Running postfix in and of itself did not appear to be problematic, but the maia mailguard antispam system as a whole includes postfix, clamd, spamassassin, maiad, httpd, perl and mysql, not all of which were happy running unprivileged. The factor that pushed me to a privileged container was the inability to install a package which set capabilities. Unfortunately I had a lot to do, and wasn't able to devote a lot of time to the issue; the easy answer was to go to a privileged container.
Jake On Sun, Aug 21, 2016 at 12:59 AM, Ingo Baab <[email protected]> wrote: > What were the issues, running a Mailserver as an unpriviledged LXC? > I do the same.. and it seems to work without problems.. I just made the > Mailports forward to the LXC with iptables.. > > Just curriously, > -Ingo > > Am 20.08.2016 um 20:52 schrieb jjs - mainphrame: > > Greetings, > > I've given up on the unprivileged container for now. I've created a new > container with the same role, and the same configuration except that it is > privileged. The privileged version of this container is working more or > less as expected. > > This container isn't doing anything I'd have considered exotic - it's > running postfix, clamd, and maiad (a modern derivative of amavisd-new). > > This is a data point which may prove useful to those who may read this at > some point down the road. > > Jake > > On Thu, Aug 18, 2016 at 10:42 AM, jjs - mainphrame <[email protected]> > wrote: > >> Greetings, >> >> I had decided to build an lxd version of an lxc server which had been >> running reliably for some time. Unfortunately, it doesn't seem to be >> running quite as smoothly. is some sort of special permissions hacking >> required? >> >> Here is one example of a problem in the new lxd container, which was >> never seen in the lxc container, namely attempting to install a package: >> >> Please pardon me if this is a FAQ as I've been primarily working with >> openvz of late - point me to TFM if there is a TFM which would enlighten me >> on this subject. >> >> >> Dependencies Resolved >> >> ============================================================ >> ====================== >> Package Arch Version Repository >> Size >> ============================================================ >> ====================== >> Installing: >> httpd x86_64 2.4.6-40.el7.centos.4 updates >> 2.7 M >> >> Transaction Summary >> ============================================================ >> ====================== >> Install 1 Package >> >> Total download size: 2.7 M >> Installed size: 9.4 M >> Is this ok [y/d/N]: y >> Downloading packages: >> httpd-2.4.6-40.el7.centos.4.x86_64.rpm | 2.7 MB >> 00:00:00 >> Running transaction check >> Running transaction test >> Transaction test succeeded >> Running transaction >> Installing : httpd-2.4.6-40.el7.centos.4.x86_64 >> 1/1 >> Error unpacking rpm package httpd-2.4.6-40.el7.centos.4.x86_64 >> error: unpacking of archive failed on file /usr/sbin/suexec: cpio: >> cap_set_file >> Verifying : httpd-2.4.6-40.el7.centos.4.x86_64 >> 1/1 >> >> Failed: >> httpd.x86_64 0:2.4.6-40.el7.centos.4 >> >> Jake >> > > > > _______________________________________________ > lxc-users mailing > [email protected]http://lists.linuxcontainers.org/listinfo/lxc-users > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
