[Bug 1253669] Re: unable to launch lxc application containers when dropping cap_sysadmin
Sebastian Wendland
wendland at cg.uni-saarland.de
Fri Nov 22 16:56:45 UTC 2013
Running strace inside lxc-execute (i.e. lxc-execute -n foo -s
lxc.cap.drop=sys_admin -- strace -f -o/root/debug.out /bin/bash) does
not work as strace will immediately crash just like bash, thus producing
no output.
Here is the lxc log for # lxc-execute -n foo -f lxc.conf -o foo -l DEBUG
-- /bin/bash with the lxc config below (again on 3.8 with the daily lxc
build).
------------
lxc.utsname = foo
lxc.cap.drop = sys_admin
lxc.tty = 1
lxc.console=/lxc/foo/console
lxc.rootfs = /lxc/foo/rootfs
lxc.mount.entry = /usr usr none ro,bind 0 0
lxc.mount.entry = /lib lib none ro,bind 0 0
lxc.mount.entry = /lib64 lib64 none ro,bind 0 0
lxc.mount.entry = /bin bin none ro,bind 0 0
lxc.mount.entry = /sbin sbin none ro,bind 0 0
lxc.mount.entry = /lxc/dev/null dev/null none bind 0 0
lxc.mount.entry = /lxc/dev/zero dev/zero none bind 0 0
lxc.mount.entry = /lxc/dev/random dev/random none bind 0 0
lxc.mount.entry = /lxc/dev/urandom dev/urandom none bind 0 0
lxc.mount.entry = tmpfs tmp tmpfs rw,size=100M,noexec,nodev,mode=1777 0 0
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
** Attachment added: "lxc-execute debug output"
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1253669/+attachment/3915084/+files/lxc_debug
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1253669
Title:
unable to launch lxc application containers when dropping cap_sysadmin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1253669/+subscriptions
More information about the Ubuntu-server-bugs
mailing list