HI
On Mon, Nov 18, 2013 at 9:49 PM, Matthias Kuhn <matthias.k...@gmx.ch> wrote: > I hope we have some experienced sysadmins here on the list who can bring > light into the dark. > > The situation is > > I try to build rpms for fedora/centos on our shiny new server where we > have docker.io set up, so we can easily create multiple containers for > the different tasks the server will run. So I have created a container > based on centos and installed mock (the tool fedora uses for packaging). > > However, running mock (inside the container) fails: > > ERROR: Namespace unshare failed. > > As far as I can tell, mock needs the "unshare" system call to create a > new mountpoint inside the process, where it can create a virtual build > environment. But calling namespace with CLONE_NEWNS fails with EPERM. > The manpage states: > > EPERM flags specified CLONE_NEWNS but the calling process > was not > privileged (did not have the CAP_SYS_ADMIN capability). > > Trying to change this capability of the binary does not work, although > we are root inside the container, so I guess this kind of capabilities > gets inherited from my non-privileged user on the host itself. I assume > (untested) that the following command would fix this issue: > > sudo lxc-docker run centos/qgis-nightly setcap cap_sys_admin+ep > /usr/sbin/mock > > I would be very happy, if somebody with server administration and > especially capabilities experience could let me know, if this is a safe > thing and the right to do in order to solve this problem, because to me > this is all still black magic. > > Regards > Matthias > I reckon since you are just bringing up your container, building your package and then bringing it down without hosting any public service from the container itself (correct?) , its probably fine. Regards Tim -- Tim Sutton - QGIS Project Steering Committee Member ============================================== Visit http://linfiniti.com to find out about: * QGIS programming services * GeoDjango web development * FOSS Consulting Services Skype: timlinux Irc: timlinux on #qgis at freenode.net ==============================================
_______________________________________________ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer