[lxc-users] Unprivileged container woes: unable to install packages
jjs - mainphrame
jjs at mainphrame.com
Wed Aug 24 23:43:15 UTC 2016
Greetings -
I built an oracle linux version of my unprivileged mailguard container, and
while the package installation problem did not occur with oracle linux, the
maiad daemon (a modern fork of amavisd-new) refuses to run, just as in the
unprivileged centos version of this VW.
I don't have a handle on it; in both flavors of unprivileged container,
everything looks normal on maiad startup, until this final message:
Aug 24 23:05:30 mailguard.mainphrame.net /var/lib/maia/maiad[483]: at the
END handler: invoking DESTROY methods
But creating a privileged version of the same container allows maiad to
start up and run with no problems.
Jake
On Mon, Aug 22, 2016 at 9:15 AM, jjs - mainphrame <jjs at mainphrame.com>
wrote:
> Thanks for the tip about Oracle Linux, that's good to know.
>
> Jake
>
> On Mon, Aug 22, 2016 at 1:00 AM, Fajar A. Nugraha <list at fajar.net> wrote:
>
>> On Mon, Aug 22, 2016 at 1:47 AM, Janjaap Bos <janjaapbos at gmail.com>
>> wrote:
>>
>>> If installing the package in unprivileged mode was the problem, could
>>> you then run the image unprivileged after installing the package in
>>> privileged mode?
>>>
>>>
>>
>> Yup, that should be one way to workaround that issue. Switching between
>> priv <-> unpriv is easy enough in lxd: lxc stop, lxc config edit, lxc start.
>>
>> Another workaround would be to switch to oracle 7 container (lxc launch
>> images:oracle/7/amd64 o7). just tested, http-2.4.6-40.0.1.el7_2.4 installs
>> fine in the default unpriv container. Not sure why.
>>
>> Probably because the image contains lxc-patch plugin for yum, or because
>> oracle has rebuild their httpd rpm to disable filecap?
>>
>> --
>> Fajar
>>
>>
>>
>>> Op 21 aug. 2016 19:11 schreef "jjs - mainphrame" <jjs at mainphrame.com>:
>>>
>>> Running postfix in and of itself did not appear to be problematic, but
>>>> the maia mailguard antispam system as a whole includes postfix, clamd,
>>>> spamassassin, maiad, httpd, perl and mysql, not all of which were happy
>>>> running unprivileged. The factor that pushed me to a privileged container
>>>> was the inability to install a package which set capabilities.
>>>> Unfortunately I had a lot to do, and wasn't able to devote a lot of time to
>>>> the issue; the easy answer was to go to a privileged container.
>>>>
>>>> Jake
>>>>
>>>>
>>>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160824/c88f4066/attachment.html>
More information about the lxc-users
mailing list