[Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Ola Lundqvist ola at inguza.com
Thu Jan 29 12:12:40 EST 2009


Hi Daniel

If you could try this fix out it would be really great.
A built package for amd64 is available at:
http://apt.inguza.org/vzctl/

// Ola

On Thu, Jan 29, 2009 at 07:57:54PM +0300, Kir Kolyshkin wrote:
> I'm not really sure but maybe this one can help:
> 
> http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
> 
> Daniel, can you try it out?
> 
> If that does not work I need straces from both working and non-working 
> versions.
> 
> Ola Lundqvist wrote:
> >This was already corrected in
> >
> >vzctl (3.0.22-9) unstable; urgency=low
> >
> >  * Correction of capability problem on some platforms. Closes: #482974.
> >
> > -- Ola Lundqvist <opal at debian.org>  Sat,  7 Jun 2008 19:26:21 +0200
> >
> >Do you have any other idéa?
> >
> >// Ola
> >
> >On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
> >  
> >>Hi Kir
> >>
> >>I will backport this fix. I thought I already did that. Thanks!
> >>
> >>// Ola
> >>
> >>Quoting Kir Kolyshkin <kir at openvz.org>:
> >>
> >>    
> >>>This is caused by newer kernel headers (in this case on a build system
> >>>that was used to build this vzctl package), and is fixed in
> >>>vzctl-3.0.23. See the following git commit:
> >>>
> >>>http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
> >>>
> >>>So the solution is either to upgrade to vzctl-3.0.23 or to backport
> >>>this simple fix.
> >>>
> >>>Ola Lundqvist wrote:
> >>>      
> >>>>Hi Daniel
> >>>>
> >>>>This is interesting as it works very well on my systems. On other hand 
> >>>>that
> >>>>system is a 686 based one.
> >>>>
> >>>>You write that you have not significantly changed your system, but at 
> >>>>the
> >>>>same time you write that you are not sure that it has ever worked with 
> >>>>the
> >>>>2.6.26 kernel.
> >>>>
> >>>>Can you please elaborate when it worked last time, and what you have 
> >>>>done
> >>>>since then?
> >>>>
> >>>>Which version of the linux kernel are you running for example?
> >>>>If you switch to the 2.6.24 kernel do it work then?
> >>>>
> >>>>Best regards,
> >>>>
> >>>>// Ola
> >>>>
> >>>>On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
> >>>>
> >>>>        
> >>>>>Package: vzctl
> >>>>>Version: 3.0.22-14
> >>>>>Severity: grave
> >>>>>Justification: renders package unusable
> >>>>>
> >>>>>When trying to start a VE I get the following output:
> >>>>>
> >>>>>] sudo vzctl start sd-dev
> >>>>>Starting VE ...
> >>>>>VE is mounted
> >>>>>Unable to set capability: Operation not permitted
> >>>>>Unable to set capability
> >>>>>VE start failed
> >>>>>VE is unmounted
> >>>>>
> >>>>>When I strace the system I see the following call to set capabilities:
> >>>>>
> >>>>>[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
> >>>>>[pid 14390] exit_group(0)               = ?
> >>>>>Process 14390 detached
> >>>>>[pid 14391] capset(0x20071026, 0,   
> >>>>>{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not   
> >>>>>permitted)
> >>>>>
> >>>>>
> >>>>>This fails to start the VE, reporting that the capset operation failed.
> >>>>>None of my configuration has been modified significantly, and 
> >>>>>certainly not
> >>>>>to change the capability set of the VE or anything like that.
> >>>>>
> >>>>>This same configuration worked on a 2.6.24 VZ kernel, but I am not  
> >>>>>sure it ever
> >>>>>worked on the 2.6.26 kernel.
> >>>>>
> >>>>>-- System Information:
> >>>>>Debian Release: 5.0
> >>>>>APT prefers unstable
> >>>>>APT policy: (500, 'unstable'), (1, 'experimental')
> >>>>>Architecture: amd64 (x86_64)
> >>>>>
> >>>>>Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
> >>>>>Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> >>>>>Shell: /bin/sh linked to /bin/dash
> >>>>>
> >>>>>Versions of packages vzctl depends on:
> >>>>>ii  iproute                       20080725-2 networking and   
> >>>>>traffic control too
> >>>>>ii  libc6                         2.7-18     GNU C Library: Shared  
> >>>>>libraries
> >>>>>ii  vzquota                       3.0.11-1   server virtualization  
> >>>>>solution - q
> >>>>>
> >>>>>Versions of packages vzctl recommends:
> >>>>>ii  rsync                         3.0.5-1    fast remote file copy  
> >>>>>program (lik
> >>>>>
> >>>>>Versions of packages vzctl suggests:
> >>>>>pn  linux-patch-openvz            <none>     (no description available)
> >>>>>
> >>>>>-- no debconf information
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>          
> >>>>        
> >>
> >>-- 
> >> --- Inguza Technology AB --- MSc in Information Technology ----
> >>/  ola at inguza.com                    Annebergsslingan 37        \
> >>|  opal at debian.org                   654 65 KARLSTAD            |
> >>|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
> >>\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
> >> ---------------------------------------------------------------
> >>
> >>
> >>    
> >
> >  
> 
> 
> 

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------


More information about the Debian mailing list