Comment 12 for bug 1253669
Revision history for this message
| Serge Hallyn (serge-hallyn) wrote Re: [Bug 1253669] Re: unable to launch lxc application containers when dropping cap_sysadmin | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Oh, now I see. lxc-init calls setup_fs() which fails if it cannot mount
proc. (I had looked for direct calls to mount proc but missed the
setup_fs call) Without cap_sys_admin you cannot mount proc. What's
unclear to me now is why this would have worked for you with older
lxc. This is not something that has recently changed, so it should have
always failed.
I think updating lxc-init to only warn if you could not mount /proc
would be good. Will send a patch upstream for that and see if anyone
can think of a good counter argument.
status: confirmed
importance: medium