Unprivileged LXC with PPP?

[iMx]

I understand that PPP requires CAP_NET_ADMIN, so I was hoping I could use an unprivileged container with the following specified:

lxc.cap.keep = net_admin
lxc.mount.entry: /dev/ppp dev/ppp none bind,create=file

Whilst /dev/ppp is created, permission is denied when trying to access it - are there dependencies required for net_admin?

 

[oguz]

When you run `ls -l` on /dev/ppp inside the container, you should be seeing "nobody:nobody" as the owner. This is because the user id 0 doesn't exist in the unprivileged container.

Try running on the Proxmox host:

chown 100000:100000 /dev/ppp

and then it should show up as "root:root" in the container.

 

[iMx]

When you run `ls -l` on /dev/ppp inside the container, you should be seeing "nobody:nobody" as the owner. This is because the user id 0 doesn't exist in the unprivileged container.

Try running on the Proxmox host:

chown 100000:100000 /dev/ppp

and then it should show up as "root:root" in the container.

Wonderful, many thanks, this fixed the problem.