[lxc-users] Unprivileged container woes: unable to install packages
jjs - mainphrame
jjs at mainphrame.com
Sun Aug 21 17:10:49 UTC 2016
Running postfix in and of itself did not appear to be problematic, but the
maia mailguard antispam system as a whole includes postfix, clamd,
spamassassin, maiad, httpd, perl and mysql, not all of which were happy
running unprivileged. The factor that pushed me to a privileged container
was the inability to install a package which set capabilities.
Unfortunately I had a lot to do, and wasn't able to devote a lot of time to
the issue; the easy answer was to go to a privileged container.
Jake
On Sun, Aug 21, 2016 at 12:59 AM, Ingo Baab <ib at baab.de> wrote:
> What were the issues, running a Mailserver as an unpriviledged LXC?
> I do the same.. and it seems to work without problems.. I just made the
> Mailports forward to the LXC with iptables..
>
> Just curriously,
> -Ingo
>
> Am 20.08.2016 um 20:52 schrieb jjs - mainphrame:
>
> Greetings,
>
> I've given up on the unprivileged container for now. I've created a new
> container with the same role, and the same configuration except that it is
> privileged. The privileged version of this container is working more or
> less as expected.
>
> This container isn't doing anything I'd have considered exotic - it's
> running postfix, clamd, and maiad (a modern derivative of amavisd-new).
>
> This is a data point which may prove useful to those who may read this at
> some point down the road.
>
> Jake
>
> On Thu, Aug 18, 2016 at 10:42 AM, jjs - mainphrame <jjs at mainphrame.com>
> wrote:
>
>> Greetings,
>>
>> I had decided to build an lxd version of an lxc server which had been
>> running reliably for some time. Unfortunately, it doesn't seem to be
>> running quite as smoothly. is some sort of special permissions hacking
>> required?
>>
>> Here is one example of a problem in the new lxd container, which was
>> never seen in the lxc container, namely attempting to install a package:
>>
>> Please pardon me if this is a FAQ as I've been primarily working with
>> openvz of late - point me to TFM if there is a TFM which would enlighten me
>> on this subject.
>>
>>
>> Dependencies Resolved
>>
>> ============================================================
>> ======================
>> Package Arch Version Repository
>> Size
>> ============================================================
>> ======================
>> Installing:
>> httpd x86_64 2.4.6-40.el7.centos.4 updates
>> 2.7 M
>>
>> Transaction Summary
>> ============================================================
>> ======================
>> Install 1 Package
>>
>> Total download size: 2.7 M
>> Installed size: 9.4 M
>> Is this ok [y/d/N]: y
>> Downloading packages:
>> httpd-2.4.6-40.el7.centos.4.x86_64.rpm | 2.7 MB
>> 00:00:00
>> Running transaction check
>> Running transaction test
>> Transaction test succeeded
>> Running transaction
>> Installing : httpd-2.4.6-40.el7.centos.4.x86_64
>> 1/1
>> Error unpacking rpm package httpd-2.4.6-40.el7.centos.4.x86_64
>> error: unpacking of archive failed on file /usr/sbin/suexec: cpio:
>> cap_set_file
>> Verifying : httpd-2.4.6-40.el7.centos.4.x86_64
>> 1/1
>>
>> Failed:
>> httpd.x86_64 0:2.4.6-40.el7.centos.4
>>
>> Jake
>>
>
>
>
> _______________________________________________
> lxc-users mailing listlxc-users at lists.linuxcontainers.orghttp://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160821/8d25a579/attachment.html>
More information about the lxc-users
mailing list