0

My host is Ubuntu 16.04.1 LTS with privileged container.

I want to disable ipv6 of container, so I created a config file on /etc/sysctl.d/60-disable-ipv6.conf, I have tried lxc-start and lxc-stop -r my container, container's ipv6 is not disabled until run sudo sysctl -p /etc/sysctl.d/60-disable-ipv6.conf, it works, ipv6 address is disabled.

Why container doesn't load /etc/sysctl.d/*.conf?

dawncold
  • 23
  • 1
  • 10
  • is this container running in privileged mode? this might affect its ability to change sysctl parameters. also the `systemd-sysctl.service` might be disabled - if available at all. – Phillip -Zyan K Lee- Stockmann Feb 17 '17 at 10:11
  • does `systemctl status systemd-sysctl.service` tell you anything about the service and if it failed? – Phillip -Zyan K Lee- Stockmann Feb 17 '17 at 10:17
  • @Phillip-ZyanKLee-Stockmann Thanks! systemctl told me that service didn't start, because `ConditionPathIsReadWrite=/proc/sys/ was not met`, so I added `lxc.mount.auto = proc` or `lxc.mount.auto = proc:rw`, it doesn't work, I still could view `/proc/sys` in container. – dawncold Feb 17 '17 at 11:50
  • Can you please retry with a privileged container? https://linuxcontainers.org/lxc/getting-started/#creating-privileged-containers – Phillip -Zyan K Lee- Stockmann Feb 17 '17 at 11:55
  • I'm using privileged container. I found this, https://github.com/systemd/systemd/issues/4370 – dawncold Feb 17 '17 at 11:57
  • great, so you need a systemd version of v232 or later - OR you can fix it by changing that line in `systemd-sysctl.conf` yourself ;-) ahh ... and you should add this as an answer to your own question – Phillip -Zyan K Lee- Stockmann Feb 17 '17 at 12:05
  • Maybe. I changed systemd-sysctl.service condition to /proc/sys/net, it works, but systemd-sysctl executed failed, maybe something else wrong – dawncold Feb 17 '17 at 12:08

1 Answers1

1

Thnaks Phillip's instruction, I found systemd-sysctl.service didn't start in container with this message: ConditionPathIsReadWrite=/proc/sys/ was not met

I have tried lxc.mount.auto=proc and lxc.mount.auto=proc:rw in lxc config, but it doesn't work for me.

Last I found there is an issue of systemd:https://github.com/systemd/systemd/issues/4370, maybe if I could install systemd v232 it solves.(modify systemd-sysctl.service: ConditionPathIsReadWrite to /proc/sys/net could solve it.)

I added sudo sysctl --system on a start up script, it works.

dawncold
  • 23
  • 1
  • 10