Using some kind of container virtualization software is a convenient way to install machines and test them, but not everything that glitters is gold when using these systems. We download preconfigured images that may come with default parameters or not.

For example, LXD provides us with a Gentoo image with ACCEPT_KEYWORDS=~amd64.

Gentoo needs access to /dev/shm to perform certain operations. If we update Python, we will see the following error:

• configure has detected that the sem_open function is broken.
   * Please ensure that /dev/shm is mounted as a tmpfs with mode 1777.
   * ERROR: dev-lang/python-3.3.4-r1::gentoo failed (configure phase):
   *   Broken sem_open function (bug 496328)
   *
   * Call stack:
   *     ebuild.sh, line 124:  Called src_configure
   *   environment, line 3542:  Called die
   * The specific snippet of code:
   *           die “Broken sem_open function (bug 496328)”;

We must give it access from the outside:

If the parent is a distribution that uses AppArmor profiles, it can also be problematic, for example when mounting Docker inside Gentoo:

apparmor=“DENIED” operation=“mount” info=“failed type match” error=-13 name="/var/lib/lxd/kr0mtest/root/proc/" pid=3825 comm=“mount” fstype=“proc” srcname=“proc”

We configure nesting from the parent:

And as I have already mentioned, we must take into account that the image comes with unstable versions of the entire system.

ACCEPT_KEYWORDS=~amd64

NOTE: Hope for the best, prepare for the worst.

A clear example of this is mysql-8.0.20(21/05/2020), the post-installation script is broken, so remember that being too “modern” comes at a high cost.

Perhaps the best option is to install a stable Gentoo on real hardware, a KVM or VirtualBox and then transform it to LXD as indicated here , this way we can use this CT as a template.