[Bug 1084000] [NEW] libcap2: List of capabilities not in sync with the linux kernel
Piotr Nowojski
piotr.nowojski at adocean-global.com
Wed Nov 28 08:38:33 UTC 2012
Public bug reported:
Ubuntu 12.04.1 LTS
libcap2 1:2.22-1ubuntu3
lxc 0.8-rc2
As stated in the summary, list of capabilities is not in sync with the
linux kernel. We have encountered this bug, wile migrating our server
from Debian 6 (with 3.2.18 kernel from backport), to Ubuntu 12.04 LTS
with stock kernel (...). When we tried to run lxc-execute as a non root
user, we got an error:
lxc-execute: failed to cap_get_flag: Invalid argument
lxc-execute: Operation not permitted - failed to clone
lxc-execute: failed to create vethHzECcM-veth5n8dhR : Operation not
permitted
We have only found out what is the problem, thanks to this bug report
for debian (however on our installation debian works just fine):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689035
It seems that problems lay in outdated header "capabilities.h" used to
compile libcap2. We have hot fixed this bug, by replacing in lxc-execute
source code (caps.c file), CAP_LAST_CAP with hardcoded "34" constant:
caps.c: for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
caps.c-
caps.c- cap_flag_value_t flag;
caps.c-
caps.c- ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
caps.c- if (ret) {
caps.c- ERROR("failed to cap_get_flag: %m");
caps.c- goto out;
caps.c- }
But this can not be the permanent solution.
** Affects: libcap2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1084000
Title:
libcap2: List of capabilities not in sync with the linux kernel
Status in “libcap2” package in Ubuntu:
New
Bug description:
Ubuntu 12.04.1 LTS
libcap2 1:2.22-1ubuntu3
lxc 0.8-rc2
As stated in the summary, list of capabilities is not in sync with the
linux kernel. We have encountered this bug, wile migrating our server
from Debian 6 (with 3.2.18 kernel from backport), to Ubuntu 12.04 LTS
with stock kernel (...). When we tried to run lxc-execute as a non
root user, we got an error:
lxc-execute: failed to cap_get_flag: Invalid argument
lxc-execute: Operation not permitted - failed to clone
lxc-execute: failed to create vethHzECcM-veth5n8dhR : Operation
not permitted
We have only found out what is the problem, thanks to this bug report
for debian (however on our installation debian works just fine):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689035
It seems that problems lay in outdated header "capabilities.h" used to
compile libcap2. We have hot fixed this bug, by replacing in lxc-
execute source code (caps.c file), CAP_LAST_CAP with hardcoded "34"
constant:
caps.c: for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
caps.c-
caps.c- cap_flag_value_t flag;
caps.c-
caps.c- ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
caps.c- if (ret) {
caps.c- ERROR("failed to cap_get_flag: %m");
caps.c- goto out;
caps.c- }
But this can not be the permanent solution.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1084000/+subscriptions
More information about the foundations-bugs
mailing list