Hi, Okajima San,
I never open the kernel debug. Is there any quick way to
open CONFIG_AUFS_DEBUG?
I am downloading the [1]https://github.com/sfjro/aufs4-linux.git,
but the network is so slow that may take me a long time to finish it.
__________________________________________________________________
Michael Mao
From: [2]J. R. Okajima
Date: 2020-03-21 23:20
To: [3]hom...@163.com
CC: [4]aufs-users
Subject: Re: LXC unpreviliged problem with aufs mounted on nfs
"hom...@163.com":
> I have the AppArmor and Seccomp closed, but still got the
warning.
Ok.
Now define our test command as "chown apt:root ./aaae" and let's step
forward. We already know that chown failed because fchownat(2)
returned
EPERM.
(from your previous log)
fchownat(AT_FDCWD, "./aaae", 104, 0, 0) = -1 EPERM (Operation not
permitted)
Assuming there is no error in VFS and LSM, let's track down aufs.
- enable CONFIG_AUFS_DEBUG
- set a module parameter debug=1 just before chown, and reset to
debug=0
just after chown
# id
# echo 1 >> /sys/module/aufs/parameter/debug
# strace chown apt:root ./aaae
# echo 0 >> /sys/module/aufs/parameter/debug
and show me the strace output and the kernel log.
Just to make sure, you coundn't find any related msg in your LSM logs,
right? And this is unrelated to capability, right?
J. . Okajima
References
1. https://github.com/sfjro/aufs4-linux.git,
2. mailto:hooanon...@gmail.com
3. mailto:hom...@163.com
4. mailto:aufs-users@lists.sourceforge.net
