[lxc-users] capabilities requirement change with new filesystem?
Serge E. Hallyn
serge at hallyn.com
Mon Jun 8 14:36:56 UTC 2020
On Mon, Jun 08, 2020 at 04:20:07PM +0200, Ede Wolf wrote:
> Hi,
>
> So I've migrated my whole system via rsync from f2fs to btrfs on a new
> drive, and, after rebooting, all my unpriviledged lxc containers refused to
> start.
>
> Example:
>
>
> lxc-start ... ERROR conf - conf.c:lxc_map_ids:2779 - newuidmap failed to
> write mapping "newuidmap: Could not set caps": newuidmap 2413 0 4000000 1 1
> 4000001 65534
> lxc-start ... ERROR start - start.c:lxc_spawn:1690 - Failed to set up id
> mapping.
>
>
> Granting more rights after some searching in their unit files:
>
>
> AmbientCapabilities=CAP_SETGID
> AmbientCapabilities=CAP_SETUID
>
>
> made them work again. Being curios, I then booted from the old f2fs drive
> again and the containers are coming up without above capability additions.
>
> Back to btrfs and those are needed.
>
> Any idea, what may be going on here?
How did you migrate the fs? rsync for instance would need -X
to preserve xattrs, which is how posix file capabilities are
stored.
More information about the lxc-users
mailing list