos8: confile.c: set_config_unsupported_key: 153
> Invalid argument - Unsupported config key "lxc.seccomp"
>
> I used this script to install lxc (I am not the author). Is there an
> obvious problem?
> By the way, the script fails to create lxcbr0.
> Note: Centos 8 only supports lxc 3.0 and I wanted 4.0
>
> #!/bin/bash
>
> # do not forget to add below line to sudoers file
> # we need sudo to not ask for password for virl user
> # virl ALL=(ALL) NOPASSWD: ALL
>
>
> LXC_BRANCH="stable-4.0"
> LXC_NET_SCRIPT="/usr/local/libexec/lxc/lxc-net"
> LXC_NET_CONF="/usr/local/etc/sysconfig/lxc-net"
>
> sudo dnf update -y
> sudo dnf install epel-release -y
> sudo dnf groupinstall "Development Tools" -y
> # we need dnsmasq as it used by '/usr/local/libexec/lxc/lxc-net start'
> sudo dnf install dnsmasq -y
> sudo dnf install git htop libtool openssl-devel libcap-devel wget -y
>
> git clone https://github.com/lxc/lxc.git -b "$LXC_BRANCH"
> cd lxc || exit 1
> ./autogen.sh
> ./configure
> #--disable-dependency-tracking \
> #--enable-apparmor \
> #--enable-openssl \
> #--enable-selinux \
I guess you'll need to add --enable-seccomp
> #--enable-capabilities \
> #--enable-tests
>
> make
> sudo make install
>
> cd ~ || exit 1
> git clone https://github.com/lxc/lxc-templates.git
> cd lxc-templates || exit 1
> ./autogen.sh
> ./configure
> make
> sudo make install
>
> cd ~ || exit 1
>
> sudo chmod u+s /usr/bin/new{g,u}idmap
>
> mkdir -p ~/.config/lxc/
> cat >> ~/.config/lxc/default.conf<< EOF
> lxc.include = /usr/local/etc/lxc/default.conf
> lxc.idmap = u 0 100000 65536
> lxc.idmap = g 0 100000 65536
> EOF
>
> # in script /usr/local/libexec/lxc/lxc-net USE_LXC_BRIDGE=true
> # above script then loads /usr/local/etc/sysconfig/lxc where
> USE_LXC_BRIDGE=false
> # that in turn loads /usr/local/etc/sysconfig/lxc-net if exists (it
> doesn't by default)
> # that is why we create below file so the bridge will be created correctly
> echo 'USE_LXC_BRIDGE="true"' | sudo sh -c "cat >> $LXC_NET_CONF"
> [ -f "$LXC_NET_CONF" ] || exit 1
>
> # dnsmasq directory structure changed - we need to create dir for lxc
> # to store lease file
> # directory named 'misc' will be created in location defined by 'varlib'
> # variable in '/usr/local/libexec/lxc/lxc-net' script
> VARLIB=$(grep "varlib=" "$LXC_NET_SCRIPT" | awk -F= '{ print $2 }')
> sudo mkdir -p "${VARLIB:1:-1}/misc"
>
> sudo "$LXC_NET_SCRIPT" start
>
> LXC_BRIDGE=$(grep -w "LXC_BRIDGE=" "$LXC_NET_SCRIPT" | awk -F= '{ print $2 }')
>
> ip addr show "${LXC_BRIDGE:1:-1}" || exit 1
>
> echo "done"
>
> --
> You received this message because you are subscribed to the Google Groups "lxc-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to lxc-users+...@lists.linuxcontainers.org.
> To view this discussion on the web visit https://groups.google.com/a/lists.linuxcontainers.org/d/msgid/lxc-users/CAC9cSOCUhb_04X08YHKkN_%2BcN_HG12Lqbd2XGDwWbJLKBtsVUg%40mail.gmail.com.
Serge E. Hallyn
Oct 18, 2021, 5:15:14 PM10/18/21
to Saint Michael, Serge E. Hallyn, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
just to be sure, you did a full rebuild after the ./configure --enable-seccomp ?
Can you check the config.log? Maybe the seccomp library was not
detected?
On Mon, Oct 18, 2021 at 04:32:20PM -0400, Saint Michael wrote:
> I tried
> ./configure --disable-seccomp
> ./configure --enable-seccomp
>
> and still have the same error
> any idea?
>
> On Mon, Oct 18, 2021 at 12:33 PM Saint Michael <ven...@gmail.com> wrote:
> >
> > Dear Serge
> > Add where? Kernel parameter?
Can you check the config.log? Maybe the seccomp library was not
detected?
On Mon, Oct 18, 2021 at 04:32:20PM -0400, Saint Michael wrote:
> I tried
> ./configure --disable-seccomp
> ./configure --enable-seccomp
>
> and still have the same error
> any idea?
>
> On Mon, Oct 18, 2021 at 12:33 PM Saint Michael <ven...@gmail.com> wrote:
> >
> > Dear Serge
> > Add where? Kernel parameter?
Reply all
Reply to author
Forward
0 new messages