| View previous topic :: View next topic |
| Author |
Message |
ipic
Guru
Joined: 29 Dec 2003
Posts: 416
Location: UK
|
 Posted: Wed Jan 15, 2025 9:49 am Post subject: [PATCH] libvirt: LXC container: System lacks NETNS support |
 |
|
I changed my CPU (Ryzen 7 2000 to Ryzen 9 5950X) and on reboot libvirtd claims this when starting a LXC container:
| Code: | | ibvirt.libvirtError: Requested operation is not valid: System lacks NETNS support |
I don't think the CPU change is the cause, just the reason for the re-boot.
The container nix entry is:
| Code: | <interface type="bridge">
<mac address="52:54:00:3e:40:3d"/>
<source bridge="br0"/>
<guest dev="eth0"/>
<link state="up"/>
</interface>
|
Up until the reboot this worked.
Note that on my 'real' VMs (QEMU) this type of network interface works, for example, here is one that is running:
| Code: | <interface type="bridge">
<mac address="52:54:00:42:7a:91"/>
<source bridge="br0"/>
<target dev="vnet1"/>
<model type="virtio"/>
<alias name="net0"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface> |
I can do this: | Code: |
ian2 ~ # ip netns add testspace
ian2 ~ # ip netns add testspace2
ian2 ~ # ip netns list
testspace
testspace2
ian2 ~ #
|
Flummoxed 
Last edited by ipic on Wed Jan 15, 2025 11:54 am; edited 1 time in total |
|
| Back to top |
|
 |
logrusx
Advocate
Joined: 22 Feb 2018
Posts: 2605
|
| Posted: Wed Jan 15, 2025 10:21 am Post subject: Re: libvirt: LXC container: System lacks NETNS support |
|
|
| ipic wrote: | | I changed my CPU (Ryzen 7 2000 to Ryzen 9 5950X) |
Is it that simple? Didn't you change the MoBo, the network adapter, et.c?
| ipic wrote: | and on reboot libvirtd claims this when starting a LXC container:
| Code: | | ibvirt.libvirtError: Requested operation is not valid: System lacks NETNS support |
I don't think the CPU change is the cause, just the reason for the re-boot.
The container nix entry is:
| Code: | <interface type="bridge">
<mac address="52:54:00:3e:40:3d"/>
<source bridge="br0"/>
<guest dev="eth0"/>
<link state="up"/>
</interface>
|
Up until the reboot this worked.
Note that on my 'real' VMs (QEMU) this type of network interface works, for example, here is one that is running:
| Code: | <interface type="bridge">
<mac address="52:54:00:42:7a:91"/>
<source bridge="br0"/>
<target dev="vnet1"/>
<model type="virtio"/>
<alias name="net0"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface> |
I can do this: | Code: |
ian2 ~ # ip netns add testspace
ian2 ~ # ip netns add testspace2
ian2 ~ # ip netns list
testspace
testspace2
ian2 ~ #
|
Flummoxed :-( |
I'm not a networking guy (I had some aspirations 20 years ago though) but I think if it was just as simple as CPU swap, then everything should work as it was, just faster (in some regards). What else did you do prior to the reboot. Can you trace your steps back to the previous reboot?
Best Regards,
Georgi
p.s. what about this? Could it be related?
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/UO2M726GGCQRIJ7UIMPU3BVQ5JMVQPDZ/
According to the corresponding git commit, this is in v 11.0.0: https://github.com/libvirt/libvirt/commit/dd217cd9382cb7d67b26c5b3b4be07e5ce88ef86
Do you happen to have that version? If so, that might be a bug worth reporting. |
|
| Back to top |
|
|
ipic
Guru
Joined: 29 Dec 2003
Posts: 416
Location: UK
|
| Posted: Wed Jan 15, 2025 10:42 am Post subject: |
|
|
Just a CPU change, and a new cooler.
Last reboot at which the containers were working was Fri Jan 10 21:47:39 2025
Last kernel rebuild was 25:01:10 21:41:40 - the cause of the above reboot
I have evidence (from daily checks) that the container in question, which is a DNS server, was running after this:
| Code: |
Mon 13 Jan 01:06:00 GMT 2025: System state logs and commands
DNS server checks
Found name server: dns1.pickworth.me.uk. <2001:8b0:fb5e::31> <192.168.1.31>
<dns1> rndc connection shows server is up and running.
Found MX entries:
10 ian.pickworth.me.uk.
