[Bug 1253669] Re: unable to launch lxc application containers when dropping cap_sysadmin

Serge Hallyn 1253669 at bugs.launchpad.net
Fri Nov 22 21:41:36 UTC 2013


Oh, now I see.  lxc-init calls setup_fs() which fails if it cannot mount
proc.  (I had looked for direct calls to mount proc but missed the
setup_fs call) Without cap_sys_admin you cannot mount proc.  What's
unclear to me now is why this would have worked for you with older
lxc.  This is not something that has recently changed, so it should have
always failed.

I think updating lxc-init to only warn if you could not mount /proc
would be good.  Will send a patch upstream for that and see if anyone
can think of a good counter argument.

 status: confirmed
 importance: medium


** Changed in: lxc (Ubuntu)
   Importance: Undecided => Medium

** Changed in: lxc (Ubuntu)
       Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1253669

Title:
  unable to launch lxc application containers when dropping cap_sysadmin

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1253669/+subscriptions



More information about the Ubuntu-server-bugs mailing list