[lxc-users] 'cap_sys_admin' in ephemeral container doesn't allow 'mount'?
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jul 24 16:49:27 UTC 2014
Quoting Jason Harley (jharley at redmind.ca):
> Hi list,
>
> I’m new to LXC and have been spending a lot of time putting it through its paces over the last week or so. I have just discovered that the ‘sys_admin’ capability isn’t allowing mounts to work for ephemeral instances on Ubuntu 14.04 (kernel 3.13.0-32-generic, LXC 1.0.4-0ubuntu0.1). If I start the same ‘origin’ container on its own, I’m able to mount the same block device without issue, but if an ephemeral copy is made of that image ‘mount’ fails with ‘invalid block device’ (yet, I can format said block device ;)). 'capsh —print’ looks the same when the container is ephemeral or not, so I believe the container is getting setup properly but something is falling through the cracks.
Does cat /proc/self/attr/current show the same thing for both?
> Adding ‘lxc.mount.entry’ lines to the configuration file is not really an option for my use case (the software detects where to mount the block device, and I’d rather let it do what it is good at). This seems like a bug to me, unless I’ve overlooked something?
>
> My configuration file for the origin container is here: http://pastebin.com/iyZNFsYf I’m attempting to mount ‘/dev/sdb1’ — an XFS filesystem.
>
> I’m happy to provide any additional information to help resolve this.
>
> Thank you,
> ./JRH
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list