[lxc-users] Unprivileged container woes: unable to install packages

Mon Aug 22 16:15:04 UTC 2016

Thanks for the tip about Oracle Linux, that's good to know.

Jake

On Mon, Aug 22, 2016 at 1:00 AM, Fajar A. Nugraha <list at fajar.net> wrote:

> On Mon, Aug 22, 2016 at 1:47 AM, Janjaap Bos <janjaapbos at gmail.com> wrote:
>
>> If installing the package in unprivileged mode was the problem, could you
>> then run the image unprivileged after installing the package in privileged
>> mode?
>>
>>
>
> Yup, that should be one way to workaround that issue. Switching between
> priv <-> unpriv is easy enough in lxd: lxc stop, lxc config edit, lxc start.
>
> Another workaround would be to switch to oracle 7 container (lxc launch
> images:oracle/7/amd64 o7). just tested, http-2.4.6-40.0.1.el7_2.4 installs
> fine in the default unpriv container. Not sure why.
>
> Probably because the image contains lxc-patch plugin for yum, or because
> oracle has rebuild their httpd rpm to disable filecap?
>
> --
> Fajar
>
>
>
>> Op 21 aug. 2016 19:11 schreef "jjs - mainphrame" <jjs at mainphrame.com>:
>>
>> Running postfix in and of itself did not appear to be problematic, but
>>> the maia mailguard antispam system as a whole includes postfix, clamd,
>>> spamassassin, maiad, httpd, perl and mysql, not all of which were happy
>>> running unprivileged. The factor that pushed me to a privileged container
>>> was the inability to install a package which set capabilities.
>>> Unfortunately I had a lot to do, and wasn't able to devote a lot of time to
>>> the issue; the easy answer was to go to a privileged container.
>>>
>>> Jake
>>>
>>>
>>>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160822/56c1e896/attachment.html>