Re: [arch-general] Linux Kernel capabilities
On Fri, Jul 17, 2015 at 1:08 PM, Jens Adam j...@byte.cx wrote: Unfortunately, it doesn't work and needed modules are not loaded from container but only from host. I realized there is no #define CAP_SYS_MODULE in /usr/lib/modules/4.1.2-2-ARCH/build/include/linux/capability.h. Look at /usr/include/linux/capability.h (linux-api-headers) instead. Much better indeed. TY It was moved to include/uapi/linux/capability.h recentlyish. Not really, more like December 2012, with kernel 3.7. As for your actual issue, SYS_CAP_MODULE isn't listed in the valid capabilities for --capability in the systemd-nspawn manpage. Are you perhaps confusing options? Looking at the manpage it doesn't say valid, it's just a list of default capabilities. --byte -- google.com/+arnaudgabourygabx https://plus.google.com/_/notifications/emlink?emr=05814804238976922326emid=CKiv-v6PvboCFcfoQgod6msAAApath=%2F116159236040461325607%2Fop%2Fudt=1383086841306ub=50
[arch-general] Linux Kernel capabilities
I build my own kernel with ABS. To allow my nspawn container to load kernel modules, I must add this to nspawn unit file: --capability=CAP_SYS_MODULE. Unfortunately, it doesn't work and needed modules are not loaded from container but only from host. I realized there is no #define CAP_SYS_MODULE in /usr/lib/modules/4.1.2-2-ARCH/build/include/linux/capability.h. Is this specific to the arch kernel ? Thank you for hints. -- google.com/+arnaudgabourygabx https://plus.google.com/_/notifications/emlink?emr=05814804238976922326emid=CKiv-v6PvboCFcfoQgod6msAAApath=%2F116159236040461325607%2Fop%2Fudt=1383086841306ub=50
Re: [arch-general] Linux Kernel capabilities
On Fri, 17 Jul 2015 12:20:39 +0200 arnaud gaboury arnaud.gabo...@gmail.com wrote: I build my own kernel with ABS. To allow my nspawn container to load kernel modules, I must add this to nspawn unit file: --capability=CAP_SYS_MODULE. Unfortunately, it doesn't work and needed modules are not loaded from container but only from host. I realized there is no #define CAP_SYS_MODULE in /usr/lib/modules/4.1.2-2-ARCH/build/include/linux/capability.h. Is this specific to the arch kernel ? Thank you for hints. It was moved to include/uapi/linux/capability.h recentlyish. As for your actual issue, SYS_CAP_MODULE isn't listed in the valid capabilities for --capability in the systemd-nspawn manpage. Are you perhaps confusing options? Regards, ~Celti pgpvSTOgRO2gB.pgp Description: OpenPGP digital signature
Re: [arch-general] Linux Kernel capabilities
Not at all, but you are right, it is not mentioned in systemd-nspawn man. But according to Mr Systemd, it is a valid option. On Fri, Jul 17, 2015, 12:42 PM Patrick Burroughs (Celti) ce...@celti.name wrote: On Fri, 17 Jul 2015 12:20:39 +0200 arnaud gaboury arnaud.gabo...@gmail.com wrote: I build my own kernel with ABS. To allow my nspawn container to load kernel modules, I must add this to nspawn unit file: --capability=CAP_SYS_MODULE. Unfortunately, it doesn't work and needed modules are not loaded from container but only from host. I realized there is no #define CAP_SYS_MODULE in /usr/lib/modules/4.1.2-2-ARCH/build/include/linux/capability.h. Is this specific to the arch kernel ? Thank you for hints. It was moved to include/uapi/linux/capability.h recentlyish. As for your actual issue, SYS_CAP_MODULE isn't listed in the valid capabilities for --capability in the systemd-nspawn manpage. Are you perhaps confusing options? Regards, ~Celti
Re: [arch-general] Linux Kernel capabilities
On Fri, Jul 17, 2015, 12:42 PM Patrick Burroughs (Celti) ce...@celti.name wrote: On Fri, 17 Jul 2015 12:20:39 +0200 arnaud gaboury arnaud.gabo...@gmail.com wrote: I build my own kernel with ABS. To allow my nspawn container to load kernel modules, I must add this to nspawn unit file: --capability=CAP_SYS_MODULE. Unfortunately, it doesn't work and needed modules are not loaded from container but only from host. I realized there is no #define CAP_SYS_MODULE in /usr/lib/modules/4.1.2-2-ARCH/build/include/linux/capability.h. Is this specific to the arch kernel ? Thank you for hints. It was moved to include/uapi/linux/capability.h recentlyish The fact it has been moved could well explain why it doesn't work for my container ? As for your actual issue, SYS_CAP_MODULE isn't listed in the valid capabilities for --capability in the systemd-nspawn manpage. Are you perhaps confusing options? Regards, ~Celti
Re: [arch-general] Linux Kernel capabilities
Unfortunately, it doesn't work and needed modules are not loaded from container but only from host. I realized there is no #define CAP_SYS_MODULE in /usr/lib/modules/4.1.2-2-ARCH/build/include/linux/capability.h. Look at /usr/include/linux/capability.h (linux-api-headers) instead. It was moved to include/uapi/linux/capability.h recentlyish. Not really, more like December 2012, with kernel 3.7. As for your actual issue, SYS_CAP_MODULE isn't listed in the valid capabilities for --capability in the systemd-nspawn manpage. Are you perhaps confusing options? Looking at the manpage it doesn't say valid, it's just a list of default capabilities. --byte pgpUYk3ktlip7.pgp Description: Digitale Signatur von OpenPGP
