On Wed, Mar 11, 2015 at 5:39 PM, CDR <[email protected]> wrote: > This is a privileged container, so it should have all the rights.
In case you haven't read the generated config from ubuntu templates (and the included files), they restrict many things with lxc.cgroup.devices.deny, lxc.aa_profile, and lxc.cap.drop. privileged (when created using template) simply means "container root uid is the same as host root uid", not "container root can do everything that the host root can". > What exactly comes after the equal sign? > "lxc.cap.drop = " Nothing. It should then cancel-out all previous lxc.cap.drop definition from included configs (e.g. /usr/share/lxc/config/centos.common.conf) If you know exactly which cap is needed (I'm guessing setfcap), you should be able to copy that line and only remove that particular cap. -- Fajar > > On Wed, Mar 11, 2015 at 6:13 AM, Fajar A. Nugraha <[email protected]> wrote: >> >> It says: cpio: cap_set_file >> >> So you might want to try "lxc.cap.drop = " (man lxc.container.conf). >> >> Or simply chroot to the container fs from the host (NOT lxc-attach), and >> repeat your "yum install" command. >> >> -- >> Fajar >> >> On Sat, Mar 7, 2015 at 2:09 PM, CDR <[email protected]> wrote: >>> >>> is there any workaround? >>> >>> On Fri, Mar 6, 2015 at 8:44 PM, Király, István <[email protected]> wrote: >>>> >>>> This happens with rpm's. ... >>>> >>>> It usually works if you add it to the initial package list, in the >>>> template. >>>> >>>> On Sat, Mar 7, 2015 at 12:26 AM, Bostjan Skufca <[email protected]> wrote: >>>>> >>>>> What is your host running? >>>>> >>>>> b. >>>>> >>>>> >>>>> On 6 March 2015 at 22:25, CDR <[email protected]> wrote: >>>>>> >>>>>> Downloading packages: >>>>>> mtr-0.85-7.el7.x86_64.rpm >>>>>> | 71 kB 00:00:00 >>>>>> Running transaction check >>>>>> Running transaction test >>>>>> Transaction test succeeded >>>>>> Running transaction >>>>>> Installing : 2:mtr-0.85-7.el7.x86_64 >>>>>> 1/1 >>>>>> Error unpacking rpm package 2:mtr-0.85-7.el7.x86_64 >>>>>> error: unpacking of archive failed on file /usr/sbin/mtr: cpio: >>>>>> cap_set_file >>>>>> Verifying : 2:mtr-0.85-7.el7.x86_64 >>>>>> 1/1 >>>>>> >>>>>> Failed: >>>>>> mtr.x86_64 2:0.85-7.el7 >>>>>> >>>>>> This is a privileged Centos 7 container. >>>>>> What am I missing here? >>>>>> >> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
