Greetings.
Big time proxmox fan here, but I just stumbled on something and I don't know is it a bug? is it by design?
I am running Proxmox 8.3.4 on an Intel X86_64 architecture PC
I am using the "pve-no-subscription" repository and all packages are up to date as of today (3rd May 2025)
First thing I notice, there's no console. Just black screen and cursor.
Second thing I notice .. there's no network. I log into the container and check network, it says it's down
2: eth0@if15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether bc:24:11:dd:dd:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0
setting it to UP makes no difference
I check logs .. nothing useful.
I check the kernel ring buffer ... lots and lots of errors from apparmor about my new container and I see DENIED ( a lot )
small snippet:
repeated many times.
The container config after creating it via the GUI:
root@pve3:~# cat /etc/pve/lxc/101.conf
after adding this line to the .conf file
and rebooting the container, networking works. either DHCP or static.
so, i'm sure i'm not the first person to discover this, but googling it found nothing but people on reddit from years ago with unrelated issues. maybe my google foo isn't up to the task but i searched with stuff like "proxmox lxc container privileged no networking"
my question is, is this a bug? by design?
in my humble opinion, if you untick the unprivileged box, i would hope that the config creation method would put this line in the config so that the networking will work.
otherwise it may confuse people. Now i wonder, is that done on purpose, so people deliberately have to do this? is there a better way to do it thatn my unconfined statement in the config?
I guess what i'm saying is, should the GUI/LXC creation method have dealt with this problem , or not. If not, perhaps users should be warned about this?
Big time proxmox fan here, but I just stumbled on something and I don't know is it a bug? is it by design?
I am running Proxmox 8.3.4 on an Intel X86_64 architecture PC
I am using the "pve-no-subscription" repository and all packages are up to date as of today (3rd May 2025)
- I created an LXC container based on Ubuntu 24.04 LTS downloaded from the templates library
- I UNTICKED the unprivileged box.
- I assigned a static IP (it didn't work with DHCP either)
- I boot the container
First thing I notice, there's no console. Just black screen and cursor.
Second thing I notice .. there's no network. I log into the container and check network, it says it's down
2: eth0@if15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether bc:24:11:dd:dd:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0
setting it to UP makes no difference
I check logs .. nothing useful.
I check the kernel ring buffer ... lots and lots of errors from apparmor about my new container and I see DENIED ( a lot )
small snippet:
Code:
[2159192.899519] audit: type=1400 audit(1746226570.170:740): apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile="lxc-101_</var/lib/lxc>" name="/dev/" pid=3442760 comm="(sd-mkdcreds)" flags="rw, rslave"repeated many times.
The container config after creating it via the GUI:
root@pve3:~# cat /etc/pve/lxc/101.conf
Code:
arch: amd64
cores: 2
hostname: zerotier
memory: 512
net0: name=eth0,bridge=vmbr0,gw=10.10.10.1,hwaddr=BC:24:11:DD:DD:50,ip=10.10.10.11/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-zfs:subvol-101-disk-0,mountoptions=discard,size=8G
swap: 512after adding this line to the .conf file
Code:
lxc.apparmor.profile = unconfinedand rebooting the container, networking works. either DHCP or static.
so, i'm sure i'm not the first person to discover this, but googling it found nothing but people on reddit from years ago with unrelated issues. maybe my google foo isn't up to the task but i searched with stuff like "proxmox lxc container privileged no networking"
my question is, is this a bug? by design?
in my humble opinion, if you untick the unprivileged box, i would hope that the config creation method would put this line in the config so that the networking will work.
otherwise it may confuse people. Now i wonder, is that done on purpose, so people deliberately have to do this? is there a better way to do it thatn my unconfined statement in the config?
I guess what i'm saying is, should the GUI/LXC creation method have dealt with this problem , or not. If not, perhaps users should be warned about this?
Last edited: