On 02/25/2016 11:49 AM, Mark Constable wrote:
On 25/02/16 20:16, Tamas Papp wrote:
# /sbin/setcap 'cap_net_bind_service=+ep' /usr/bin/nodejs
Failed to set capabilities on file `/usr/bin/nodejs' (Invalid argument)
The value of the capability argument is not permitted for a file. Or
the file is not a regular (non-symlink) file
Can we somehow make it work?
The answer seems to be "you can't", sorry.
This is the answer I got to basically the same question a week ago...
On 19/02/16 02:32, Serge Hallyn wrote:
~ /sbin/setcap cap_net_bind_service=+ep /usr/bin/caddy
Failed to set capabilities on file `/usr/bin/caddy' (Invalid
argument)
xenial host with a xenial lxd 2.0.0~beta2 unprivileged container
lxd 2.0.0~beta3 now. Can you spare a moment for a little more detail
please?
Sorry apparently I was not clear. If you are in an unprivileged
container, there is nothing you can do to set file capabilities, apart
from writing the kernel patch (and libcap patch) to make namespaaced
capabilities happen.
However any packages in ubuntu should not break due to not being able
to set file capabilities. I want the namespaced capabilties so we can
stop having fallbacks, but right now if that happens then it is valid
to file a bug against the package which is failing to install.
Too bad, thanks.
tamas
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
