LXC 4.0.10 - Failed to keep capabilities

kim0109 · October 5, 2021, 2:25pm

Hi All,
Please could you help me to resolve issue below ?

I got an error with my container config file :
lxc.cap.drop =
lxc.cap.keep = setgid setuid dac_override sys_admin

Many thanks.

Extract of log file
lxc-start IDS_RULES_DB.CT 20211005115356.774 ERROR conf - conf.c:dropcaps_except:3036 - Unknown capabi
lity setgid
lxc-start IDS_RULES_DB.CT 20211005115356.776 ERROR conf - conf.c:lxc_setup:4193 - Failed to keep capab
ilities
lxc-start IDS_RULES_DB.CT 20211005115356.776 ERROR start - start.c:do_start:1291 - Failed to setup con
tainer “IDS_RULES_DB.CT”
lxc-start IDS_RULES_DB.CT 20211005115356.776 ERROR sync - sync.c:sync_wait:36 - An error occurred in a
nother process (expected sequence number 4)

stgraber · October 5, 2021, 4:20pm

Hmm, what distribution and LXC version is that?

It sounds like you may be using a LXC that wasn’t built with libcap support and so isn’t capable of translating between capability names and ids.

kim0109 · October 6, 2021, 8:57am

Hi,
I installed libcap-dev_2.44-1_amd64.deb, libcap2_2.44-1_amd64.deb and recompiled LXC 4.0.10
That worked.
Thanks for your help.