Failure executing dnsmasq happens if misc dir is not existed as the
following error messages.
localhost.localdomain systemd[1]: Starting LXC network bridge setup...
localhost.localdomain lxc-net[5754]: dnsmasq: cannot open or create lease file /usr/local/var/lib/misc/dnsmasq.lxcbr0.leases: No such file or directory
localhost.localdomain dnsmasq[5754]: cannot open or create lease file /usr/local/var/lib/misc/dnsmasq.lxcbr0.leases: No such file or directory
localhost.localdomain dnsmasq[5754]: FAILED to start up
localhost.localdomain lxc-net[5727]: Failed to setup lxc-net.
localhost.localdomain lxc-net[5727]: Failed to setup lxc-net.
localhost.localdomain systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE
localhost.localdomain systemd[1]: lxc-net.service: Failed with result 'exit-code'.
localhost.localdomain systemd[1]: Failed to start LXC network bridge setup.
Modify 'lxc-net' script to call 'mkdir -p' command if the directory is not
existed before executing dnsmasq daemon.
Signed-off-by: Leesoo Ahn <lsahn@ooseel.net>
As it was already discussed in lxc/lxd#2082, containers should be
stopped in the opposite order they are started in. LXD does so already,
lxc should do the same.
Signed-off-by: Corubba Smith <corubba@gmx.de>
Call 'access' to examine whether 'dir' is already existed or not instead
of directly calling 'mkdir' on each dir name separated by slash '/' even though
'dir' is existed.
Signed-off-by: Leesoo Ahn <lsahn@ooseel.net>
Kernels can be built with CONFIG_MODULES=n which results in
is_probed() telling the module isn't probed and lsmod spamming the
following to stderr each time it's called:
libkmod: kmod_module_new_from_loaded: could not open /proc/modules: No such file or directory
Error: could not get list of modules: No such file or directory
Fix this by "stubbing" is_probed() when /proc/modules doesn't exist
as it's always called after a is_enabled() anyway.
Signed-off-by: Jami Kettunen <jami.kettunen@protonmail.com>
When lxc is installed inside an lxc container, trying to bring up
lxc-net with the default parameters will conflict with the networking
setup for lxc on the host. This breaks all networking inside the
container where lxc is installed.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
GPG has been a major source of issues over the years with various
attacks on the key network as well as client side issues making it hard
to retrieve our keys.
Back when we introduced the image server, SSL certificates were still
expensive and annoying to setup, so not something we'd have expected
potential mirrors to setup for us. They were also issued for multiple
years, making a compromise of such a certificate quite problematic.
But things have changed since, we now have completely free, very easily
deployable SSL certificates everywhere with the majority of those being
shortlived and with good reporting of issued certificates.
With that, we can now deprecate the GPG validation, disable the fallback
to non-HTTPS download and rely on our indices being accurate because
they've been downloaded from a server with a valid certificate.
This puts LXC more in line with what LXD has done since the beginning
and should offer a more reliable user experience.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
