<p dir="ltr">If installing the package in unprivileged mode was the problem, could you then run the image unprivileged after installing the package in privileged mode?</p>
<div class="gmail_extra"><br><div class="gmail_quote">Op 21 aug. 2016 19:11 schreef "jjs - mainphrame" <<a href="mailto:jjs@mainphrame.com">jjs@mainphrame.com</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Running postfix in and of itself did not appear to be problematic, but the maia mailguard antispam system as a whole includes postfix, clamd, spamassassin, maiad, httpd, perl and mysql, not all of which were happy running unprivileged. The factor that pushed me to a privileged container was the inability to install a package which set capabilities. Unfortunately I had a lot to do, and wasn't able to devote a lot of time to the issue; the easy answer was to go to a privileged container. <div><br></div><div>Jake<br><div><br></div><div><br><div><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Aug 21, 2016 at 12:59 AM, Ingo Baab <span dir="ltr"><<a href="mailto:ib@baab.de" target="_blank">ib@baab.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>What were the issues, running a Mailserver as an unpriviledged
LXC?<br>
I do the same.. and it seems to work without problems.. I just
made the Mailports forward to the LXC with iptables..<br>
</p>
<p>Just curriously,<br>
-Ingo<br>
</p><div><div>
<br>
<div>Am 20.08.2016 um 20:52 schrieb jjs -
mainphrame:<br>
</div>
</div></div><blockquote type="cite"><div><div>
<div dir="ltr">Greetings,
<div><br>
</div>
<div>I've given up on the unprivileged container for now. I've
created a new container with the same role, and the same
configuration except that it is privileged. The privileged
version of this container is working more or less as
expected. </div>
<div><br>
</div>
<div>This container isn't doing anything I'd have considered
exotic - it's running postfix, clamd, and maiad (a modern
derivative of amavisd-new).<br>
<br>
This is a data point which may prove useful to those who may
read this at some point down the road.</div>
<div><br>
</div>
<div>Jake</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Aug 18, 2016 at 10:42 AM, jjs -
mainphrame <span dir="ltr"><<a href="mailto:jjs@mainphrame.com" target="_blank">jjs@mainphrame.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Greetings,</div>
<div><br>
</div>
<div>I had decided to build an lxd version of an lxc
server which had been running reliably for some time.
Unfortunately, it doesn't seem to be running quite as
smoothly. is some sort of special permissions hacking
required? <br>
<br>
Here is one example of a problem in the new lxd
container, which was never seen in the lxc container,
namely attempting to install a package:<br>
<br>
Please pardon me if this is a FAQ as I've been primarily
working with openvz of late - point me to TFM if there
is a TFM which would enlighten me on this subject.</div>
<div><br>
</div>
<div><br>
</div>
<div>Dependencies Resolved</div>
<div><br>
</div>
<div>==============================<wbr>==============================<wbr>======================</div>
<div> Package Arch Version
Repository Size</div>
<div>==============================<wbr>==============================<wbr>======================</div>
<div>Installing:</div>
<div> httpd x86_64 2.4.6-40.el7.centos.4
updates 2.7 M</div>
<div><br>
</div>
<div>Transaction Summary</div>
<div>==============================<wbr>==============================<wbr>======================</div>
<div>Install 1 Package</div>
<div><br>
</div>
<div>Total download size: 2.7 M</div>
<div>Installed size: 9.4 M</div>
<div>Is this ok [y/d/N]: y</div>
<div>Downloading packages:</div>
<div>httpd-2.4.6-40.el7.centos.4.x8<wbr>6_64.rpm
| 2.7 MB 00:00:00 </div>
<div>Running transaction check</div>
<div>Running transaction test</div>
<div>Transaction test succeeded</div>
<div>Running transaction</div>
<div> Installing : httpd-2.4.6-40.el7.centos.4.x8<wbr>6_64
1/1 </div>
<div>Error unpacking rpm package
httpd-2.4.6-40.el7.centos.4.x8<wbr>6_64</div>
<div>error: unpacking of archive failed on file
/usr/sbin/suexec: cpio: cap_set_file</div>
<div> Verifying : httpd-2.4.6-40.el7.centos.4.x8<wbr>6_64
1/1 </div>
<div><br>
</div>
<div>Failed:</div>
<div> httpd.x86_64 0:2.4.6-40.el7.centos.4 </div>
<div><br>
</div>
<div>Jake </div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><span><pre>______________________________<wbr>_________________
lxc-users mailing list
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainer<wbr>s.org</a>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.o<wbr>rg/listinfo/lxc-users</a></pre>
</span></blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainer<wbr>s.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.o<wbr>rg/listinfo/lxc-users</a><br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br></blockquote></div></div>