LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Containers (https://www.linuxquestions.org/questions/linux-containers-122/)
-   -   LXD br_netfilter module in network namespaces (https://www.linuxquestions.org/questions/linux-containers-122/lxd-br_netfilter-module-in-network-namespaces-4175650459/)

Replica 03-19-2019 05:42 AM
LXD br_netfilter module in network namespaces
 
Hello all
I have ubuntu machine with lxd installed and I am playing with containers and I want to test some apps like docker or k8s inside LXD environment that require the br_netfilter module in network namespaces

because I was not able to enable it inside running container I cant install k8s and other applications which require this module
/proc/sys/net/bridge dir is missing inside container network namespace, however it is enabled and loaded on the host machine

here are my configurations:

HOSTMACHINE:~$ lxc profile show default
config:
linux.kernel_modules: bridge,ip_tables,nf_nat,overlay,br_netfilter
security.privileged: "true"
description: Default LXD profile
devices:
br0:
nictype: bridged
parent: br0
type: nic
root:
path: /
pool: lxd
type: disk
src:
path: /usr/src/
source: /usr/src/
type: disk
name: default
used_by:
- /1.0/containers/tmp
- /1.0/containers/kubetmp
- /1.0/containers/kubemastertmp
- /1.0/containers/centosTMPL
- /1.0/containers/centest


--------------------------------------


HOSTMACHINE:~# modinfo br_netfilter
filename: /lib/modules/4.18.0-16-generic/kernel/net/bridge/br_netfilter.ko
description: Linux ethernet netfilter firewall bridge
author: Bart De Schuymer <bdschuym@pandora.be>
author: Lennert Buytenhek <buytenh@gnu.org>
license: GPL
srcversion: 46DE53B0B0A82CBC5B9DD7D
depends: bridge
retpoline: Y
intree: Y
name: br_netfilter
vermagic: 4.18.0-16-generic SMP mod_unload
signat: PKCS#7
signer:
sig_key:
sig_hashalgo: md4


------------------------------------------

HOSTMACHINE:~$ ll /proc/sys/net/
total 0
dr-xr-xr-x 1 root root 0 მარ 19 09:52 ./
dr-xr-xr-x 1 root root 0 მარ 19 09:52 ../
dr-xr-xr-x 1 root root 0 მარ 19 09:52 bridge/
dr-xr-xr-x 1 root root 0 მარ 19 09:52 core/
dr-xr-xr-x 1 root root 0 მარ 19 09:52 ipv4/
dr-xr-xr-x 1 root root 0 მარ 19 09:52 ipv6/
dr-xr-xr-x 1 root root 0 მარ 19 13:00 netfilter/
-rw-r--r-- 1 root root 0 მარ 19 13:00 nf_conntrack_max
dr-xr-xr-x 1 root root 0 მარ 19 09:52 unix/

--------------------------------------------


CONTAINER ~]# modinfo br_netfilter
modinfo: ERROR: Module alias br_netfilter not found.
CONTAINER ~]# ll /proc/sys/net/
total 0
dr-xr-xr-x 1 root root 0 მარ 19 08:47 core
dr-xr-xr-x 1 root root 0 მარ 19 05:53 ipv4
dr-xr-xr-x 1 root root 0 მარ 19 05:53 ipv6
dr-xr-xr-x 1 root root 0 მარ 19 05:53 netfilter
dr-xr-xr-x 1 root root 0 მარ 19 05:53 unix




Any idea? plz help
Thank you

berndbausch 03-19-2019 09:07 AM
My guess is that br_netfilter.ko is missing in the container’s filesystem. modinfo displays data from the *.ko files, not from the kernel.
Sorry, I don’t know how to ensure the file exists (if it is really missing).

Are you sure that /proc/sys/net/bridge is created by this module?

EDIT: Seems to be a bug that was fixed four months ago, but if I understand it right, not yet in the kernel: https://github.com/lxc/lxd/issues/3306.


All times are GMT -5. The time now is 10:39 PM.