libvirt_lxc: Attaching device control BPF program to cgroup ... not permitted
I have created some LXC containers with libvirt. Unfortunately, I see a warning in the LXC guest, which looks dangerous ("all devices will be accessible" within the container). The guest OS is Ubuntu 22.04, the host OS is Tumbleweed 20240730. The LXC guest XML definition can be found here: https://paste.opensuse.org/pastes/e4ae459d7553 # virsh -c lxc:/// console wazuh Connected to domain 'wazuh' Escape character is ^] (Ctrl + ]) systemd 249.11-0ubuntu3.12 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified) Detected virtualization lxc-libvirt. Detected architecture x86-64. Welcome to Ubuntu 22.04.4 LTS! [...] [ OK ] Reached target Socket Units. Mounting POSIX Message Queue File System... Mounting Kernel Trace File System... Attaching device control BPF program to cgroup /machine.slice/machine-lxc\x2d27904\x2dwazuh.scope/libvirt/system.slice/systemd-journald.service failed: Operation not permitted Unit systemd-journald.service configures device ACL, but the local system doesn't seem to support the BPF-based device controller. Proceeding WITHOUT applying ACL (all devices will be accessible)! (This warning is only shown for the first loaded unit using device ACL.) Starting Journal Service... [...] Is there any good solution? Björn
participants (1)
-
Bjoern Voigt