Hello everybody,
Running in a problem with an application inside LXC container, which demands following capabilities:
https://github.com/bviefhues/vdr/blob/9ab55b409054d94216f4c0e77fafaf13c4d18531/vdr.c#L128
Error message of target application is: vdr: cap_set_proc failed: Operation not permitted
What I tried so far, setting in either /etc/pve/lxc/node_name.conf or /var/lib/lxc/node_name/config (with matching : or = syntax ofc):
lxc.aa_profile allows to start the container, does not give the capabilities to the guest though.
If I can provide more info, please let me know.
Thanks in advance!
UPDATE: Running the service as root seems to be an acceptable workaround, problem solved
Running in a problem with an application inside LXC container, which demands following capabilities:
- CAP_SYS_TIME
- CAP_SYS_NICE
- CAP_NET_RAW
https://github.com/bviefhues/vdr/blob/9ab55b409054d94216f4c0e77fafaf13c4d18531/vdr.c#L128
Error message of target application is: vdr: cap_set_proc failed: Operation not permitted
What I tried so far, setting in either /etc/pve/lxc/node_name.conf or /var/lib/lxc/node_name/config (with matching : or = syntax ofc):
- lxc.aa_profile = unconfined
- lxc.cap.keep = sys_nice sys_time net
lxc.aa_profile allows to start the container, does not give the capabilities to the guest though.
If I can provide more info, please let me know.
Thanks in advance!
UPDATE: Running the service as root seems to be an acceptable workaround, problem solved
Last edited: