Azure ACI linux capabilities

Carl Bourne 0

Hi, I'm having issues running some Linux containers that need some specific capabilities.

I see in the docs there's the --add-capabilities parameter which I've set to use IPC_LOCK

az container create \
    --privileged  \
    --location $ACI_PERS_LOCATION \
    --environment-variables ACCEPT_TERMS=Y \
    --resource-group $ACI_PERS_RESOURCE_GROUP \
    --name firefly \
    --image registry.venafi.cloud/public/venafi-images/firefly:latest \
    --dns-name-label aci-demo$RANDOM \
    --ports 8281 \
    --azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
    --azure-file-volume-account-key $STORAGE_KEY \
    --azure-file-volume-share-name $ACI_PERS_SHARE_NAME \
    --azure-file-volume-mount-path /etc/firefly/ \
    --cpu 2 \
    --memory 8 \
    --add-capabilities IPC_LOCK \
    --command-line "run -c /etc/firefly/config.yaml"

However upon startup my container is killed with the following output.

standard_init_linux.go:228: exec user process caused: operation not permitted

Please can you confirm exactly what linux capabilities ACI supports as this not seem to be documented anywhere.

Prrudram-MSFT 26,196 Reputation points

2024-05-03T06:59:21.51+00:00

@Carl Bourne

I am reviewing this internally, in the mean can you follow the suggestions from this post

https://learn.microsoft.com/en-us/answers/questions/1288256/standard-init-linux-go-228-exec-user-process-cause
Andrew McGregor 0 Reputation points

2024-10-11T00:26:45.3033333+00:00
Running:

az container create -g rg-compute --name vault --image hashicorp/vault:latest --cpu 1 --memory 1

Logs from container:

Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK ==> Vault server configuration:

What capabilities does ACI support?

Share via

Azure ACI linux capabilities

Your answer