Ubuntu
libvirt package

Static IPv6 configuration fails in lxc guests because of readonly /proc/sys

Bug #964882 reported by Roman Yepishev
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ifupdown (Ubuntu)
Invalid
Medium
Unassigned
libvirt (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

This is a complex issue, libvirt driver for lxc sets /proc and /proc/sys as readonly which can be seen as a good thing, however ifup wants to set sysctl net.ipv6.conf.eth0.autoconf=0 which fails and ifup exits early failing to set the ip address of the interface.

STR:

1. Create a precise VM using lxc-create
2. Inside the rootfs, modify the /etc/network/interfaces to read something like:
```
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 192.168.1.20
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255
    gateway 192.168.1.1

iface eth0 inet6 static
    address 2a01:d0:801a::2:1
    netmask 64
    gateway 2a01:d0:801a::1
```
Feel free to change the address/gateway - those are used by my machines now.

3. Boot the container.

Expected results:
IPv6 address is assigned.

Actual results:
There is no IPv6 address assigned.
Attempting to ifdown eth0 fails because it is seen as not configured, ifup eth0 fails right after configuring the ipv4 connection, when it disables autoconfiguration using sysctl.

One can work around this using a terrible hack of replacing sysctl with some sort of script or binary that returns successfully on every request.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libvirt-bin 0.9.8-2ubuntu14
ProcVersionSignature: Ubuntu 3.2.0-20.32-generic 3.2.12
Uname: Linux 3.2.0-20-generic x86_64
ApportVersion: 1.95-0ubuntu1
Architecture: amd64
Date: Mon Mar 26 02:56:35 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120225)
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Roman Yepishev (rye) wrote :
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for reporting this bug.

Did you have an idea for how to best solve this?

Can this be seen as a bug in ifupdown instead? Since you say that if the sysctl is refused, it all works anyway, it sounds like it should not be failing on account of not being able to set the sysctl?

If a change in libvirt is required, then we need to do this in concert with the upstream mailing list, as it seems to require an api change.

Changed in libvirt (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Roman Yepishev (rye) wrote :

In any case, leaving the system unconfigured (even if it is a container) properly may be seen as a bad thing. In case of this bug we can assume the administrator has specified net.ipv6.conf.{all,default}.autoconf=0 prior to starting the container thus disabling autoconfiguration everywhere so ifupdown failing is a bad thing.

I will add the ifupdown project to the task.

affects: ifupdown → ifupdown (Ubuntu)
Brian Murray (brian-murray)
Changed in ifupdown (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Stéphane Graber (stgraber) wrote :

Not being able to set autoconf=0 when using static is certainly a situation where you want ifup to fail.
When you set a static IP you usually don't want to get SLAAC to happen and set some extra IPs on your interface.

Marking the ifupdown task as invalid, systems are expecting to have writable /proc/sys and the network namespaces work perfectly fine for anything in /proc/sys/net so no need to restrict that by making it read-only.

Changed in libvirt (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Roman Yepishev (rye) wrote :

I suppose the ifupdown task should have been set to Invalid and libvirt to confirmed

Changed in ifupdown (Ubuntu):
status: New → Invalid
Changed in libvirt (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Stéphane Graber (stgraber) wrote :

Gah, yeah, sorry for that :)

Revision history for this message
Alejandro Mery (amery) wrote :

is there any decent way to work around this problem?

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

You should be able to add a custom, read-write /sys mount using the example under "Adding custom mounts to the “Hello World” container" at http://berrange.com/posts/2011/09/27/getting-started-with-lxc-using-libvirt/ should work, as the custom mounts are done after the readonly /sys mount.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.