Hello, I've run into an issue that I'm not sure how to fix and need some assistance.
I've set up BPF on my proxmox host so that my LXC's can use it. So on the host, i can see the following files under /proc/sys/net/core:
The important ones i need to the LXC guest are the bpf_jit_*
My LXC config for my guest looks like this:
But the only items i have under /proc/sys/net/core on the guest are the following:
Is there something I'm missing in the lxc config that would prevent all of those kernel modules from showing up under /proc?
As a test, i also tried to specify lxc.mount.entry values to force map the proc, proc/sys, and proc/sys/net into the LXC and it didn't change the directory contents at all - it's like LXC is ignoring most of the stuff in the host's /proc/sys/net/core.
I was hoping to be able to use containers for my kubernetes w/cilium testbed, but without the ability to hit those BPF proc values, it won't work.
I've set up BPF on my proxmox host so that my LXC's can use it. So on the host, i can see the following files under /proc/sys/net/core:
Code:
total 0
dr-xr-xr-x 1 root root 0 Apr 23 07:26 .
dr-xr-xr-x 1 root root 0 Apr 23 07:26 ..
-rw-r--r-- 1 root root 0 Apr 23 07:26 bpf_jit_enable
-rw------- 1 root root 0 Apr 23 07:26 bpf_jit_harden
-rw------- 1 root root 0 Apr 23 07:26 bpf_jit_kallsyms
-rw------- 1 root root 0 Apr 23 07:26 bpf_jit_limit
-rw-r--r-- 1 root root 0 Apr 23 07:26 busy_poll
-rw-r--r-- 1 root root 0 Apr 23 07:26 busy_read
-rw-r--r-- 1 root root 0 Apr 23 07:26 default_qdisc
-rw-r--r-- 1 root root 0 Apr 23 07:26 devconf_inherit_init_net
-rw-r--r-- 1 root root 0 Apr 23 07:26 dev_weight
-rw-r--r-- 1 root root 0 Apr 23 07:26 dev_weight_rx_bias
-rw-r--r-- 1 root root 0 Apr 23 07:26 dev_weight_tx_bias
-rw-r--r-- 1 root root 0 Apr 23 07:26 fb_tunnels_only_for_init_net
-rw-r--r-- 1 root root 0 Apr 23 07:26 flow_limit_cpu_bitmap
-rw-r--r-- 1 root root 0 Apr 23 07:26 flow_limit_table_len
-rw-r--r-- 1 root root 0 Apr 23 07:26 gro_normal_batch
-rw-r--r-- 1 root root 0 Apr 23 07:26 high_order_alloc_disable
-rw-r--r-- 1 root root 0 Apr 23 07:26 max_skb_frags
-rw-r--r-- 1 root root 0 Apr 23 07:26 message_burst
-rw-r--r-- 1 root root 0 Apr 23 07:26 message_cost
-rw-r--r-- 1 root root 0 Apr 23 07:26 netdev_budget
-rw-r--r-- 1 root root 0 Apr 23 07:26 netdev_budget_usecs
-rw-r--r-- 1 root root 0 Apr 23 07:26 netdev_max_backlog
-r--r--r-- 1 root root 0 Apr 23 07:26 netdev_rss_key
-rw-r--r-- 1 root root 0 Apr 23 07:26 netdev_tstamp_prequeue
-rw-r--r-- 1 root root 0 Apr 23 07:26 netdev_unregister_timeout_secs
-rw-r--r-- 1 root root 0 Apr 23 07:26 optmem_max
-rw-r--r-- 1 root root 0 Apr 23 07:26 rmem_default
-rw-r--r-- 1 root root 0 Apr 23 07:26 rmem_max
-rw-r--r-- 1 root root 0 Apr 23 07:26 rps_default_mask
-rw-r--r-- 1 root root 0 Apr 23 07:26 rps_sock_flow_entries
-rw-r--r-- 1 root root 0 Apr 23 07:26 skb_defer_max
-rw-r--r-- 1 root root 0 Apr 23 07:26 somaxconn
-rw-r--r-- 1 root root 0 Apr 23 07:26 tstamp_allow_data
-rw-r--r-- 1 root root 0 Apr 23 07:26 txrehash
-rw-r--r-- 1 root root 0 Apr 23 07:26 warnings
-rw-r--r-- 1 root root 0 Apr 23 07:26 wmem_default
-rw-r--r-- 1 root root 0 Apr 23 07:26 wmem_max
-rw-r--r-- 1 root root 0 Apr 23 07:26 xfrm_acq_expires
-rw-r--r-- 1 root root 0 Apr 23 07:26 xfrm_aevent_etime
-rw-r--r-- 1 root root 0 Apr 23 07:26 xfrm_aevent_rseqth
-rw-r--r-- 1 root root 0 Apr 23 07:26 xfrm_larval_dropMy LXC config for my guest looks like this:
Code:
arch: amd64
cores: 2
features: nesting=1
hostname: xxxxx
memory: 4096
mp0: local-lvm:vm-108-disk-2,mp=/var/openebs/local,backup=1,size=100G
net0: name=eth0,bridge=vmbr0,gw=x.x.x.x,hwaddr=xx:xx:xx:xx:xx:xx,ip=x.x.x.x/24,tag=10,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-108-disk-0,size=20G
startup: order=2,up=30
swap: 0
lxc.cgroup2.devices.allow: a
lxc.cap.drop:
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.auto: "proc:rw sys:rw"
lxc.apparmor.profile: unconfined
Code:
root@xxxx:/proc/sys/net/core# ls -al
total 0
dr-xr-xr-x 1 root root 0 Apr 23 07:31 .
dr-xr-xr-x 1 root root 0 Apr 23 07:31 ..
-rw-r--r-- 1 root root 0 Apr 23 07:34 rps_default_mask
-rw-r--r-- 1 root root 0 Apr 23 07:31 somaxconn
-rw-r--r-- 1 root root 0 Apr 23 07:34 txrehash
-rw-r--r-- 1 root root 0 Apr 23 07:34 xfrm_acq_expires
-rw-r--r-- 1 root root 0 Apr 23 07:34 xfrm_aevent_etime
-rw-r--r-- 1 root root 0 Apr 23 07:34 xfrm_aevent_rseqth
-rw-r--r-- 1 root root 0 Apr 23 07:34 xfrm_larval_dropIs there something I'm missing in the lxc config that would prevent all of those kernel modules from showing up under /proc?
As a test, i also tried to specify lxc.mount.entry values to force map the proc, proc/sys, and proc/sys/net into the LXC and it didn't change the directory contents at all - it's like LXC is ignoring most of the stuff in the host's /proc/sys/net/core.
I was hoping to be able to use containers for my kubernetes w/cilium testbed, but without the ability to hit those BPF proc values, it won't work.