05/24/2023 at 23:36 •
Noted every time you lxc-stop & lxc-start a certain container, it creates a new virtual eth device. Eventually ifconfig & brctl show fill with dead virtual eth devices. These dead devices cause networking in the container to fail with TLS errors, dropped connections, while DNS & ping continue to work.
The leading theory is these containers start processes which aren't killed by lxc-stop. kill -9 instead of lxc-stop doesn't release the devices.
meld shows an interesting evolution of the process table during the lifecycle of the container.
The container creates a bunch of nfsd & kworker which aren't visible inside the container. These are left behind after lxc-stop or kill -9
killall -9 nfsd gets rid of all the dangling eth devices & processes.
The nfsds are all created outside of the container by lxc-start & bound to the virtual eth.
For some reason, the offending container has a bunch of rpc programs running inside the container & these cause nfsd to run outside the container. There's no reason to use nfsd in a container since the filesystem is a subdirectory on the host. A quick disabling of RPC solves the dangling network interfaces.
mv /usr/sbin/rpc.idmapd /usr/sbin/rpc.idmapd.bak
mv /usr/sbin/rpc.mountd /usr/sbin/rpc.mountd.bak
mv /usr/sbin/rpcbind /usr/sbin/rpcbind.bak
That fixed the connection errors. As in all things, containers introduce many new problems in exchange for solving old problems with virtual machines. The hope is the new problems are less debilitating than the old problems but there can never be a perfect solution.
05/23/2023 at 21:14 •
The goog spits out many hits for running an X11 program in a container by creating a new container from scratch. Buried in this list was 1 hit for reconfiguring an existing container.
The general idea is to add 1 line to your /var/lib/lxc/*/config file
lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir,ro
Then restart the container.
This creates a path which redirects the X server sockets of display :0 to the X server sockets of the host display.