11

I'm ssh'ed into a local Centos 7 docker container* and I'm trying to run

sudo chattr +i file1

but I'm getting an error:

chattr: Operation not permitted while setting flags on file1

What's going on here? What flags is it talking about? Is there a workaround?

Changing the +i to +a also makes the command fail with that error, but when I change it to +d the command succeeds. The command also succeeds for me when I'm not ssh'ed into a docker container.

*I'm running the Centos 7 docker container in a Ubuntu VirtualBox VM host on top of Windows 10 (I'd like to avoid having to deal with Windows as much as possible). The ultimate goal of all of this is to test some Ansible scripts using these containers.

Improve this question

1 Answer 1

Reset to default
16

This is related to capabilities thing: chattr requires CAP_LINUX_IMMUTABLE which is disabled in docker by default. Just add --cap-add LINUX_IMMUTABLE to docker container start options to enable it.

Here's an example:

user@test:~$ docker run --cap-add LINUX_IMMUTABLE -it bash
bash-5.0# cd home
bash-5.0# touch test
bash-5.0# apk add e2fsprogs-extra
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/6) Installing libuuid (2.33-r0)
(2/6) Installing libblkid (2.33-r0)
(3/6) Installing libcom_err (1.44.5-r0)
(4/6) Installing e2fsprogs-libs (1.44.5-r0)
(5/6) Installing e2fsprogs (1.44.5-r0)
(6/6) Installing e2fsprogs-extra (1.44.5-r0)
Executing busybox-1.29.3-r10.trigger
OK: 15 MiB in 24 packages
bash-5.0# chattr +i test
bash-5.0# echo $?
0

Here you can read more about linux capabilities in docker.

Improve this answer
1
  • it produces chattr: Not a tty while reading flags on test for me. Commented May 8, 2020 at 7:39

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.