[systemd-devel] Systemd-nspawn: Cannot create tun device in container
Tom Gundersen
teg at jklm.no
Thu Oct 9 23:12:02 PDT 2014
On Fri, Oct 10, 2014 at 12:13 AM, James Lott <james at lottspot.com> wrote:
> Trying to start up an openvpn connection yields the following error:
>
> Thu Oct 9 15:01:52 2014 ERROR: Cannot open TUN/TAP dev /dev/net/tun:
> Operation not permitted (errno=1)
>
> As requested by Lennart, attached you will find an strace of the openvpn
> process as it attempts to setup the connection. Please let me know if there's
> anything else I can provide to be helpful, and thanks again for the help!
Thanks. So to open /dev/net/tun you need either to have CAP_NET_ADMIN
(which depends on how you start nspawn, e.g. passing --network-veth
will give you this) or the tun device must be created persistently by
someone else and openvpn must have the right uid/gid to take control
of it.
Which setup are you using? Could you send the commandline you used to
invoke nspawn and the openvpn config file you are using? (And also the
same for whatever method you are using to create the persistent tun
netdev, if this is what you do).
Cheers,
Tom
More information about the systemd-devel
mailing list