Anything in syslog suggesting that seccomp or apparmor may have been involved?
Quoting Matthew Geddes ([email protected]): > Hi, > > I'm running Ubuntu 15.10 on some armhf boxes (odroid XU4s) and I'm having > trouble starting containers. I'm not having the same trouble on my Intel > 15.10 install. Both architectures are using 2.0.0rc9 from the PPA. > > When I attempt to start (lxc start foo) a created container, it fails and > the seemingly-most-relevant log message is: > > .... lxc_conf - conf.c:setup_caps.2058 - Operation not permitted - failed > to remove mac_admin capability > > Poking around a little further, I can see that I'm able to use capsh to > start a shell and drop CAP_MAC_ADMIN when running as root. The lxd process > is running as root too. > > I didn't see a lot of clues in the debug output, so I ran it under strace > and it is indeed failing with EPERM when it calls prctl(PR_CAPBSET_DROP, > 0x21,0,0,0). The man page says that this fails when the caller doesn't have > CAP_SETPCAP, so I tried using setcap on the lxd binary as a test, and > restarted it, but to no avail. > > Any thoughts? > > Thanks in advance. > > Cheers > Matt > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
