[lxc-users] Unprivileged container woes: unable to install packages

Fajar A. Nugraha list at fajar.net
Mon Aug 22 08:00:00 UTC 2016


On Mon, Aug 22, 2016 at 1:47 AM, Janjaap Bos <janjaapbos at gmail.com> wrote:

> If installing the package in unprivileged mode was the problem, could you
> then run the image unprivileged after installing the package in privileged
> mode?
>
>

Yup, that should be one way to workaround that issue. Switching between
priv <-> unpriv is easy enough in lxd: lxc stop, lxc config edit, lxc start.

Another workaround would be to switch to oracle 7 container (lxc launch
images:oracle/7/amd64 o7). just tested, http-2.4.6-40.0.1.el7_2.4 installs
fine in the default unpriv container. Not sure why.

Probably because the image contains lxc-patch plugin for yum, or because
oracle has rebuild their httpd rpm to disable filecap?

-- 
Fajar



> Op 21 aug. 2016 19:11 schreef "jjs - mainphrame" <jjs at mainphrame.com>:
>
> Running postfix in and of itself did not appear to be problematic, but the
>> maia mailguard antispam system as a whole includes postfix, clamd,
>> spamassassin, maiad, httpd, perl and mysql, not all of which were happy
>> running unprivileged. The factor that pushed me to a privileged container
>> was the inability to install a package which set capabilities.
>> Unfortunately I had a lot to do, and wasn't able to devote a lot of time to
>> the issue; the easy answer was to go to a privileged container.
>>
>> Jake
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160822/36470fb4/attachment.html>


More information about the lxc-users mailing list