Capabilities in unprivileged container

Hello all,

I want to use CAP_SYS_TTY_CONFIG capability in unprivileged container.

I tried adding lxc.cap.keep=sys_tty_config in unprivileged container config, but it didn’t work.

Are capabilities dropping and keeping using lxc.cap.drop and lxc.cap.keep only work for privileged containers? because normal user which starts unprivileged container anyway doesn’t have all capabilities.

Are there any other ways to solve this problem?


Adding more details.

kernel version: 4.14.75

lxc version: 3.2.1

also, i have created unprivileged container as root user and lxc-start shows below in log:
lxc-start test 20200710010326.923 DEBUG conf - conf.c:dropcaps_except:2553 - Keep capability sys_tty_config (26)

but still it seems that container didn’t get this capability.