[lxc-users] Unprivileged container woes: unable to install packages

Janjaap Bos janjaapbos at gmail.com
Sun Aug 21 18:47:37 UTC 2016 

If installing the package in unprivileged mode was the problem, could you
then run the image unprivileged after installing the package in privileged
mode?

Op 21 aug. 2016 19:11 schreef "jjs - mainphrame" <jjs at mainphrame.com>:

> Running postfix in and of itself did not appear to be problematic, but the
> maia mailguard antispam system as a whole includes postfix, clamd,
> spamassassin, maiad, httpd, perl and mysql, not all of which were happy
> running unprivileged. The factor that pushed me to a privileged container
> was the inability to install a package which set capabilities.
> Unfortunately I had a lot to do, and wasn't able to devote a lot of time to
> the issue; the easy answer was to go to a privileged container.
>
> Jake
>
>
>
>
>
> On Sun, Aug 21, 2016 at 12:59 AM, Ingo Baab <ib at baab.de> wrote:
>
>> What were the issues, running a Mailserver as an unpriviledged LXC?
>> I do the same.. and it seems to work without problems.. I just made the
>> Mailports forward to the LXC with iptables..
>>
>> Just curriously,
>> -Ingo
>>
>> Am 20.08.2016 um 20:52 schrieb jjs - mainphrame:
>>
>> Greetings,
>>
>> I've given up on the unprivileged container for now. I've created a new
>> container with the same role, and the same configuration except that it is
>> privileged. The privileged version of this container is working more or
>> less as expected.
>>
>> This container isn't doing anything I'd have considered exotic - it's
>> running postfix, clamd, and maiad (a modern derivative of amavisd-new).
>>
>> This is a data point which may prove useful to those who may read this at
>> some point down the road.
>>
>> Jake
>>
>> On Thu, Aug 18, 2016 at 10:42 AM, jjs - mainphrame <jjs at mainphrame.com>
>> wrote:
>>
>>> Greetings,
>>>
>>> I had decided to build an lxd version of an lxc server which had been
>>> running reliably for some time. Unfortunately, it doesn't seem to be
>>> running quite as smoothly. is some sort of special permissions hacking
>>> required?
>>>
>>> Here is one example of a problem in the new lxd container, which was
>>> never seen in the lxc container, namely attempting to install a package:
>>>
>>> Please pardon me if this is a FAQ as I've been primarily working with
>>> openvz of late - point me to TFM if there is a TFM which would enlighten me
>>> on this subject.
>>>
>>>
>>> Dependencies Resolved
>>>
>>> ============================================================
>>> ======================
>>>  Package       Arch           Version                       Repository
>>>     Size
>>> ============================================================
>>> ======================
>>> Installing:
>>>  httpd         x86_64         2.4.6-40.el7.centos.4         updates
>>>     2.7 M
>>>
>>> Transaction Summary
>>> ============================================================
>>> ======================
>>> Install  1 Package
>>>
>>> Total download size: 2.7 M
>>> Installed size: 9.4 M
>>> Is this ok [y/d/N]: y
>>> Downloading packages:
>>> httpd-2.4.6-40.el7.centos.4.x86_64.rpm                     | 2.7 MB
>>>  00:00:00
>>> Running transaction check
>>> Running transaction test
>>> Transaction test succeeded
>>> Running transaction
>>>   Installing : httpd-2.4.6-40.el7.centos.4.x86_64
>>>       1/1
>>> Error unpacking rpm package httpd-2.4.6-40.el7.centos.4.x86_64
>>> error: unpacking of archive failed on file /usr/sbin/suexec: cpio:
>>> cap_set_file
>>>   Verifying  : httpd-2.4.6-40.el7.centos.4.x86_64
>>>       1/1
>>>
>>> Failed:
>>>   httpd.x86_64 0:2.4.6-40.el7.centos.4
>>>
>>> Jake
>>>
>>
>>
>>
>> _______________________________________________
>> lxc-users mailing listlxc-users at lists.linuxcontainers.orghttp://lists.linuxcontainers.org/listinfo/lxc-users
>>
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160821/87d2bd65/attachment.html>

More information about the lxc-users mailing list