[lxc-users] Unprivileged container woes: unable to install packages

Serge E. Hallyn serge at hallyn.com
Sat Aug 20 22:22:30 UTC 2016 

unprivileged containers can not set file capabilities (until I or someone
finds time to finish support for that at the kernel level).  At least
in Ubuntu it's considered a packaging error for install to fail if you
cannot set filecaps, as seems to be happening with the httpd rpm below.

Quoting jjs - mainphrame (jjs at mainphrame.com):
> Greetings,
> 
> I've given up on the unprivileged container for now. I've created a new
> container with the same role, and the same configuration except that it is
> privileged. The privileged version of this container is working more or
> less as expected.
> 
> This container isn't doing anything I'd have considered exotic - it's
> running postfix, clamd, and maiad (a modern derivative of amavisd-new).
> 
> This is a data point which may prove useful to those who may read this at
> some point down the road.
> 
> Jake
> 
> On Thu, Aug 18, 2016 at 10:42 AM, jjs - mainphrame <jjs at mainphrame.com>
> wrote:
> 
> > Greetings,
> >
> > I had decided to build an lxd version of an lxc server which had been
> > running reliably for some time. Unfortunately, it doesn't seem to be
> > running quite as smoothly. is some sort of special permissions hacking
> > required?
> >
> > Here is one example of a problem in the new lxd container, which was never
> > seen in the lxc container, namely attempting to install a package:
> >
> > Please pardon me if this is a FAQ as I've been primarily working with
> > openvz of late - point me to TFM if there is a TFM which would enlighten me
> > on this subject.
> >
> >
> > Dependencies Resolved
> >
> > ============================================================
> > ======================
> >  Package       Arch           Version                       Repository
> >   Size
> > ============================================================
> > ======================
> > Installing:
> >  httpd         x86_64         2.4.6-40.el7.centos.4         updates
> >   2.7 M
> >
> > Transaction Summary
> > ============================================================
> > ======================
> > Install  1 Package
> >
> > Total download size: 2.7 M
> > Installed size: 9.4 M
> > Is this ok [y/d/N]: y
> > Downloading packages:
> > httpd-2.4.6-40.el7.centos.4.x86_64.rpm                     | 2.7 MB
> >  00:00:00
> > Running transaction check
> > Running transaction test
> > Transaction test succeeded
> > Running transaction
> >   Installing : httpd-2.4.6-40.el7.centos.4.x86_64
> >     1/1
> > Error unpacking rpm package httpd-2.4.6-40.el7.centos.4.x86_64
> > error: unpacking of archive failed on file /usr/sbin/suexec: cpio:
> > cap_set_file
> >   Verifying  : httpd-2.4.6-40.el7.centos.4.x86_64
> >     1/1
> >
> > Failed:
> >   httpd.x86_64 0:2.4.6-40.el7.centos.4
> >
> > Jake
> >

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list