Hi,
So I've migrated my whole system via rsync from f2fs to btrfs on a new
drive, and, after rebooting, all my unpriviledged lxc containers refused
to start.
Example:
lxc-start ... ERRORconf - conf.c:lxc_map_ids:2779 - newuidmap failed
to write mapping "newuidmap: Could not set caps":
On Mon, Jun 08, 2020 at 04:20:07PM +0200, Ede Wolf wrote:
> Hi,
>
> So I've migrated my whole system via rsync from f2fs to btrfs on a new
> drive, and, after rebooting, all my unpriviledged lxc containers refused to
> start.
>
> Example:
>
>
> lxc-start ... ERRORconf - conf.c:lxc_map_ids:2
Thanks! That may be quite a hint! I've used -avlW, but not -X. As I've
never intentionally messed with xattrs, I've completely missed those.
Where would those attributes have been stored? Running a dryrun with
added X does not obviously seem to reveal anything.
Am 08.06.20 um 16:36 schrieb
Note sure what you mean - I think you're asking which files?
/usr/bin/newuidmap and /usr/bin/newgidmap may have been installed
with file caps (although on mine it is just setuid-root)
On Mon, Jun 08, 2020 at 05:14:52PM +0200, Ede Wolf wrote:
> Thanks! That may be quite a hint! I've used -avlW, but
That was it!
# getfattr -d -m '.*' /usr/bin/newuidmap
getfattr: Removing leading '/' from absolute path names
# file: usr/bin/newuidmap
security.capability=0sAQAAAoA=
I have not fully comprehended, what -m '.*' does, but the security
capability was missing on the new drive,
Just for the record - the default is to only return user.*
xattrs, -m gives a different pattern to use, since you
wanted to see a security.*
-serge
On Mon, Jun 08, 2020 at 09:46:07PM +0200, Ede Wolf wrote:
> That was it!
>
>
> # getfattr -d -m '.*' /usr/bin/newuidmap
> getfattr: Removing leadin
