My physical machine runs Debian Jessie, and it has several LXC containers (mostly Debian and Ubuntu). Now I needed to test some software under CentOS, and I bumped into the following error when installing Apache HTTP server:
Downloading packages: httpd-2.4.6-45.el7.centos.4.x86_64.rpm | 2.7 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : httpd-2.4.6-45.el7.centos.4.x86_64 1/1 Error unpacking rpm package httpd-2.4.6-45.el7.centos.4.x86_64 error: unpacking of archive failed on file /usr/sbin/suexec;590112cd: cpio: cap_set_file Verifying : httpd-2.4.6-45.el7.centos.4.x86_64 1/1 Failed: httpd.x86_64 0:2.4.6-45.el7.centos.4
The thing is, that by default “/usr/share/lxc/config/centos.common.conf” defines the following capability drops:
lxc.cap.drop = mac_admin mac_override setfcap setpcap lxc.cap.drop = sys_module sys_nice sys_pacct lxc.cap.drop = sys_rawio sys_time
So, setfcap capability is required in order to install Apache. Use the following lines in your “/var/lib/lxc/NAME/config” to drop previously defined drops and set up a new list:
# flush all defined drops and define a new list lxc.cap.drop = lxc.cap.drop = mac_admin mac_override setpcap lxc.cap.drop = sys_module sys_nice sys_pacct lxc.cap.drop = sys_rawio sys_time
then restart the container, and “yum install httpd” should run as expected.