[Samba] Container setup?
Marco Gaiarin
gaio at sv.lnf.it
Fri Jul 5 14:28:48 UTC 2019
Mandi! Joachim Lindenberg via samba
In chel di` si favelave...
> > + must be 'privileged' container (no unprivileged ones)
> I have seen containers with and without calling for being privileged, but you never know without trying and testing carefully...
> Googling I found https://github.com/lxc/lxd/issues/3442#issuecomment-312560949 but I am not really clear about the conclusion.
> Does it really have to be privileged?
I've not done extensive tests about that, i'm in a rather ''secure''
environment and so i really don't need the extra separation/paranoia
that unprivileged container have.
But... i've tried to setup a DC with an unprivileged container, and
simply does not work (if i remember well, trouble with ACLs/xATTRs), so
i've simply switched to privileged ones.
Looking at the bug/link, seems to confirm.
Samba in AD mode *need* acl_xattr (is on by default), that need
security.* namespaces, that are available only to root. bingo. ;)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list