[Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Kir Kolyshkin kir at openvz.org
Thu Jan 29 11:57:54 EST 2009 

I'm not really sure but maybe this one can help:

http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c

Daniel, can you try it out?

If that does not work I need straces from both working and non-working 
versions.

Ola Lundqvist wrote:
> This was already corrected in
>
> vzctl (3.0.22-9) unstable; urgency=low
>
>   * Correction of capability problem on some platforms. Closes: #482974.
>
>  -- Ola Lundqvist <opal at debian.org>  Sat,  7 Jun 2008 19:26:21 +0200
>
> Do you have any other idéa?
>
> // Ola
>
> On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
>   
>> Hi Kir
>>
>> I will backport this fix. I thought I already did that. Thanks!
>>
>> // Ola
>>
>> Quoting Kir Kolyshkin <kir at openvz.org>:
>>
>>     
>>> This is caused by newer kernel headers (in this case on a build system
>>> that was used to build this vzctl package), and is fixed in
>>> vzctl-3.0.23. See the following git commit:
>>>
>>> http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
>>>
>>> So the solution is either to upgrade to vzctl-3.0.23 or to backport
>>> this simple fix.
>>>
>>> Ola Lundqvist wrote:
>>>       
>>>> Hi Daniel
>>>>
>>>> This is interesting as it works very well on my systems. On other hand 
>>>> that
>>>> system is a 686 based one.
>>>>
>>>> You write that you have not significantly changed your system, but at the
>>>> same time you write that you are not sure that it has ever worked with the
>>>> 2.6.26 kernel.
>>>>
>>>> Can you please elaborate when it worked last time, and what you have done
>>>> since then?
>>>>
>>>> Which version of the linux kernel are you running for example?
>>>> If you switch to the 2.6.24 kernel do it work then?
>>>>
>>>> Best regards,
>>>>
>>>> // Ola
>>>>
>>>> On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
>>>>
>>>>         
>>>>> Package: vzctl
>>>>> Version: 3.0.22-14
>>>>> Severity: grave
>>>>> Justification: renders package unusable
>>>>>
>>>>> When trying to start a VE I get the following output:
>>>>>
>>>>> ] sudo vzctl start sd-dev
>>>>> Starting VE ...
>>>>> VE is mounted
>>>>> Unable to set capability: Operation not permitted
>>>>> Unable to set capability
>>>>> VE start failed
>>>>> VE is unmounted
>>>>>
>>>>> When I strace the system I see the following call to set capabilities:
>>>>>
>>>>> [pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
>>>>> [pid 14390] exit_group(0)               = ?
>>>>> Process 14390 detached
>>>>> [pid 14391] capset(0x20071026, 0,   
>>>>> {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not   
>>>>> permitted)
>>>>>
>>>>>
>>>>> This fails to start the VE, reporting that the capset operation failed.
>>>>> None of my configuration has been modified significantly, and certainly 
>>>>> not
>>>>> to change the capability set of the VE or anything like that.
>>>>>
>>>>> This same configuration worked on a 2.6.24 VZ kernel, but I am not  
>>>>> sure it ever
>>>>> worked on the 2.6.26 kernel.
>>>>>
>>>>> -- System Information:
>>>>> Debian Release: 5.0
>>>>> APT prefers unstable
>>>>> APT policy: (500, 'unstable'), (1, 'experimental')
>>>>> Architecture: amd64 (x86_64)
>>>>>
>>>>> Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
>>>>> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
>>>>> Shell: /bin/sh linked to /bin/dash
>>>>>
>>>>> Versions of packages vzctl depends on:
>>>>> ii  iproute                       20080725-2 networking and   
>>>>> traffic control too
>>>>> ii  libc6                         2.7-18     GNU C Library: Shared  
>>>>> libraries
>>>>> ii  vzquota                       3.0.11-1   server virtualization  
>>>>> solution - q
>>>>>
>>>>> Versions of packages vzctl recommends:
>>>>> ii  rsync                         3.0.5-1    fast remote file copy  
>>>>> program (lik
>>>>>
>>>>> Versions of packages vzctl suggests:
>>>>> pn  linux-patch-openvz            <none>     (no description available)
>>>>>
>>>>> -- no debconf information
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>>         
>>
>> -- 
>>  --- Inguza Technology AB --- MSc in Information Technology ----
>> /  ola at inguza.com                    Annebergsslingan 37        \
>> |  opal at debian.org                   654 65 KARLSTAD            |
>> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>  ---------------------------------------------------------------
>>
>>
>>     
>
>

More information about the Debian mailing list