[lxc-users] capabilities requirement change with new filesystem?
Ede Wolf
listac at nebelschwaden.de
Mon Jun 8 15:14:52 UTC 2020
Thanks! That may be quite a hint! I've used -avlW, but not -X. As I've
never intentionally messed with xattrs, I've completely missed those.
Where would those attributes have been stored? Running a dryrun with
added X does not obviously seem to reveal anything.
Am 08.06.20 um 16:36 schrieb Serge E. Hallyn:
> On Mon, Jun 08, 2020 at 04:20:07PM +0200, Ede Wolf wrote:
>> Hi,
>>
>> So I've migrated my whole system via rsync from f2fs to btrfs on a new
>> drive, and, after rebooting, all my unpriviledged lxc containers refused to
>> start.
>>
>> Example:
>>
>>
>> lxc-start ... ERROR conf - conf.c:lxc_map_ids:2779 - newuidmap failed to
>> write mapping "newuidmap: Could not set caps": newuidmap 2413 0 4000000 1 1
>> 4000001 65534
>> lxc-start ... ERROR start - start.c:lxc_spawn:1690 - Failed to set up id
>> mapping.
>>
>>
>> Granting more rights after some searching in their unit files:
>>
>>
>> AmbientCapabilities=CAP_SETGID
>> AmbientCapabilities=CAP_SETUID
>>
>>
>> made them work again. Being curios, I then booted from the old f2fs drive
>> again and the containers are coming up without above capability additions.
>>
>> Back to btrfs and those are needed.
>>
>> Any idea, what may be going on here?
>
> How did you migrate the fs? rsync for instance would need -X
> to preserve xattrs, which is how posix file capabilities are
> stored.
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
More information about the lxc-users
mailing list