Description of problem: At least in libvirt 4.5.0 lxc container not start with error "Unsupported net type direct" Version-Release number of selected component (if applicable): Name : libvirt Arch : x86_64 Version : 4.5.0 Release : 10.el7_6.3 Size : 0.0 Repo : installed From repo : updates How reproducible: see below Steps to Reproduce: 1. Make lxc container test1 with next interface sections in config: <interface type='direct'> <mac address='02:00:00:00:00:01'/> <source dev='eno1.777' mode='bridge'/> </interface> 2. virsh start test1 Actual results: Container not start Expected results: Container started Additional info: Centos 7.5 was upgrade to Centos 7.6 Version libvirt changes from 3.9.0 to 4.5.0 After upgrade from Centos 7.5 to Centos 7.6, our test environment received new version of libvirt 4.5.0 After this our old containers have broken config and can't start: 2018-12-05 10:38:32.634+0000: 18010: debug : virLXCControllerGetNICIndexes:368 : Getting nic indexes 2018-12-05 10:38:32.634+0000: 18010: error : virLXCControllerGetNICIndexes:400 : unsupported configuration: Unsupported net type direct Failure in libvirt_lxc startup: unsupported configuration: Unsupported net type direct We use linux macvlan solutions for libvirt lxc and it's worked at least since libvirt 1.2.7 for us. As I can see, in version 4.1.0 and later, some changes about DIRECT connect was implemented. VIR_DOMAIN_NET_TYPE_DIRECT is still fully supported in src/lxc/lxc_driver.c But in src/lxc/lxc_controller.c added some check for group of NET_TYPE: --- libvirt-3.9.0/src/lxc/lxc_controller.c 2017-09-28 13:15:43.322712913 +0300 +++ libvirt-4.1.0/src/lxc/lxc_controller.c 2018-02-28 16:21:05.158799006 +0300 @@ -395,8 +395,14 @@ case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_HOSTDEV: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Unsupported net type %s"), + virDomainNetTypeToString(ctrl->def->nets[i]->type)); + goto cleanup; + case VIR_DOMAIN_NET_TYPE_LAST: default: - break; + virReportEnumRangeError(virDomainNetType, ctrl->def->nets[i]->type); + goto cleanup; } } As workaround we can create autostart and persistence network: <network> <name>direct-macvlan</name> <forward mode="bridge"> <interface dev="eno1.777"/> </forward> </network> and use type=network in lxc config, like this: <interface type='network'> <mac address='02:00:00:00:00:01'/> <source network='direct-macvlan'/> <target dev='eth0'/> </interface> After this container with macvlan started.
I noticed this awhile back when I tried to start one of my test LXC domains while working on something else, but didn't have time to investigate, and then forgot. With this reminder (and pointer right to the offending code) I made a patch and was able to quickly test it with my at-the-ready test config, and posted it upstream: https://www.redhat.com/archives/libvir-list/2018-December/msg00120.html
V2 pushed upstream, will be in libvirt 5.0.0: commit c55ff370f8306718d5fa8515b907fd87b456dc12 Author: Laine Stump <laine> Date: Thu Dec 6 09:59:59 2018 -0500 lxc: don't forbid <interface type='direct'>