Installing the LXD snap from edge channel (for fscaps support), on the current 4.4 kernel:
root@djanet:~# lxc launch ubuntu-daily:cosmic c1
To start your first container, try: lxc launch ubuntu:18.04
Creating c1
Starting c1
root@djanet:~# lxc exec c1 -- setcap cap_net_raw+ep /usr/bin/mtr-packet
Failed to set capabilities on file `/usr/bin/mtr-packet' (Operation not permitted)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
As expected on that kernel, the caps were lost when the container got uid shifted and manually setting the caps from within the container fails.
Installing the LXD snap from edge channel (for fscaps support), on the current 4.4 kernel:
root@djanet:~# lxc launch ubuntu-daily:cosmic c1
To start your first container, try: lxc launch ubuntu:18.04
Creating c1 mtr-packet' (Operation not permitted)
Starting c1
root@djanet:~# lxc exec c1 -- setcap cap_net_raw+ep /usr/bin/mtr-packet
Failed to set capabilities on file `/usr/bin/
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
As expected on that kernel, the caps were lost when the container got uid shifted and manually setting the caps from within the container fails.
After switching to 4.4.0-132:
root@djanet:~# lxc exec c1 -- setcap cap_net_raw+ep /usr/bin/mtr-packet
root@djanet:~# lxc exec c1 -- getcap /usr/bin/mtr-packet
/usr/bin/mtr-packet = cap_net_raw+ep