[Debian] Re: Bug#513310: vzctl fails to set capabilities,
and subsequently fails to start any VE
Ola Lundqvist
ola at inguza.com
Thu Jan 29 12:12:40 EST 2009
Hi Daniel
If you could try this fix out it would be really great.
A built package for amd64 is available at:
http://apt.inguza.org/vzctl/
// Ola
On Thu, Jan 29, 2009 at 07:57:54PM +0300, Kir Kolyshkin wrote:
> I'm not really sure but maybe this one can help:
>
> http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
>
> Daniel, can you try it out?
>
> If that does not work I need straces from both working and non-working
> versions.
>
> Ola Lundqvist wrote:
> >This was already corrected in
> >
> >vzctl (3.0.22-9) unstable; urgency=low
> >
> > * Correction of capability problem on some platforms. Closes: #482974.
> >
> > -- Ola Lundqvist <opal at debian.org> Sat, 7 Jun 2008 19:26:21 +0200
> >
> >Do you have any other idéa?
> >
> >// Ola
> >
> >On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
> >
> >>Hi Kir
> >>
> >>I will backport this fix. I thought I already did that. Thanks!
> >>
> >>// Ola
> >>
> >>Quoting Kir Kolyshkin <kir at openvz.org>:
> >>
> >>
> >>>This is caused by newer kernel headers (in this case on a build system
> >>>that was used to build this vzctl package), and is fixed in
> >>>vzctl-3.0.23. See the following git commit:
> >>>
> >>>http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
> >>>
> >>>So the solution is either to upgrade to vzctl-3.0.23 or to backport
> >>>this simple fix.
> >>>
> >>>Ola Lundqvist wrote:
> >>>
> >>>>Hi Daniel
> >>>>
> >>>>This is interesting as it works very well on my systems. On other hand
> >>>>that
> >>>>system is a 686 based one.
> >>>>
> >>>>You write that you have not significantly changed your system, but at
> >>>>the
> >>>>same time you write that you are not sure that it has ever worked with
> >>>>the
> >>>>2.6.26 kernel.
> >>>>
> >>>>Can you please elaborate when it worked last time, and what you have
> >>>>done
> >>>>since then?
> >>>>
> >>>>Which version of the linux kernel are you running for example?
> >>>>If you switch to the 2.6.24 kernel do it work then?
> >>>>
> >>>>Best regards,
> >>>>
> >>>>// Ola
> >>>>
> >>>>On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
> >>>>
> >>>>
> >>>>>Package: vzctl
> >>>>>Version: 3.0.22-14
> >>>>>Severity: grave
> >>>>>Justification: renders package unusable
> >>>>>
> >>>>>When trying to start a VE I get the following output:
> >>>>>
> >>>>>] sudo vzctl start sd-dev
> >>>>>Starting VE ...
> >>>>>VE is mounted
> >>>>>Unable to set capability: Operation not permitted
> >>>>>Unable to set capability
> >>>>>VE start failed
> >>>>>VE is unmounted
> >>>>>
> >>>>>When I strace the system I see the following call to set capabilities:
> >>>>>
> >>>>>[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
> >>>>>[pid 14390] exit_group(0) = ?
> >>>>>Process 14390 detached
> >>>>>[pid 14391] capset(0x20071026, 0,
> >>>>>{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not
> >>>>>permitted)
> >>>>>
> >>>>>
> >>>>>This fails to start the VE, reporting that the capset operation failed.
> >>>>>None of my configuration has been modified significantly, and
> >>>>>certainly not
> >>>>>to change the capability set of the VE or anything like that.
> >>>>>
> >>>>>This same configuration worked on a 2.6.24 VZ kernel, but I am not
> >>>>>sure it ever
> >>>>>worked on the 2.6.26 kernel.
> >>>>>
> >>>>>-- System Information:
> >>>>>Debian Release: 5.0
> >>>>>APT prefers unstable
> >>>>>APT policy: (500, 'unstable'), (1, 'experimental')
> >>>>>Architecture: amd64 (x86_64)
> >>>>>
> >>>>>Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
> >>>>>Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> >>>>>Shell: /bin/sh linked to /bin/dash
> >>>>>
> >>>>>Versions of packages vzctl depends on:
> >>>>>ii iproute 20080725-2 networking and
> >>>>>traffic control too
> >>>>>ii libc6 2.7-18 GNU C Library: Shared
> >>>>>libraries
> >>>>>ii vzquota 3.0.11-1 server virtualization
> >>>>>solution - q
> >>>>>
> >>>>>Versions of packages vzctl recommends:
> >>>>>ii rsync 3.0.5-1 fast remote file copy
> >>>>>program (lik
> >>>>>
> >>>>>Versions of packages vzctl suggests:
> >>>>>pn linux-patch-openvz <none> (no description available)
> >>>>>
> >>>>>-- no debconf information
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>
> >>--
> >> --- Inguza Technology AB --- MSc in Information Technology ----
> >>/ ola at inguza.com Annebergsslingan 37 \
> >>| opal at debian.org 654 65 KARLSTAD |
> >>| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
> >>\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
> >> ---------------------------------------------------------------
> >>
> >>
> >>
> >
> >
>
>
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Annebergsslingan 37 \
| opal at debian.org 654 65 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the Debian
mailing list