[Bug 1084000] Re: libcap2: List of capabilities not in sync with the linux kernel

Stéphane Graber stgraber at stgraber.org
Fri Jan 18 16:56:55 UTC 2013 

libcap2 builds a binary at build time which is run to extract the list of capabilities and generate an header used for the rest of the build.
I assume that's what's causing the problem here as you'll essentially be getting the list of capabilities that are supported by the kernel on the build machine rather than the capabilities supported by the kernel on the user machine...

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1084000

Title:
  libcap2: List of capabilities not in sync with the linux kernel

Status in “libcap2” package in Ubuntu:
  In Progress
Status in “lxc” package in Ubuntu:
  New

Bug description:
  Ubuntu 12.04.1 LTS
  libcap2 1:2.22-1ubuntu3
  lxc 0.8-rc2

  As stated in the summary, list of capabilities is not in sync with the
  linux kernel. We have encountered this bug, wile migrating our server
  from Debian 6 (with 3.2.18 kernel from backport), to Ubuntu 12.04 LTS
  with stock kernel (...). When we tried to run lxc-execute as a non
  root user, we got an error:

      lxc-execute: failed to cap_get_flag: Invalid argument
      lxc-execute: Operation not permitted - failed to clone

      lxc-execute: failed to create vethHzECcM-veth5n8dhR : Operation
  not permitted

  We have only found out what is the problem, thanks to this bug report
  for debian (however on our installation debian works just fine):

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689035

  It seems that problems lay in outdated header "capabilities.h" used to
  compile libcap2. We have hot fixed this bug, by replacing in lxc-
  execute source code (caps.c file), CAP_LAST_CAP with hardcoded "34"
  constant:

  caps.c:	for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
  caps.c-
  caps.c-		cap_flag_value_t flag;
  caps.c-
  caps.c-		ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
  caps.c-		if (ret) {
  caps.c-			ERROR("failed to cap_get_flag: %m");
  caps.c-			goto out;
  caps.c-		}

  But this can not be the permanent solution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1084000/+subscriptions

More information about the foundations-bugs mailing list