From 5021a060e53f779c06d889a10c0159fa1c68714a Mon Sep 17 00:00:00 2001 From: Jip-Hop <2871973+Jip-Hop@users.noreply.github.com> Date: Sat, 27 Jan 2024 04:40:14 +0100 Subject: [PATCH] Always bind /sys/module to make lsmod happy --- docs/incus_lxd_lxc_kvm.md | 2 +- jlmkr.py | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/incus_lxd_lxc_kvm.md b/docs/incus_lxd_lxc_kvm.md index 1750369..dc61d3c 100644 --- a/docs/incus_lxd_lxc_kvm.md +++ b/docs/incus_lxd_lxc_kvm.md @@ -19,7 +19,7 @@ startup=0 docker_compatible=1 gpu_passthrough_intel=1 gpu_passthrough_nvidia=0 -systemd_nspawn_user_args=--network-bridge=br1 --resolv-conf=bind-host --bind=/dev/fuse --bind=/dev/kvm --bind=/dev/vsock --bind=/dev/vhost-vsock --bind-ro=/sys/module +systemd_nspawn_user_args=--network-bridge=br1 --resolv-conf=bind-host --bind=/dev/fuse --bind=/dev/kvm --bind=/dev/vsock --bind=/dev/vhost-vsock # You generally will not need to change the options below systemd_run_default_args=--property=KillMode=mixed --property=Type=notify --property=RestartForceExitStatus=133 --property=SuccessExitStatus=133 --property=Delegate=yes --property=TasksMax=infinity --collect --setenv=SYSTEMD_NSPAWN_LOCK=0 systemd_nspawn_default_args=--keep-unit --quiet --boot diff --git a/jlmkr.py b/jlmkr.py index 488db32..760ad42 100755 --- a/jlmkr.py +++ b/jlmkr.py @@ -320,16 +320,18 @@ def start_jail(jail_name, check_startup_enabled=False): f"--description=My nspawn jail {jail_name} [created with jailmaker]", ] + # Always add --bind-ro=/sys/module to make lsmod happy + # https://manpages.debian.org/bookworm/manpages/sysfs.5.en.html systemd_nspawn_additional_args = [ f"--machine={jail_name}", + "--bind-ro=/sys/module", f"--directory={JAIL_ROOTFS_NAME}", ] # TODO: split the docker_compatible option into separate options # - privileged (to disable seccomp, set DevicePolicy=auto and add all capabilities) # - how to call the option to enable ip_forward and bridge-nf-call? - # TODO: always add --bind-ro=/sys/module? Or only for privileged jails? - # https://manpages.debian.org/bookworm/manpages/sysfs.5.en.html + # - add CSV value for preloading kernel modules like linux.kernel_modules in LXC if config.get("docker_compatible") == "1": # Enable ip forwarding on the host (docker needs it)