[Bug 1313550] Re: ping does not work as a normal user on trusty tarball cloud images.

Scott Moser smoser at ubuntu.com
Tue Apr 29 16:48:52 UTC 2014 

trusty tarball daily (20140429) now correctly contains the capability info:
$ wget http://cloud-images.ubuntu.com/trusty/20140429/trusty-server-cloudimg-amd64-root.tar.gz
$ sudo tar --xattrs '--xattrs-include=*' --acls -Szxpf trusty-server-cloudimg-amd64-root.tar.gz bin/ping

$ attr -l bin/ping
Attribute "capability" has a 20 byte value for bin/ping
$ getcap bin/ping
bin/ping = cap_net_raw+p

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1313550

Title:
  ping does not work as a normal user on trusty tarball cloud images.

Status in The curt installer:
  Confirmed
Status in MAAS:
  Confirmed
Status in “curtin” package in Ubuntu:
  Confirmed
Status in “iputils” package in Ubuntu:
  Confirmed
Status in “lxc” package in Ubuntu:
  Confirmed
Status in “maas” package in Ubuntu:
  Confirmed
Status in “tar” package in Ubuntu:
  Fix Released
Status in “lxc” source package in Precise:
  Confirmed
Status in “tar” source package in Precise:
  Confirmed
Status in “curtin” source package in Saucy:
  Confirmed
Status in “lxc” source package in Saucy:
  Confirmed
Status in “maas” source package in Saucy:
  Confirmed
Status in “tar” source package in Saucy:
  Confirmed
Status in “curtin” source package in Trusty:
  Confirmed
Status in “lxc” source package in Trusty:
  Confirmed
Status in “maas” source package in Trusty:
  Confirmed
Status in “tar” source package in Trusty:
  Fix Released

Bug description:
  With trusty, /bin/ping relies on having extended attributes and kernel
  capabilities to gain the cap_net_raw+p capability. This allows
  removing the suid bit.

  However, the tarball cloud images do not preserve the extended
  attributes, and thus /bin/ping does not work on a system derived from
  them.

  Summary of problem per package:
   * lxc: ubuntu cloud template needs to extract
   * download template needs to extract with xattr flags
   * server side download creation tools need xattr flags
   * [unconfirmed] tarball caches need creation and extraction with xattr flags
   * tar: need the '--xattr' and '--acl' flags backported
   * maas: uec2roottgz needs to use xattr/acl flags 
   * curtin: extraction needs to use xattr/acl flags.
   * cloud-image-build: needs to create -root.tar.gz with xattr/acl flags

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1313550/+subscriptions

More information about the foundations-bugs mailing list