Le vendredi 29 novembre 2019 à 16:14:21+0100, Lukáš Jelínek a écrit : > Thanks very much for this workaround. It works well. > > But I think it is a bug because it prevents Debian 10 in LXC containers > to work out-of-the-box in many cases and requires manual hardcore > intervention (in a file which is not intended to be "cut-and-dry" > modified by administrators).
It's a bug in the sense that with proper patching of the LXC codebase (and maybe also in the kernel?), such issues could be avoided. But it's rather something which belongs to the feature request part of a todolist than the bugs' one. logrotate maintainers made choices to improve security of logrotate execution, and in the current situation there are no solution I could implement in lxc on Buster that would make the default parameters used for logrotate's systemd service to work in a unprivileged container. -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for one's principles than to live up to them.
signature.asc
Description: PGP signature