[lxc-users] setcap does not work in unprivileged container
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Feb 25 19:56:33 UTC 2016
Quoting Tamas Papp (tompos at martos.bme.hu):
>
>
> On 02/25/2016 05:51 PM, Serge Hallyn wrote:
> >Quoting Tamas Papp (tompos at martos.bme.hu):
> >>hi All,
> >>
> >>
> >># /sbin/setcap 'cap_net_bind_service=+ep' /usr/bin/nodejs
> >>Failed to set capabilities on file `/usr/bin/nodejs' (Invalid argument)
> >>The value of the capability argument is not permitted for a file. Or
> >>the file is not a regular (non-symlink) file
> >>
> >>
> >>Can we somehow make it work?
> >Hopefully in the next month or two I'll get time to get that
> >working in the kernel. Which means a few more months before
> >it'd be really available.
>
> Can we expect it to be backported to Xenial?
No, but the HWE and such kernels will have it. They are just as well
(really, better) supported so that should be no big deal.
More information about the lxc-users
mailing list