Centos 8 error

8 views
Skip to first unread message

Saint Michael

unread,
Oct 18, 2021, 1:31:51 AMOct 18
to LXC users mailing-list, lxc-...@lists.linuxcontainers.org
I installed lxc (not lxd) in centos 8, from sources, but when I try
to attach to a container, of any favor, I get this error:
lxc-attach: centos8: confile.c: set_config_unsupported_key: 153
Invalid argument - Unsupported config key "lxc.seccomp"

I used this script to install lxc (I am not the author). Is there an
obvious problem?
By the way, the script fails to create lxcbr0.
Note: Centos 8 only supports lxc 3.0 and I wanted 4.0

#!/bin/bash

# do not forget to add below line to sudoers file
# we need sudo to not ask for password for virl user
# virl ALL=(ALL) NOPASSWD: ALL


LXC_BRANCH="stable-4.0"
LXC_NET_SCRIPT="/usr/local/libexec/lxc/lxc-net"
LXC_NET_CONF="/usr/local/etc/sysconfig/lxc-net"

sudo dnf update -y
sudo dnf install epel-release -y
sudo dnf groupinstall "Development Tools" -y
# we need dnsmasq as it used by '/usr/local/libexec/lxc/lxc-net start'
sudo dnf install dnsmasq -y
sudo dnf install git htop libtool openssl-devel libcap-devel wget -y

git clone https://github.com/lxc/lxc.git -b "$LXC_BRANCH"
cd lxc || exit 1
./autogen.sh
./configure
#--disable-dependency-tracking \
#--enable-apparmor \
#--enable-openssl \
#--enable-selinux \
#--enable-capabilities \
#--enable-tests

make
sudo make install

cd ~ || exit 1
git clone https://github.com/lxc/lxc-templates.git
cd lxc-templates || exit 1
./autogen.sh
./configure
make
sudo make install

cd ~ || exit 1

sudo chmod u+s /usr/bin/new{g,u}idmap

mkdir -p ~/.config/lxc/
cat >> ~/.config/lxc/default.conf<< EOF
lxc.include = /usr/local/etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
EOF

# in script /usr/local/libexec/lxc/lxc-net USE_LXC_BRIDGE=true
# above script then loads /usr/local/etc/sysconfig/lxc where
USE_LXC_BRIDGE=false
# that in turn loads /usr/local/etc/sysconfig/lxc-net if exists (it
doesn't by default)
# that is why we create below file so the bridge will be created correctly
echo 'USE_LXC_BRIDGE="true"' | sudo sh -c "cat >> $LXC_NET_CONF"
[ -f "$LXC_NET_CONF" ] || exit 1

# dnsmasq directory structure changed - we need to create dir for lxc
# to store lease file
# directory named 'misc' will be created in location defined by 'varlib'
# variable in '/usr/local/libexec/lxc/lxc-net' script
VARLIB=$(grep "varlib=" "$LXC_NET_SCRIPT" | awk -F= '{ print $2 }')
sudo mkdir -p "${VARLIB:1:-1}/misc"

sudo "$LXC_NET_SCRIPT" start

LXC_BRIDGE=$(grep -w "LXC_BRIDGE=" "$LXC_NET_SCRIPT" | awk -F= '{ print $2 }')

ip addr show "${LXC_BRIDGE:1:-1}" || exit 1

echo "done"

Serge E. Hallyn

unread,
Oct 18, 2021, 9:30:44 AMOct 18
to Saint Michael, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
I guess you'll need to add --enable-seccomp
> --
> You received this message because you are subscribed to the Google Groups "lxc-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to lxc-users+...@lists.linuxcontainers.org.
> To view this discussion on the web visit https://groups.google.com/a/lists.linuxcontainers.org/d/msgid/lxc-users/CAC9cSOCUhb_04X08YHKkN_%2BcN_HG12Lqbd2XGDwWbJLKBtsVUg%40mail.gmail.com.

Saint Michael

unread,
Oct 18, 2021, 12:33:19 PMOct 18
to Serge E. Hallyn, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
Dear Serge
Add where? Kernel parameter?

Saint Michael

unread,
Oct 18, 2021, 4:32:34 PMOct 18
to Serge E. Hallyn, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
I tried
./configure --disable-seccomp
./configure --enable-seccomp

and still have the same error
any idea?

Serge E. Hallyn

unread,
Oct 18, 2021, 5:15:15 PMOct 18
to Saint Michael, Serge E. Hallyn, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
just to be sure, you did a full rebuild after the ./configure --enable-seccomp ?

Can you check the config.log? Maybe the seccomp library was not
detected?

Saint Michael

unread,
Oct 18, 2021, 10:19:31 PMOct 18
to Serge E. Hallyn, LXC users mailing-list, lxc-...@lists.linuxcontainers.org
Just in case somebody needs to see this:
the script needs to be modified:
dnf -y install libseccomp-devel
and the network only gets installed satisfactorily if the prefix is =/
./configure --prefix=/ --enable-seccomp
Reply all
Reply to author
Forward
0 new messages