[lxc-devel] lxc and CAP_DAC_READ_SEARCH capability for ifs ganesha
Csaba Dobo
dobocsaba at gmail.com
Sat Apr 2 11:58:08 UTC 2016
Hi,
I am new to lxc, but managed to use it on ubuntu 14.
I need help on turning off security staff in a container or find the
problem.
I am trying to use nfs ganesha but the client on the remote host can not
mount the share.
showmonut -e however displays the share.
Here is my problem: open_by_handle_at() is returning EPERM error, from the
manpage: The caller does not have the CAP_DAC_READ_SEARCH capability. Maybe
selinux or other security stuff preventing root to open the file? as far as
I know this container is running in privileged mode according to:
cat /proc/self/uid_map
0 0 4294967295 menas priviledge, right?
I have no idea how to confirm what is the problem and how to change it?
many thanks,
Csaba
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160402/08d19ab5/attachment.html>
More information about the lxc-devel
mailing list