meta data for this page
  •  

TUN/TAP/PPP inside unprivileged LXC

lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
lxc.mount.entry = /dev/ppp dev/ppp none bind,create=file

NOTE: PPP requres CAP_NET_ADMIN, and this is not possible to setup in unpriv container

Some hints:

# With this container fails
#lxc.cap.keep: net_admin
lxc.cgroup.devices.allow = c 108:0 rwm
# On PVE host!
chown 100000:100000 /dev/ppp