Hi, I am getting nowhere with making ganesha run in lxc. I tried this: lxc.aa_profile = unconfined in the container config plus setcap cap_net_admin,cap_dac_read_search,=ep /usr/bin/ganesha.nfsd inside the container
I am sure ganesha works, I tried outside the container, but do not see how to set security of the container. any ideas? Csaba On Tue, Apr 5, 2016 at 11:49 PM, Malahal Naineni <[email protected]> wrote: > Daniel Gryniewicz [[email protected]] wrote: > > On 04/05/2016 01:34 PM, Malahal Naineni wrote: > > > Csaba Dobo [[email protected]] wrote: > > >> Hi, > > >> as far as I know this container is running in privileged mode > according > > >> to: > > >> cat /proc/self/uid_map > > >> 0 0 4294967295 menas priviledge, right? > > >> but I am sure you are right, but have no idea how to confirm what > is the > > >> problem and how to change it. > > > > > > I am not familiar with containers/namespaces. > > > > > > What does "grep ^Cap /proc/$(pidof ganesha.nfsd)/status" display? Can > > > you decode the caps with capsh? > > > > > > Regards, malahal. > > > > > > > I'm pretty sure that capabilities can appear to be on in a container, > > but still be off outside the container. That's why the container itself > > needs to run in privileged mode. > > Correct, no point in looking at $(pidof ganesha.nfsd). Csaba, ignore my > last suggestion. > > Regards, Malahal. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Nfs-ganesha-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel >
------------------------------------------------------------------------------
_______________________________________________ Nfs-ganesha-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
