[pkg-lxc-devel] Bug#944243: logrotate fails with "Permission denied" on LXC guest
Pierre-Elliott Bécue
peb at debian.org
Tue May 5 13:04:39 BST 2020
Le vendredi 29 novembre 2019 à 16:14:21+0100, Lukáš Jelínek a écrit :
> Thanks very much for this workaround. It works well.
>
> But I think it is a bug because it prevents Debian 10 in LXC containers
> to work out-of-the-box in many cases and requires manual hardcore
> intervention (in a file which is not intended to be "cut-and-dry"
> modified by administrators).
It's a bug in the sense that with proper patching of the LXC codebase
(and maybe also in the kernel?), such issues could be avoided. But it's
rather something which belongs to the feature request part of a todolist
than the bugs' one.
logrotate maintainers made choices to improve security of logrotate
execution, and in the current situation there are no solution I could
implement in lxc on Buster that would make the default parameters used
for logrotate's systemd service to work in a unprivileged container.
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20200505/cb1f8856/attachment.sig>
More information about the Pkg-lxc-devel
mailing list