[lxc-users] installation of package fails in container

Fajar A. Nugraha list at fajar.net
Wed Mar 11 10:51:41 UTC 2015 

On Wed, Mar 11, 2015 at 5:39 PM, CDR <venefax at gmail.com> wrote:
> This is a privileged container, so it should have all the rights.

In case you haven't read the generated config from ubuntu templates
(and the included files), they restrict many things with
lxc.cgroup.devices.deny, lxc.aa_profile, and lxc.cap.drop.

privileged (when created using template) simply means "container root
uid is the same as host root uid", not "container root can do
everything that the host root can".

> What exactly comes after the equal sign?
> "lxc.cap.drop = "

Nothing.

It should then cancel-out all previous lxc.cap.drop definition from
included configs (e.g. /usr/share/lxc/config/centos.common.conf)

If you know exactly which cap is needed (I'm guessing setfcap), you
should be able to copy that line and only remove that particular cap.

-- 
Fajar

>
> On Wed, Mar 11, 2015 at 6:13 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>>
>> It says:  cpio: cap_set_file
>>
>> So you might want to try "lxc.cap.drop = " (man lxc.container.conf).
>>
>> Or simply chroot to the container fs from the host (NOT lxc-attach), and
>> repeat your "yum install" command.
>>
>> --
>> Fajar
>>
>> On Sat, Mar 7, 2015 at 2:09 PM, CDR <venefax at gmail.com> wrote:
>>>
>>> is there any workaround?
>>>
>>> On Fri, Mar 6, 2015 at 8:44 PM, Király, István <laking at d250.hu> wrote:
>>>>
>>>> This happens with rpm's. ...
>>>>
>>>> It usually works if you add it to the initial package list, in the
>>>> template.
>>>>
>>>> On Sat, Mar 7, 2015 at 12:26 AM, Bostjan Skufca <bostjan at a2o.si> wrote:
>>>>>
>>>>> What is your host running?
>>>>>
>>>>> b.
>>>>>
>>>>>
>>>>> On 6 March 2015 at 22:25, CDR <venefax at gmail.com> wrote:
>>>>>>
>>>>>> Downloading packages:
>>>>>> mtr-0.85-7.el7.x86_64.rpm
>>>>>> |  71 kB  00:00:00
>>>>>> Running transaction check
>>>>>> Running transaction test
>>>>>> Transaction test succeeded
>>>>>> Running transaction
>>>>>>   Installing : 2:mtr-0.85-7.el7.x86_64
>>>>>> 1/1
>>>>>> Error unpacking rpm package 2:mtr-0.85-7.el7.x86_64
>>>>>> error: unpacking of archive failed on file /usr/sbin/mtr: cpio:
>>>>>> cap_set_file
>>>>>>   Verifying  : 2:mtr-0.85-7.el7.x86_64
>>>>>> 1/1
>>>>>>
>>>>>> Failed:
>>>>>>   mtr.x86_64 2:0.85-7.el7
>>>>>>
>>>>>> This is a privileged Centos 7 container.
>>>>>> What am I missing here?
>>>>>>
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list