no /dev/net/tun aka modprobe tun failed when inside container

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

* no /dev/net/tun aka modprobe tun failed when inside container
@ 2023-03-21 15:08 Vladilen Kozin
  0 siblings, 0 replies; only message in thread
From: Vladilen Kozin @ 2023-03-21 15:08 UTC (permalink / raw)
  To: help-guix

Hello.

I defined a shepherd service with the intention of starting it as part of
my system. Testing and debugging it was kinda, well, not straightforward.
Since it is meant to be instantiated as part of the entire operating
system, I did all the foo-service, foo-service-type ⇒ derivation ⇒ shepherd
service dance, then to test it lowered to store via `shepherd-service-file`
that generates final service definition which I then fed to `sudo herd load
root ...`. And that actually worked, though I find the process less than
straightforward. Is this really how people define system services?

So, it seems to start fine, when I load it into my running desktop
environment via `sudo herd load root ...`, but then I attempted to define
an OS, which would instantiate it on system startup, and run with:

sudo guix system -K -L /home/vlad/Code/fullmeta-guix/channel container
os.scm --network

Container runs fine. We attach and check `herd status` and notice our
service is disabled, cause it failed too many times. Checking
/var/log/messages shows it complaining that it is unable to create TUN and
no /dev/net/tun device exist. Indeed, it doesn't appear inside container
but present on the host.

Message is along the lines of:
> is CONFIG_TUN enabled in your kernel? `modprobe tun` failed with:
> wgengine.NewUserspaceEngine(tun "foo0") error: tstun.New("foo0"):
CreateTUN("foo0") failed; /dev/net/tun does not exist

Service specifies `(requirement '(networking))`. What have I missed? Do I
need to load some kernel modules explicitly? This runs inside a container,
so I would've expected it to share my host kernel, which has everything
seeing how service started fine on the host.

Maybe I am meant to `--expose=/dev/net/tun` and somehow share necessary
kernel modules, but I dunno how to find the equivalent of `/lib/modules`.
Quick look in the sources suggests there's `linux-kernel-module-build`
system, which I suspect handles installing modules, but which module I need
here and how to pass it to kernel, I've no clue. E.g. via
`(kernel-loadable-modules (list some-wg-module))` in the os definition, but
then why does my host system not require it.

Could anyone help me out, please.

Thank you

-- 
Best regards
Vlad Kozin

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-03-21 15:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-21 15:08 no /dev/net/tun aka modprobe tun failed when inside container Vladilen Kozin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).