[Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Ola Lundqvist ola at inguza.com
Thu Jan 29 11:26:42 EST 2009 

Hi Kir and Daniel

When I started to backport this fix, I realized that this fix was
already backported to the version running.

This means that we have some other problem that has been fixed in the
3.0.23 version available in experimental.

Best regards,

// Ola

On Thu, Jan 29, 2009 at 10:01:43AM +0300, Kir Kolyshkin wrote:
> This is caused by newer kernel headers (in this case on a build system 
> that was used to build this vzctl package), and is fixed in 
> vzctl-3.0.23. See the following git commit:
> 
> http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
> 
> So the solution is either to upgrade to vzctl-3.0.23 or to backport this 
> simple fix.
> 
> Ola Lundqvist wrote:
> >Hi Daniel
> >
> >This is interesting as it works very well on my systems. On other hand that
> >system is a 686 based one.
> >
> >You write that you have not significantly changed your system, but at the
> >same time you write that you are not sure that it has ever worked with the
> >2.6.26 kernel.
> >
> >Can you please elaborate when it worked last time, and what you have done
> >since then?
> >
> >Which version of the linux kernel are you running for example?
> >If you switch to the 2.6.24 kernel do it work then?
> >
> >Best regards,
> >
> >// Ola
> >
> >On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
> >  
> >>Package: vzctl
> >>Version: 3.0.22-14
> >>Severity: grave
> >>Justification: renders package unusable
> >>
> >>When trying to start a VE I get the following output:
> >>
> >>] sudo vzctl start sd-dev
> >>Starting VE ...
> >>VE is mounted
> >>Unable to set capability: Operation not permitted
> >>Unable to set capability
> >>VE start failed
> >>VE is unmounted
> >>
> >>When I strace the system I see the following call to set capabilities:
> >>
> >>[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
> >>[pid 14390] exit_group(0)               = ?
> >>Process 14390 detached
> >>[pid 14391] capset(0x20071026, 0, 
> >>{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not permitted)
> >>
> >>
> >>This fails to start the VE, reporting that the capset operation failed.
> >>None of my configuration has been modified significantly, and certainly 
> >>not
> >>to change the capability set of the VE or anything like that.
> >>
> >>This same configuration worked on a 2.6.24 VZ kernel, but I am not sure 
> >>it ever
> >>worked on the 2.6.26 kernel.
> >>
> >>-- System Information:
> >>Debian Release: 5.0
> >>  APT prefers unstable
> >>  APT policy: (500, 'unstable'), (1, 'experimental')
> >>Architecture: amd64 (x86_64)
> >>
> >>Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
> >>Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> >>Shell: /bin/sh linked to /bin/dash
> >>
> >>Versions of packages vzctl depends on:
> >>ii  iproute                       20080725-2 networking and traffic 
> >>control too
> >>ii  libc6                         2.7-18     GNU C Library: Shared 
> >>libraries
> >>ii  vzquota                       3.0.11-1   server virtualization 
> >>solution - q
> >>
> >>Versions of packages vzctl recommends:
> >>ii  rsync                         3.0.5-1    fast remote file copy 
> >>program (lik
> >>
> >>Versions of packages vzctl suggests:
> >>pn  linux-patch-openvz            <none>     (no description available)
> >>
> >>-- no debconf information
> >>
> >>
> >>
> >>    
> >
> >  
> 
> 
> 

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

More information about the Debian mailing list