If installing the package in unprivileged mode was the problem, could you then run the image unprivileged after installing the package in privileged mode?
Op 21 aug. 2016 19:11 schreef "jjs - mainphrame" <[email protected]>: > Running postfix in and of itself did not appear to be problematic, but the > maia mailguard antispam system as a whole includes postfix, clamd, > spamassassin, maiad, httpd, perl and mysql, not all of which were happy > running unprivileged. The factor that pushed me to a privileged container > was the inability to install a package which set capabilities. > Unfortunately I had a lot to do, and wasn't able to devote a lot of time to > the issue; the easy answer was to go to a privileged container. > > Jake > > > > > > On Sun, Aug 21, 2016 at 12:59 AM, Ingo Baab <[email protected]> wrote: > >> What were the issues, running a Mailserver as an unpriviledged LXC? >> I do the same.. and it seems to work without problems.. I just made the >> Mailports forward to the LXC with iptables.. >> >> Just curriously, >> -Ingo >> >> Am 20.08.2016 um 20:52 schrieb jjs - mainphrame: >> >> Greetings, >> >> I've given up on the unprivileged container for now. I've created a new >> container with the same role, and the same configuration except that it is >> privileged. The privileged version of this container is working more or >> less as expected. >> >> This container isn't doing anything I'd have considered exotic - it's >> running postfix, clamd, and maiad (a modern derivative of amavisd-new). >> >> This is a data point which may prove useful to those who may read this at >> some point down the road. >> >> Jake >> >> On Thu, Aug 18, 2016 at 10:42 AM, jjs - mainphrame <[email protected]> >> wrote: >> >>> Greetings, >>> >>> I had decided to build an lxd version of an lxc server which had been >>> running reliably for some time. Unfortunately, it doesn't seem to be >>> running quite as smoothly. is some sort of special permissions hacking >>> required? >>> >>> Here is one example of a problem in the new lxd container, which was >>> never seen in the lxc container, namely attempting to install a package: >>> >>> Please pardon me if this is a FAQ as I've been primarily working with >>> openvz of late - point me to TFM if there is a TFM which would enlighten me >>> on this subject. >>> >>> >>> Dependencies Resolved >>> >>> ============================================================ >>> ====================== >>> Package Arch Version Repository >>> Size >>> ============================================================ >>> ====================== >>> Installing: >>> httpd x86_64 2.4.6-40.el7.centos.4 updates >>> 2.7 M >>> >>> Transaction Summary >>> ============================================================ >>> ====================== >>> Install 1 Package >>> >>> Total download size: 2.7 M >>> Installed size: 9.4 M >>> Is this ok [y/d/N]: y >>> Downloading packages: >>> httpd-2.4.6-40.el7.centos.4.x86_64.rpm | 2.7 MB >>> 00:00:00 >>> Running transaction check >>> Running transaction test >>> Transaction test succeeded >>> Running transaction >>> Installing : httpd-2.4.6-40.el7.centos.4.x86_64 >>> 1/1 >>> Error unpacking rpm package httpd-2.4.6-40.el7.centos.4.x86_64 >>> error: unpacking of archive failed on file /usr/sbin/suexec: cpio: >>> cap_set_file >>> Verifying : httpd-2.4.6-40.el7.centos.4.x86_64 >>> 1/1 >>> >>> Failed: >>> httpd.x86_64 0:2.4.6-40.el7.centos.4 >>> >>> Jake >>> >> >> >> >> _______________________________________________ >> lxc-users mailing >> [email protected]http://lists.linuxcontainers.org/listinfo/lxc-users >> >> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users >> > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
