Bug 1031122

Summary: make /dev/net/tun available in a container
Product: [Fedora] Fedora Reporter: dann
Component: lxcAssignee: Thomas Moschny <thomas.moschny>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: karlthered, mhw, sagarun, thomas.moschny
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-05 19:06:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description dann 2013-11-15 16:33:38 UTC
Description of problem:

The tun device is not available inside an lxc container created with the Fedora template.

It is very useful to be able to run a VPN inside a container, and it's not possible because the tun device is not available (and cannot be created using mknod).  Some kinds of testing or some builds require a VPN.

Version-Release number of selected component (if applicable):
lxc-0.8.0-2.fc19.x86_64

How reproducible:
 lxc-create -n MYCONTAINER -t fedora -B none 

Steps to Reproduce:
1. lxc-create -n MYCONTAINER -t fedora -B none
2. run libvirt-insall for the container created above
3. see that /dev/net/tun is not available in the container and cannot be created with mkdod

If it's not acceptable to create the "tun" device by default, maybe provide an alternate template fedora-with-tun that can creates it by default, or 
maybe clearly document how to do it..

Thanks!

Comment 1 Michael H. Warfield 2014-06-04 21:05:57 UTC
This should be addressed in documentation.  There are many examples of specific container requirements (such as requiring loop devices) that are not appropriate as a default in a generic container.

Comment 2 Michael H. Warfield 2014-06-05 16:57:26 UTC
Additional Information...

This issue has been addressed on the lxc-users mailing list and a number of forums...

https://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg02331.html

http://serverfault.com/questions/429461/no-tun-device-in-lxc-guest-for-openvpn

It's not going to be something that will be added to the default configuration for all containers as it's more appropriately a container specific custom configuration option.  Really not a bug.  Please direct further queries to the lxc-users mailing list.