[lxc-users] LXD on Ubuntu 15.10 armhf

Serge Hallyn serge.hallyn at ubuntu.com
Fri Apr 15 19:37:07 UTC 2016


Anything in syslog suggesting that seccomp or apparmor may have been
involved?

Quoting Matthew Geddes (musicalcarrion at gmail.com):
> Hi,
> 
> I'm running Ubuntu 15.10 on some armhf boxes (odroid XU4s) and I'm having
> trouble starting containers. I'm not having the same trouble on my Intel
> 15.10 install. Both architectures are using 2.0.0rc9 from the PPA.
> 
> When I attempt to start (lxc start foo) a created container, it fails and
> the seemingly-most-relevant log message is:
> 
> .... lxc_conf - conf.c:setup_caps.2058 - Operation not permitted - failed
> to remove mac_admin capability
> 
> Poking around a little further, I can see that I'm able to use capsh to
> start a shell and drop CAP_MAC_ADMIN when running as root. The lxd process
> is running as root too.
> 
> I didn't see a lot of clues in the debug output, so I ran it under strace
> and it is indeed failing with EPERM when it calls prctl(PR_CAPBSET_DROP,
> 0x21,0,0,0). The man page says that this fails when the caller doesn't have
> CAP_SETPCAP, so I tried using setcap on the lxd binary as a test, and
> restarted it, but to no avail.
> 
> Any thoughts?
> 
> Thanks in advance.
> 
> Cheers
> Matt

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users



More information about the lxc-users mailing list