In docker, "chattr: Operation not permitted while setting flags on file"
This is related to capabilities thing: chattr
requires CAP_LINUX_IMMUTABLE
which is disabled in docker by default. Just add --cap-add LINUX_IMMUTABLE
to docker container start options to enable it.
Here's an example:
user@test:~$ docker run --cap-add LINUX_IMMUTABLE -it bash
bash-5.0# cd home
bash-5.0# touch test
bash-5.0# apk add e2fsprogs-extra
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/6) Installing libuuid (2.33-r0)
(2/6) Installing libblkid (2.33-r0)
(3/6) Installing libcom_err (1.44.5-r0)
(4/6) Installing e2fsprogs-libs (1.44.5-r0)
(5/6) Installing e2fsprogs (1.44.5-r0)
(6/6) Installing e2fsprogs-extra (1.44.5-r0)
Executing busybox-1.29.3-r10.trigger
OK: 15 MiB in 24 packages
bash-5.0# chattr +i test
bash-5.0# echo $?
0
Here you can read more about linux capabilities in docker.
Related videos on Youtube
Benjamin Berman
Updated on September 18, 2022Comments
-
Benjamin Berman almost 2 years
I'm ssh'ed into a local Centos 7 docker container* and I'm trying to run
sudo chattr +i file1
but I'm getting an error:
chattr: Operation not permitted while setting flags on file1
What's going on here? What flags is it talking about? Is there a workaround?
Changing the
+i
to+a
also makes the command fail with that error, but when I change it to+d
the command succeeds. The command also succeeds for me when I'm not ssh'ed into a docker container.*I'm running the Centos 7 docker container in a Ubuntu VirtualBox VM host on top of Windows 10 (I'd like to avoid having to deal with Windows as much as possible). The ultimate goal of all of this is to test some Ansible scripts using these containers.
-
jfs about 4 yearsit produces
chattr: Not a tty while reading flags on test
for me.