[Debian] Re: Bug#513310: vzctl fails to set capabilities, and
subsequently fails to start any VE
Kir Kolyshkin
kir at openvz.org
Thu Jan 29 11:57:54 EST 2009
I'm not really sure but maybe this one can help:
http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
Daniel, can you try it out?
If that does not work I need straces from both working and non-working
versions.
Ola Lundqvist wrote:
> This was already corrected in
>
> vzctl (3.0.22-9) unstable; urgency=low
>
> * Correction of capability problem on some platforms. Closes: #482974.
>
> -- Ola Lundqvist <opal at debian.org> Sat, 7 Jun 2008 19:26:21 +0200
>
> Do you have any other idéa?
>
> // Ola
>
> On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
>
>> Hi Kir
>>
>> I will backport this fix. I thought I already did that. Thanks!
>>
>> // Ola
>>
>> Quoting Kir Kolyshkin <kir at openvz.org>:
>>
>>
>>> This is caused by newer kernel headers (in this case on a build system
>>> that was used to build this vzctl package), and is fixed in
>>> vzctl-3.0.23. See the following git commit:
>>>
>>> http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
>>>
>>> So the solution is either to upgrade to vzctl-3.0.23 or to backport
>>> this simple fix.
>>>
>>> Ola Lundqvist wrote:
>>>
>>>> Hi Daniel
>>>>
>>>> This is interesting as it works very well on my systems. On other hand
>>>> that
>>>> system is a 686 based one.
>>>>
>>>> You write that you have not significantly changed your system, but at the
>>>> same time you write that you are not sure that it has ever worked with the
>>>> 2.6.26 kernel.
>>>>
>>>> Can you please elaborate when it worked last time, and what you have done
>>>> since then?
>>>>
>>>> Which version of the linux kernel are you running for example?
>>>> If you switch to the 2.6.24 kernel do it work then?
>>>>
>>>> Best regards,
>>>>
>>>> // Ola
>>>>
>>>> On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
>>>>
>>>>
>>>>> Package: vzctl
>>>>> Version: 3.0.22-14
>>>>> Severity: grave
>>>>> Justification: renders package unusable
>>>>>
>>>>> When trying to start a VE I get the following output:
>>>>>
>>>>> ] sudo vzctl start sd-dev
>>>>> Starting VE ...
>>>>> VE is mounted
>>>>> Unable to set capability: Operation not permitted
>>>>> Unable to set capability
>>>>> VE start failed
>>>>> VE is unmounted
>>>>>
>>>>> When I strace the system I see the following call to set capabilities:
>>>>>
>>>>> [pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
>>>>> [pid 14390] exit_group(0) = ?
>>>>> Process 14390 detached
>>>>> [pid 14391] capset(0x20071026, 0,
>>>>> {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not
>>>>> permitted)
>>>>>
>>>>>
>>>>> This fails to start the VE, reporting that the capset operation failed.
>>>>> None of my configuration has been modified significantly, and certainly
>>>>> not
>>>>> to change the capability set of the VE or anything like that.
>>>>>
>>>>> This same configuration worked on a 2.6.24 VZ kernel, but I am not
>>>>> sure it ever
>>>>> worked on the 2.6.26 kernel.
>>>>>
>>>>> -- System Information:
>>>>> Debian Release: 5.0
>>>>> APT prefers unstable
>>>>> APT policy: (500, 'unstable'), (1, 'experimental')
>>>>> Architecture: amd64 (x86_64)
>>>>>
>>>>> Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
>>>>> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
>>>>> Shell: /bin/sh linked to /bin/dash
>>>>>
>>>>> Versions of packages vzctl depends on:
>>>>> ii iproute 20080725-2 networking and
>>>>> traffic control too
>>>>> ii libc6 2.7-18 GNU C Library: Shared
>>>>> libraries
>>>>> ii vzquota 3.0.11-1 server virtualization
>>>>> solution - q
>>>>>
>>>>> Versions of packages vzctl recommends:
>>>>> ii rsync 3.0.5-1 fast remote file copy
>>>>> program (lik
>>>>>
>>>>> Versions of packages vzctl suggests:
>>>>> pn linux-patch-openvz <none> (no description available)
>>>>>
>>>>> -- no debconf information
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>
>> --
>> --- Inguza Technology AB --- MSc in Information Technology ----
>> / ola at inguza.com Annebergsslingan 37 \
>> | opal at debian.org 654 65 KARLSTAD |
>> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>> ---------------------------------------------------------------
>>
>>
>>
>
>
More information about the Debian
mailing list