Azure ACI linux capabilities

Carl Bourne 0 Reputation points
2024-05-02T08:09:30.7866667+00:00

Hi, I'm having issues running some Linux containers that need some specific capabilities.

I see in the docs there's the --add-capabilities parameter which I've set to use IPC_LOCK

az container create \
    --privileged  \
    --location $ACI_PERS_LOCATION \
    --environment-variables ACCEPT_TERMS=Y \
    --resource-group $ACI_PERS_RESOURCE_GROUP \
    --name firefly \
    --image registry.venafi.cloud/public/venafi-images/firefly:latest \
    --dns-name-label aci-demo$RANDOM \
    --ports 8281 \
    --azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
    --azure-file-volume-account-key $STORAGE_KEY \
    --azure-file-volume-share-name $ACI_PERS_SHARE_NAME \
    --azure-file-volume-mount-path /etc/firefly/ \
    --cpu 2 \
    --memory 8 \
    --add-capabilities IPC_LOCK \
    --command-line "run -c /etc/firefly/config.yaml"

However upon startup my container is killed with the following output.

standard_init_linux.go:228: exec user process caused: operation not permitted

Please can you confirm exactly what linux capabilities ACI supports as this not seem to be documented anywhere.

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
649 questions
{count} votes