On Thu, 08 Aug 2013 22:28:46 +0100, chris.ha...@proporta.com wrote:
Hi,
My Samba 3.6.6 file server isn't setting the security.NTACL extended
attribute. It can set the user.DOSATTRIB without any issue. This
appears to be an LXC container issue, as outside the container I can
set this using the setfattr command without issue, whereas I can't do
this inside.
Despite this not being a Samba issue, I was wondering whether anybody
has any encountered problems like this; and whether anyone could
offer
me their experience or advice?
This can be worked around by allowing CAP_SYS_ADMIN; see the
lxc.cap.drop declarations in your container configuration. Not
necessarily a good idea, though as it appears to decrease the degree of
container isolation from the host system.
I don't believe there's any way to request that Samba use a different
namespace, though. The only other option would be to not use the
filesystem at all.
Does anyone know how NTACLs in XATTR compare to using 'vfs objects =
xattr_tdb' or any other options that I'm unaware of?
Thanks,
Chris Hayes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
