[lxc-users] setcap capabilities
Mark Constable
markc at renta.net
Fri Feb 19 02:12:00 UTC 2016
On 19/02/16 11:39, Serge Hallyn wrote:
>>>> echo 0 > /proc/sys/fs/protected_hardlinks
>>
>> Thanks for the response Serge but this "problem" all but makes unpriv
>> containers (xenial at least) unusable. Todays example...
>>
>> Unpacking systemd (229-1ubuntu2) over (228-5ubuntu3) ...
>> dpkg: error processing archive /var/cache/apt/archives/systemd_229-1ubuntu2_amd64.deb (--unpack):
>> unable to make backup link of './bin/systemctl' before installing new version: Operation not permitted
>
> Are you using overlayfs clones? Or using a readonly mount of the
> host's / ?
No, nothing other than a stock standard launch on a btrfs host.
> Otherwise this shouldn't be happening. I can hardlink
> /bin/systemctl just fine as root in an unprivileged container.
Thanks for the clarification.
I'm using an old container that I have been upgrading for almost a year
now so goodness knows what state it really is in. I'll launch another
one from scratch and see if that fixes this issue without turning off
/proc/sys/fs/protected_hardlinks.
More information about the lxc-users
mailing list