[lxc-users] capabilities requirement change with new filesystem?

Serge E. Hallyn serge at hallyn.com
Mon Jun 8 16:13:28 UTC 2020 

Note sure what you mean - I think you're asking which files?
/usr/bin/newuidmap and /usr/bin/newgidmap may have been installed
with file caps (although on mine it is just setuid-root)

On Mon, Jun 08, 2020 at 05:14:52PM +0200, Ede Wolf wrote:
> Thanks! That may be quite a hint! I've used -avlW, but not -X. As I've never
> intentionally messed with xattrs, I've completely missed those.
> 
> Where would those attributes have been stored? Running a dryrun with added X
> does not obviously seem to reveal anything.
> 
> 
> 
> 
> Am 08.06.20 um 16:36 schrieb Serge E. Hallyn:
> > On Mon, Jun 08, 2020 at 04:20:07PM +0200, Ede Wolf wrote:
> > > Hi,
> > > 
> > > So I've migrated my whole system via rsync from f2fs to btrfs on a new
> > > drive, and, after rebooting, all my unpriviledged lxc containers refused to
> > > start.
> > > 
> > > Example:
> > > 
> > > 
> > > lxc-start ... ERROR    conf - conf.c:lxc_map_ids:2779 - newuidmap failed to
> > > write mapping "newuidmap: Could not set caps": newuidmap 2413 0 4000000 1 1
> > > 4000001 65534
> > > lxc-start ... ERROR    start - start.c:lxc_spawn:1690 - Failed to set up id
> > > mapping.
> > > 
> > > 
> > > Granting more rights after some searching in their unit files:
> > > 
> > > 
> > > AmbientCapabilities=CAP_SETGID
> > > AmbientCapabilities=CAP_SETUID
> > > 
> > > 
> > > made them work again. Being curios, I then booted from the old f2fs drive
> > > again and the containers are coming up without above capability additions.
> > > 
> > > Back to btrfs and those are needed.
> > > 
> > > Any idea, what may be going on here?
> > 
> > How did you migrate the fs?  rsync for instance would need -X
> > to preserve xattrs, which is how posix file capabilities are
> > stored.
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> > 
> 
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list