[Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Ola Lundqvist opal at debian.org
Wed Jan 28 16:36:57 EST 2009


Hi Daniel

This is interesting as it works very well on my systems. On other hand that
system is a 686 based one.

You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.

Can you please elaborate when it worked last time, and what you have done
since then?

Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?

Best regards,

// Ola

On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
> Package: vzctl
> Version: 3.0.22-14
> Severity: grave
> Justification: renders package unusable
> 
> When trying to start a VE I get the following output:
> 
> ] sudo vzctl start sd-dev
> Starting VE ...
> VE is mounted
> Unable to set capability: Operation not permitted
> Unable to set capability
> VE start failed
> VE is unmounted
> 
> When I strace the system I see the following call to set capabilities:
> 
> [pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
> [pid 14390] exit_group(0)               = ?
> Process 14390 detached
> [pid 14391] capset(0x20071026, 0, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not permitted)
> 
> 
> This fails to start the VE, reporting that the capset operation failed.
> None of my configuration has been modified significantly, and certainly not
> to change the capability set of the VE or anything like that.
> 
> This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it ever
> worked on the 2.6.26 kernel.
> 
> -- System Information:
> Debian Release: 5.0
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages vzctl depends on:
> ii  iproute                       20080725-2 networking and traffic control too
> ii  libc6                         2.7-18     GNU C Library: Shared libraries
> ii  vzquota                       3.0.11-1   server virtualization solution - q
> 
> Versions of packages vzctl recommends:
> ii  rsync                         3.0.5-1    fast remote file copy program (lik
> 
> Versions of packages vzctl suggests:
> pn  linux-patch-openvz            <none>     (no description available)
> 
> -- no debconf information
> 
> 
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal at debian.org                     Annebergsslingan 37      \
|  ola at inguza.com                      654 65 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------


More information about the Debian mailing list