[lxc-users] 'cap_sys_admin' in ephemeral container doesn't allow 'mount'?

Jason Harley jharley at redmind.ca
Mon Jul 21 22:41:03 UTC 2014


Hi list,

I’m new to LXC and have been spending a lot of time putting it through its paces over the last week or so.  I have just discovered that the ‘sys_admin’ capability isn’t allowing mounts to work for ephemeral instances on Ubuntu 14.04 (kernel 3.13.0-32-generic, LXC 1.0.4-0ubuntu0.1).  If I start the same ‘origin’ container on its own, I’m able to mount the same block device without issue, but if an ephemeral copy is made of that image ‘mount’ fails with ‘invalid block device’ (yet, I can format said block device ;)).  'capsh —print’ looks the same when the container is ephemeral or not, so I believe the container is getting setup properly but something is falling through the cracks.

Adding ‘lxc.mount.entry’ lines to the configuration file is not really an option for my use case (the software detects where to mount the block device, and I’d rather let it do what it is good at).  This seems like a bug to me, unless I’ve overlooked something?

My configuration file for the origin container is here: http://pastebin.com/iyZNFsYf  I’m attempting to mount ‘/dev/sdb1’ — an XFS filesystem.

I’m happy to provide any additional information to help resolve this.

Thank you,
./JRH


More information about the lxc-users mailing list