20 A.secondary-mx.co.uk. |
These are the packages emerged since the boot:
| Quote: |
Fri Jan 10 07:46:58 2025 >>> mail-client/thunderbird-bin-128.6.0
Fri Jan 10 21:34:37 2025 >>> kde-frameworks/kstatusnotifieritem-6.7.0
Fri Jan 10 21:35:42 2025 >>> kde-apps/kruler-24.08.3
Sun Jan 12 08:14:44 2025 >>> virtual/opengl-8
Sun Jan 12 08:15:02 2025 >>> dev-python/charset-normalizer-3.4.1
Sun Jan 12 08:15:18 2025 >>> dev-python/jinja2-3.1.5
Sun Jan 12 08:15:48 2025 >>> dev-python/click-8.1.8
Sun Jan 12 08:15:55 2025 >>> dev-python/urllib3-2.3.0
Sun Jan 12 08:16:03 2025 >>> dev-python/kiwisolver-1.4.8
Sun Jan 12 08:16:45 2025 >>> x11-libs/libdrm-2.4.124
Sun Jan 12 08:16:52 2025 >>> dev-libs/flatbuffers-24.12.23
Sun Jan 12 08:25:39 2025 >>> media-libs/opencv-4.10.0
Mon Jan 13 08:18:12 2025 >>> app-arch/ncompress-5.0-r2
Mon Jan 13 08:18:19 2025 >>> sys-apps/hwdata-0.390
Mon Jan 13 08:18:57 2025 >>> sys-fs/mtools-4.0.46
Mon Jan 13 08:19:05 2025 >>> net-libs/libtirpc-1.3.6
Mon Jan 13 08:20:17 2025 >>> dev-perl/Test-utf8-1.30.0
Mon Jan 13 08:20:24 2025 >>> dev-perl/Net-DNS-1.480.0
Mon Jan 13 08:20:34 2025 >>> sys-process/lsof-4.99.4
Mon Jan 13 08:20:44 2025 >>> sys-fs/cryptsetup-2.7.5-r1
Mon Jan 13 08:20:55 2025 >>> dev-libs/libgpg-error-1.51
Mon Jan 13 08:21:04 2025 >>> dev-perl/DateTime-Locale-1.440.0
Mon Jan 13 08:23:44 2025 >>> dev-libs/libsigc++-3.6.0
Mon Jan 13 08:23:51 2025 >>> sys-apps/usbutils-018
Mon Jan 13 08:23:59 2025 >>> dev-python/pyqt-builder-1.17.1
Mon Jan 13 08:24:06 2025 >>> sys-process/numactl-2.0.19
Mon Jan 13 08:25:04 2025 >>> net-firewall/iptables-1.8.11-r1
Mon Jan 13 08:25:12 2025 >>> app-admin/sudo-1.9.16_p2-r1
Mon Jan 13 08:25:19 2025 >>> dev-debug/strace-6.12
Mon Jan 13 08:25:28 2025 >>> media-video/pipewire-1.2.7
Mon Jan 13 08:25:33 2025 >>> dev-cpp/glibmm-2.78.1
Mon Jan 13 08:26:47 2025 >>> media-video/wireplumber-0.5.7
Mon Jan 13 08:26:56 2025 >>> sys-apps/iproute2-6.12.0
Mon Jan 13 08:27:04 2025 >>> sys-apps/gsmartcontrol-2.0.1
Tue Jan 14 08:31:15 2025 >>> x11-libs/libX11-1.8.10-r1
Tue Jan 14 08:34:25 2025 >>> dev-libs/icu-76.1-r1
Tue Jan 14 08:35:45 2025 >>> dev-libs/libxml2-2.12.9
Tue Jan 14 08:38:26 2025 >>> dev-db/sqlite-3.46.1
Tue Jan 14 09:29:00 2025 >>> mail-mta/postfix-3.9.0-r2
Tue Jan 14 09:29:07 2025 >>> app-text/po4a-0.73-r1
Tue Jan 14 09:29:17 2025 >>> dev-qt/qtcore-5.15.16
Tue Jan 14 09:29:35 2025 >>> dev-libs/boost-1.85.0-r1
Tue Jan 14 09:29:44 2025 >>> net-libs/nodejs-22.12.0-r1
Tue Jan 14 09:31:34 2025 >>> dev-libs/libical-3.0.18
Tue Jan 14 09:31:41 2025 >>> sci-libs/libqalculate-5.3.0-r1
Tue Jan 14 09:34:13 2025 >>> media-libs/harfbuzz-10.1.0
Tue Jan 14 10:52:38 2025 >>> dev-cpp/cairomm-1.18.0
Tue Jan 14 10:52:46 2025 >>> app-text/gspell-1.12.2
Tue Jan 14 10:52:53 2025 >>> x11-libs/vte-0.76.3
Tue Jan 14 10:53:03 2025 >>> dev-qt/qtbase-6.8.1
Tue Jan 14 10:53:11 2025 >>> net-fs/samba-4.19.7
Tue Jan 14 10:53:21 2025 >>> net-libs/webkit-gtk-2.46.5-r410
Tue Jan 14 10:55:38 2025 >>> dev-cpp/pangomm-2.50.1
Tue Jan 14 10:55:46 2025 >>> dev-qt/qt5compat-6.8.1
Tue Jan 14 10:55:58 2025 >>> app-office/gnucash-5.8-r100
Tue Jan 14 13:44:12 2025 >>> dev-cpp/gtkmm-4.14.0
Tue Jan 14 13:44:21 2025 >>> dev-games/godot-4.3-r1
Tue Jan 14 13:44:31 2025 >>> dev-qt/qtwebengine-6.8.1-r1
Tue Jan 14 13:44:54 2025 >>> media-sound/pavucontrol-6.1
|
The list include net-firewall/iptables and sys-apps/iproute2 - however, as noted an ip netns command works. |
|
| Back to top |
|
|
ipic
Guru
Joined: 29 Dec 2003
Posts: 416
Location: UK
|
| Posted: Wed Jan 15, 2025 10:53 am Post subject: Re: libvirt: LXC container: System lacks NETNS support |
|
|
I have:
| Code: | ian2 ~ # libvirtd -V
libvirtd (libvirt) 10.3.0 |
But in the list above I see sys-apps/iproute2-6.12.0, and in the bug report it says:
| Code: | Since iproute2 v6.12.0, the command "ip link set lo netns -1" can
no longer be used to check for netns support, as it now validates
PIDs are not less than zero. |
So, highly likely that is it. Nice spot, thanks.
