Hi,
to me it seems this is not a bug, but an issue with the default config.
To run virtualization in a LXD container - which by default is unprivileged for security you have to make some changes.
We will not change LXD/Libvirt defaults for that afaik, but the following is my recommendation as a container profile addition to get KVM+Libvirt running fine in a container.
You can create that with "lxc profile new kvm" and then launch those guests that need it with default+kvm profile, while leaving the other secure and unprivileged.
$ lxc launch ubuntu-daily:c/amd64 c --profile default --profile kvm
I hope that helps to understand, but IMHO it is not a bug.
Hi,
to me it seems this is not a bug, but an issue with the default config.
To run virtualization in a LXD container - which by default is unprivileged for security you have to make some changes.
We will not change LXD/Libvirt defaults for that afaik, but the following is my recommendation as a container profile addition to get KVM+Libvirt running fine in a container.
config: kernel_ modules: openvswitch, nbd,ip_ tables, ip6_tables, kvm privileged: "true"
boot.autostart: "true"
linux.
security.nesting: "true"
security.
description: ""
devices:
eth0:
mtu: "9000"
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
kvm:
path: /dev/kvm
type: unix-char
mem:
path: /dev/mem
type: unix-char
tun:
path: /dev/net/tun
type: unix-char
name: kvm
used_by: []
You can create that with "lxc profile new kvm" and then launch those guests that need it with default+kvm profile, while leaving the other secure and unprivileged. daily:c/ amd64 c --profile default --profile kvm
$ lxc launch ubuntu-
I hope that helps to understand, but IMHO it is not a bug.