On Fri, Mar 9, 2018 at 5:09 PM, Michael Johnson <john...@cognitech-ut.com> wrote: > Hi All! > > I have noticed that a container's root user is unable to modify the > capabilities of a root-owned file in the container. > > For example: > setcap cap_net_raw=ep /bin/ping > returns: > Failed to set capabilities on file `ping' (Operation not permitted)
Probably https://github.com/lxc/lxd/issues/2507#issuecomment-254058349 > It is possible to set this capability as root from the host, operating > on the container's file. > > Can someone please explain this behavior? What am I doing wrong? When is > root in the container not root in the container? > If you use lxd, the default is unprivileged. "fake" root. > This is on gentoo. Have I overlooked an obscure kernel config? AFAIK some distros could detect whether setcap is possible, and if not, fallback using suid. -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users