Search results

Can you try using the EPYC cpu type? According to this post[1] it should be compatible. [1] https://www.redhat.com/archives/libvir-list/2018-July/msg01242.html

The above shows a generated profile (`lxc.apparmor.profile = generated`, the new default when no custom apparmor profile is found in /etc/pve/lxc/$vmid.conf) which means that you either had the profile previously configured in /var/lib/lxc/$vmid/config manually and started with `lxc-start`, or...

The alpine config does drop a number of additional capabilities. I'd recommend using an unprivileged container which won't have that problem ;-) Alternatively you can try using the default value for lxc.cap.drop via lxc.cap.drop = lxc.cap.drop = mac_admin mac_override sys_time sys_module...

Snap requires a bit more work. There may soon be a 'fuse' flag for the features option, but fuse can be dangerous. For now you have to do this: - For unprivileged containers: 1) Put this in /etc/pve/lxc/$vmid.conf: ... features: mount=fuse,nesting=1 lxc.mount.entry = /dev/fuse dev/fuse none...

- This is a subvolume, not an ext4 image on a zvol, thus - quotas are not supported there and - you can't just write mount command line options into pve configuration files like that, there's a reason why they have their own format. please read the bugzilla entry to the end, there's only 1 more...

Please provide the container's config and, from inside the container, the output of `systemctl` and `systemctl status systemd-networkd` Also any audit message happening during the container startup would be useful.

There's a work-in-progress with some patches to get things going on the devel list which is runnable, but there's no official support or release yet (and therefore incompatibilities to be expected between versions). ARM hardware can be a bit annoying to support in a "generic" way, kernel-wise...

Das kommt an mehreren Stellen zum vorschein, zb `free` innerhalb des containers aufrufen oder /proc lesen etc., und liegt einfach daran wie die memory cgroups designed sind. In cgroup-v1 kann man Swap nicht unabhängig von Memory limitieren. Mit cgroup-v2 wird das so weit ich weiß gehen...

Curious. It's supposed to complain with a meaningful error message that you're resizing it over a maximum of 16TiB if I see this correctly. (A 32 bit count of blocks of 4k = 16TiB). The fact that it fails like that means we need to add a check. Also a way to have containers formatted with the...

You most likely want to setup ndppd to proxy the ipv6 NDP packets between vmbr1 and eth0, and tell your guest's to use the host's vmbr1 ipv6 address as gateway for ipv6.

Step 1 should not be necessary. Step 4 only needs to include step 1. The sysctl values from step 2 aren't currently namespaced. This file is used for containers without configurations, so this won't work. Containers all by default include `/usr/share/lxc/config/common.conf.d/*.conf`, so you'd...

So the image containing the container was on the disk that ran full? It probably fails to mount -you can test that via `pct mount $vmid` as root - if that fails as well, you can try running a `pct fsck $vmid`... The problem is that most regular file systems, including ext4, really are not...

Please also see the documentation for the 'keyctl' feature in the pct.conf manpage.

snapd requires a lot more than just nesting, if you look at the log output when starting it you probably see it complain about not being able to mount a squashfs file system - which you can allow by adding ',mount=squashfs' to the features line. However, in order to mount anything from files it...

Yes to that part Sorry, should be `features: nesting=1`. (Also updated my post above.) Edit: You can also check the `pct(1)` manpage for a little more info on the `features` line. If you scroll down to the `Configuration` section's `Options` subsection, there's also more details about the...

With pve-container >=2.0-28 you can start testing the `features` setting in containers. Remove any custom `lxc.apparmor.profile` lines and use `features: nesting=1` if you want to just nest lxc or lxd - if you want to nest docker in an _unprivileged_ container, you'll need to also add 'keyctl'...

Apparently neither lxc-attach nor the shell entered in the container perform any kind of reset on the signal mask here. In some templates this does seem to happen. `pct` ignores SIGPIPE, lxc-attach leaves it as it is, as does your container's shell. The result is that instead of being killed...

Dod you use `pct mount` as mentioned above before checking? Otherwise there won't be anything in there, so better check from inside the other containers and if you do find that file in them (and they are the same ubuntu version as the one that cannot start), see if you can copy it into the...

I'm not sure this would actually stay effective. If I disable TSO early when a VM boots, the moment the guest itself turns it on it also switches on the host. If that's not a concern for you, you could try to use a systemd.link file such as: # /etc/systemd/network/50-tap-offloading.link [Match]...

You can override it by placing a file in /etc/sysctl.d, either using the same file name (to effectively replace it) or by using a file name sorted after it. Modifying the file in /usr/lib won't survive package upgrades. There's no setting in the webpanel for this.