Thanks Fajar! Your notes caused me to recall that I needed: lxc config set container_name security.privileged true and lxc config set container_name security.privileged false when installing apache webserver (httpd) in a centos container.
The same trick will resolve my present dilemma. -Johnson Fajar A. Nugraha wrote: > On Fri, Mar 9, 2018 at 5:09 PM, Michael Johnson > <[email protected]> wrote: >> Hi All! >> >> I have noticed that a container's root user is unable to modify the >> capabilities of a root-owned file in the container. >> >> For example: >> setcap cap_net_raw=ep /bin/ping >> returns: >> Failed to set capabilities on file `ping' (Operation not permitted) > > Probably https://github.com/lxc/lxd/issues/2507#issuecomment-254058349 > >> It is possible to set this capability as root from the host, operating >> on the container's file. >> >> Can someone please explain this behavior? What am I doing wrong? When is >> root in the container not root in the container? >> > > If you use lxd, the default is unprivileged. "fake" root. > >> This is on gentoo. Have I overlooked an obscure kernel config? > > AFAIK some distros could detect whether setcap is possible, and if > not, fallback using suid. > _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
