Connectivity inside LXC container is broken on 15.5

Downloaded a qcow2 https://am.mirrors.kernel.org/opensuse/distribution/leap/15.5/appliances/openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2

Installed lxc using this guide LXD - openSUSE Wiki

lxd init I left all at default value

Created a container with
lxc launch images:c85bf2a77569 container2

image is | opensuse/15.5/cloud (1 more) | c85bf2a77569 | yes | Opensuse 15.5 amd64 (20230924_04:20) | x86_64 | CONTAINER | 74.76MiB | Sep 24, 2023 at 12:00am (UTC) |

lxc list does not show any ip associated

Also If I enter inside I do not see any ip, even restarting or rcnetwork restart.

What I am doing wrong ?

the 55.22 kernel is broken - use the 55.19 - it works.

I will try immediately! thank you for the suggestion.

So restarted from 0 the machine (took another qcow fresh image)
The kernel in use was 5.14.21-150500.55.7-default
I did
zypper in kernel-default-5.14.21-150500.55.19.1
reboot and redid the lxc creation

And cry -.- still nothing.

The problem is the firewall!

If I fully disable it, is working without any problem.
I will dig more, but I am pretty sure the problem is that the interface is not added into any zone…

and in fact if I do
firewall-cmd --permanent --zone=internal --add-interface=lxdbr0
firewall-cmd --permanent --zone=internal --add-service=dhcp
firewall-cmd --reload

The ip is now associated (but dns and co do not work, as I think some stuff is missing in internal, current conf is this one)
internal (active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: lxdbr0
sources:
services: dhcp dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

I think I will just move to the trusted, and call it a day…

But IMHO this is a bug…

Did you reboot after installing the kernel and select that one from the boot menu?

does uname -a show 55.19?

LLR1:~ # uname -a
Linux LLR1 5.14.21-150500.55.19-default #1 SMP PREEMPT_DYNAMIC Wed Sep 6 08:41:01 UTC 2023 (1e6fbaf) x86_64 x86_64 x86_64 GNU/Linux

I will later recheck in that VM (currently in a microOs one and a tumleweed Jeos), but the problem is the firewall as described above

So in the image https://am.mirrors.kernel.org/opensuse/distribution/leap/15.5/appliances/openSUSE-Leap-15.5-Minimal-VM.x86_64-kvm-and-xen.qcow2

uname -a
Linux localhost 5.14.21-150500.55.7-default #1 SMP PREEMPT_DYNAMIC Mon Jul 10 18:53:13 UTC 2023 (4204a3a) x86_64 x86_64 x86_64 GNU/Linux

with all stock, except the DISABLED firewall, the lxc is workig and getting the ip


installing the 55.22
zypper search -s kernel-default-5.14.21-150500.55.22.1

uname -a
Linux localhost 5.14.21-150500.55.22-default #1 SMP PREEMPT_DYNAMIC Wed Sep 6 08:41:01 UTC 2023 (1e6fbaf) x86_64 x86_64 x86_64 GNU/Linux

container2 | RUNNING | 10.215.220.243 (eth0)

So is working also with the 55.22 kernel.

of course if I enable the firewall it will no longer get the ip.

I would have expected to be autoconfigured the firewall, like what happens for libvirt (which itself is mostly working but missing the port forwarding -.-)