[Bug 1313550] Re: ping does not work as a normal user on trusty tarball cloud images.

Jason Gerard DeRose jason at system76.com
Thu May 8 06:26:57 UTC 2014 

This also affects the `gnome-keyring` package. The System76 imaging
system (Tribble) uses a tar-based approach similar to the MAAS fast-path
installer, and we've had to add a work-around for /usr/bin/gnome-
keyring-daemon on our desktop images:

$ getcap /usr/bin/gnome-keyring-daemon 
/usr/bin/gnome-keyring-daemon = cap_ipc_lock+ep

I reckon there are other imaging systems out there likewise affected by
this. I strongly feel that the correct fix is to fix tar so its --xattrs
option works as expected. But in the meantime, it might be good to
switch back to using suid on /usr/bin/gnome-keyring-daemon.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1313550

Title:
  ping does not work as a normal user on trusty tarball cloud images.

Status in The curt installer:
  Confirmed
Status in MAAS:
  Confirmed
Status in “curtin” package in Ubuntu:
  Confirmed
Status in “iputils” package in Ubuntu:
  Fix Released
Status in “lxc” package in Ubuntu:
  Confirmed
Status in “maas” package in Ubuntu:
  Confirmed
Status in “tar” package in Ubuntu:
  Fix Released
Status in “lxc” source package in Precise:
  Confirmed
Status in “tar” source package in Precise:
  Confirmed
Status in “curtin” source package in Saucy:
  Confirmed
Status in “lxc” source package in Saucy:
  Confirmed
Status in “maas” source package in Saucy:
  Confirmed
Status in “tar” source package in Saucy:
  Confirmed
Status in “curtin” source package in Trusty:
  Confirmed
Status in “lxc” source package in Trusty:
  Confirmed
Status in “maas” source package in Trusty:
  Confirmed
Status in “tar” source package in Trusty:
  Fix Released

Bug description:
  With trusty, /bin/ping relies on having extended attributes and kernel
  capabilities to gain the cap_net_raw+p capability. This allows
  removing the suid bit.

  However, the tarball cloud images do not preserve the extended
  attributes, and thus /bin/ping does not work on a system derived from
  them.

  Summary of problem per package:
   * lxc: ubuntu cloud template needs to extract
   * download template needs to extract with xattr flags
   * server side download creation tools need xattr flags
   * [unconfirmed] tarball caches need creation and extraction with xattr flags
   * tar: need the '--xattr' and '--acl' flags backported
   * maas: uec2roottgz needs to use xattr/acl flags 
   * curtin: extraction needs to use xattr/acl flags.
   * cloud-image-build: needs to create -root.tar.gz with xattr/acl flags

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1313550/+subscriptions

More information about the foundations-bugs mailing list