Version 11 is not available in gentoo repository - 10.10.0 is the latest.
Perhaps that patch can be applied to current source - I'll have a go. |
|
| Back to top |
|
|
ipic
Guru
Joined: 29 Dec 2003
Posts: 416
Location: UK
|
| Posted: Wed Jan 15, 2025 11:54 am Post subject: |
|
|
Based on the patch committed for v11.0.0, I created the following patch for app-emulation/libvirt-10.3.0-r4
| Code: | diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index c0967ac..a639e39 100644
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -49,7 +49,6 @@ struct _virLXCDriverConfig {
char *stateDir;
char *logDir;
bool log_libvirtd;
- int have_netns;
char *securityDriverName;
bool securityDefaultConfined;
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 1842ae8..165ffd2 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -422,12 +422,6 @@ lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
- if ((def->nets != NULL) && !(cfg->have_netns)) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- "%s", _("System lacks NETNS support"));
- goto cleanup;
- }
-
if (!(vm = virDomainObjListAdd(driver->domains, &def,
driver->xmlopt,
0, &oldDef)))
@@ -974,12 +968,6 @@ static int lxcDomainCreateWithFiles(virDomainPtr dom,
if (virDomainCreateWithFilesEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
- if ((vm->def->nets != NULL) && !(cfg->have_netns)) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- "%s", _("System lacks NETNS support"));
- goto cleanup;
- }
-
if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0)
goto cleanup;
@@ -1088,12 +1076,6 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
if (virSecurityManagerVerify(driver->securityManager, def) < 0)
goto cleanup;
- if ((def->nets != NULL) && !(cfg->have_netns)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- "%s", _("System lacks NETNS support"));
- goto cleanup;
- }
-
if (!(vm = virDomainObjListAdd(driver->domains, &def,
driver->xmlopt,
@@ -1386,22 +1368,6 @@ lxcDomainDestroy(virDomainPtr dom)
return lxcDomainDestroyFlags(dom, 0);
}
-static int lxcCheckNetNsSupport(void)
-{
- g_autoptr(virCommand) cmd = virCommandNewArgList("ip", "link", "set", "lo",
- "netns", "-1", NULL);
- int ip_rc;
-
- if (virCommandRun(cmd, &ip_rc) < 0 || ip_rc == 255)
- return 0;
-
- if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_NET) < 0)
- return 0;
-
- return 1;
-}
-
-
static virSecurityManager *
lxcSecurityInit(virLXCDriverConfig *cfg)
{
@@ -1480,7 +1446,6 @@ static int lxcStateInitialize(bool privileged,
goto cleanup;
cfg->log_libvirtd = false; /* by default log to container logfile */
- cfg->have_netns = lxcCheckNetNsSupport();
/* Call function to load lxc driver configuration information */
if (virLXCLoadDriverConfig(cfg, SYSCONFDIR "/libvirt/lxc.conf") < 0)
|
Copy this, and paste it into the file: /etc/portage/patches/app-emulation/libvirt-10.3.0-r4/netns-check-removal.patch
then:
| Code: | | emerge app-emulation/libvirt |
and check that this appears: | Code: | * Applying user patches from /etc/portage/patches ...
* Applying netns-check-removal.patch ... [ ok ]
* User patches applied.
|
Following doing this, my LXC containers now start and work as before.
Kudos @logrusx - you nailed it  |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23000
|
| Posted: Wed Jan 15, 2025 2:42 pm Post subject: |
|
|
| If all they want is to check that netns support exists, a cheap and mostly accurate check that I think would work would be to check for the existence of the pseudo-link /proc/self/ns/net. That would even have the benefit of not forking out to a separate process just to check this feature. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
