[Debian] Re: Bug#513310: vzctl fails to set capabilities, and
subsequently fails to start any VE
Kir Kolyshkin
kir at openvz.org
Thu Jan 29 02:01:43 EST 2009
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport this
simple fix.
Ola Lundqvist wrote:
> Hi Daniel
>
> This is interesting as it works very well on my systems. On other hand that
> system is a 686 based one.
>
> You write that you have not significantly changed your system, but at the
> same time you write that you are not sure that it has ever worked with the
> 2.6.26 kernel.
>
> Can you please elaborate when it worked last time, and what you have done
> since then?
>
> Which version of the linux kernel are you running for example?
> If you switch to the 2.6.24 kernel do it work then?
>
> Best regards,
>
> // Ola
>
> On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
>
>> Package: vzctl
>> Version: 3.0.22-14
>> Severity: grave
>> Justification: renders package unusable
>>
>> When trying to start a VE I get the following output:
>>
>> ] sudo vzctl start sd-dev
>> Starting VE ...
>> VE is mounted
>> Unable to set capability: Operation not permitted
>> Unable to set capability
>> VE start failed
>> VE is unmounted
>>
>> When I strace the system I see the following call to set capabilities:
>>
>> [pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
>> [pid 14390] exit_group(0) = ?
>> Process 14390 detached
>> [pid 14391] capset(0x20071026, 0, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not permitted)
>>
>>
>> This fails to start the VE, reporting that the capset operation failed.
>> None of my configuration has been modified significantly, and certainly not
>> to change the capability set of the VE or anything like that.
>>
>> This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it ever
>> worked on the 2.6.26 kernel.
>>
>> -- System Information:
>> Debian Release: 5.0
>> APT prefers unstable
>> APT policy: (500, 'unstable'), (1, 'experimental')
>> Architecture: amd64 (x86_64)
>>
>> Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
>> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
>> Shell: /bin/sh linked to /bin/dash
>>
>> Versions of packages vzctl depends on:
>> ii iproute 20080725-2 networking and traffic control too
>> ii libc6 2.7-18 GNU C Library: Shared libraries
>> ii vzquota 3.0.11-1 server virtualization solution - q
>>
>> Versions of packages vzctl recommends:
>> ii rsync 3.0.5-1 fast remote file copy program (lik
>>
>> Versions of packages vzctl suggests:
>> pn linux-patch-openvz <none> (no description available)
>>
>> -- no debconf information
>>
>>
>>
>>
>
>
More information about the Debian
mailing list