From: Vladilen Kozin <vladilen.kozin@gmail.com>
To: help-guix@gnu.org
Subject: no /dev/net/tun aka modprobe tun failed when inside container
Date: Tue, 21 Mar 2023 15:08:02 +0000 [thread overview]
Message-ID: <CACw=CXPiravK4PSz2wQBVs+sONCfc_Rab+M-Yzk3o1jj9jiy-A@mail.gmail.com> (raw)
Hello.
I defined a shepherd service with the intention of starting it as part of
my system. Testing and debugging it was kinda, well, not straightforward.
Since it is meant to be instantiated as part of the entire operating
system, I did all the foo-service, foo-service-type ⇒ derivation ⇒ shepherd
service dance, then to test it lowered to store via `shepherd-service-file`
that generates final service definition which I then fed to `sudo herd load
root ...`. And that actually worked, though I find the process less than
straightforward. Is this really how people define system services?
So, it seems to start fine, when I load it into my running desktop
environment via `sudo herd load root ...`, but then I attempted to define
an OS, which would instantiate it on system startup, and run with:
sudo guix system -K -L /home/vlad/Code/fullmeta-guix/channel container
os.scm --network
Container runs fine. We attach and check `herd status` and notice our
service is disabled, cause it failed too many times. Checking
/var/log/messages shows it complaining that it is unable to create TUN and
no /dev/net/tun device exist. Indeed, it doesn't appear inside container
but present on the host.
Message is along the lines of:
> is CONFIG_TUN enabled in your kernel? `modprobe tun` failed with:
> wgengine.NewUserspaceEngine(tun "foo0") error: tstun.New("foo0"):
CreateTUN("foo0") failed; /dev/net/tun does not exist
Service specifies `(requirement '(networking))`. What have I missed? Do I
need to load some kernel modules explicitly? This runs inside a container,
so I would've expected it to share my host kernel, which has everything
seeing how service started fine on the host.
Maybe I am meant to `--expose=/dev/net/tun` and somehow share necessary
kernel modules, but I dunno how to find the equivalent of `/lib/modules`.
Quick look in the sources suggests there's `linux-kernel-module-build`
system, which I suspect handles installing modules, but which module I need
here and how to pass it to kernel, I've no clue. E.g. via
`(kernel-loadable-modules (list some-wg-module))` in the os definition, but
then why does my host system not require it.
Could anyone help me out, please.
Thank you
--
Best regards
Vlad Kozin
reply other threads:[~2023-03-21 15:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACw=CXPiravK4PSz2wQBVs+sONCfc_Rab+M-Yzk3o1jj9jiy-A@mail.gmail.com' \
--to=vladilen.kozin@gmail.com \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).