Closed jcberthon closed 6 years ago
Fixed by commit: 2cdf4d6d3afad20e173a9e194371542f9a0377fb
The solution was to create my own start-up script (mostly removing the -user unifi
option for jsvc
as anyway my whole container is running as unifi user).
Since Unifi Controller 5.7 and for the LTS branch for 5.6.36 and newer (the 5.6.31 was still working), the controller fails to start with the following error:
The problem is due to
capabilities
. I will have to remove a security feature I had implemented and which worked since last summer because Unifi messed-up the feature.Actually, back in summer 2017, I implemented several security feature in my Unifi Controller container. First I dropped all capabilities (Linux privilege access feature) and then I created a Unifi user which run the controller instead of root. Unifi has since been implementing these features which broke several times my container. And lastly I'm very annoyed because they do try to dropped a lot of capabilities, but before doing that they increase their capability set. Therefore forcing me to increase mine at the container level. But at the container level I control the set for both their Java application (for which they drop some) but also for the MongoDB database (for which they do not drop any). Therefore I'm not happy that the obvious solution to fix the issue (increasing the capability set) will reduce the overall security of my container. Not cool Unifi!