[Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Ola Lundqvist ola at inguza.com
Thu Jan 29 11:27:58 EST 2009 

This was already corrected in

vzctl (3.0.22-9) unstable; urgency=low

  * Correction of capability problem on some platforms. Closes: #482974.

 -- Ola Lundqvist <opal at debian.org>  Sat,  7 Jun 2008 19:26:21 +0200

Do you have any other idéa?

// Ola

On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
> Hi Kir
> 
> I will backport this fix. I thought I already did that. Thanks!
> 
> // Ola
> 
> Quoting Kir Kolyshkin <kir at openvz.org>:
> 
> >This is caused by newer kernel headers (in this case on a build system
> >that was used to build this vzctl package), and is fixed in
> >vzctl-3.0.23. See the following git commit:
> >
> >http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
> >
> >So the solution is either to upgrade to vzctl-3.0.23 or to backport
> >this simple fix.
> >
> >Ola Lundqvist wrote:
> >>Hi Daniel
> >>
> >>This is interesting as it works very well on my systems. On other hand 
> >>that
> >>system is a 686 based one.
> >>
> >>You write that you have not significantly changed your system, but at the
> >>same time you write that you are not sure that it has ever worked with the
> >>2.6.26 kernel.
> >>
> >>Can you please elaborate when it worked last time, and what you have done
> >>since then?
> >>
> >>Which version of the linux kernel are you running for example?
> >>If you switch to the 2.6.24 kernel do it work then?
> >>
> >>Best regards,
> >>
> >>// Ola
> >>
> >>On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
> >>
> >>>Package: vzctl
> >>>Version: 3.0.22-14
> >>>Severity: grave
> >>>Justification: renders package unusable
> >>>
> >>>When trying to start a VE I get the following output:
> >>>
> >>>] sudo vzctl start sd-dev
> >>>Starting VE ...
> >>>VE is mounted
> >>>Unable to set capability: Operation not permitted
> >>>Unable to set capability
> >>>VE start failed
> >>>VE is unmounted
> >>>
> >>>When I strace the system I see the following call to set capabilities:
> >>>
> >>>[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
> >>>[pid 14390] exit_group(0)               = ?
> >>>Process 14390 detached
> >>>[pid 14391] capset(0x20071026, 0,   
> >>>{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not   
> >>>permitted)
> >>>
> >>>
> >>>This fails to start the VE, reporting that the capset operation failed.
> >>>None of my configuration has been modified significantly, and certainly 
> >>>not
> >>>to change the capability set of the VE or anything like that.
> >>>
> >>>This same configuration worked on a 2.6.24 VZ kernel, but I am not  
> >>> sure it ever
> >>>worked on the 2.6.26 kernel.
> >>>
> >>>-- System Information:
> >>>Debian Release: 5.0
> >>> APT prefers unstable
> >>> APT policy: (500, 'unstable'), (1, 'experimental')
> >>>Architecture: amd64 (x86_64)
> >>>
> >>>Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
> >>>Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> >>>Shell: /bin/sh linked to /bin/dash
> >>>
> >>>Versions of packages vzctl depends on:
> >>>ii  iproute                       20080725-2 networking and   
> >>>traffic control too
> >>>ii  libc6                         2.7-18     GNU C Library: Shared  
> >>> libraries
> >>>ii  vzquota                       3.0.11-1   server virtualization  
> >>> solution - q
> >>>
> >>>Versions of packages vzctl recommends:
> >>>ii  rsync                         3.0.5-1    fast remote file copy  
> >>> program (lik
> >>>
> >>>Versions of packages vzctl suggests:
> >>>pn  linux-patch-openvz            <none>     (no description available)
> >>>
> >>>-- no debconf information
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> 
> 
> 
> -- 
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola at inguza.com                    Annebergsslingan 37        \
> |  opal at debian.org                   654 65 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------
> 
> 

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

More information about the Debian mailing list