[Users] OVZ 7 beta - capabilities problem in centos 7 container

[Konstantin Khorenko]

Hi J,

thank you for the report, and yes, seems it's bug.
i've filed it, so please track it further in

https://bugs.openvz.org/browse/OVZ-6657

And talking about deprecated "--capability" vzctl option -
this is correct, capabilities should be virtualized, so this option should not be required in Virtuozzo 7.

And your question was - how to troubleshoot it?
The generic way is - to strace the installation, find the syscall which fails,
and check in kernel code what makes it to return an error. :)

Pasha will look into it, track the jira issue.

Thank you again for noticing it!

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 01/14/2016 10:24 PM, jjs - mainphrame wrote:
> Greetings,
>
> I recently attempted to upgrade some packages in an OVZ 7 Centos 7 container.
>
> I did not succeed; here is the relevant snippet:
>
>
> Running transaction test
> Transaction test succeeded
> Running transaction
>   Updating   : iputils-20121221-7.el7.x86_64                                1/4Â
> Error unpacking rpm package iputils-20121221-7.el7.x86_64
> error: unpacking of archive failed on file /usr/bin/ping: cpio: cap_set_file
> error: iputils-20121221-7.el7.x86_64: install failed
>
> Attempts to set the capabilities for the container resulted in this message:
>
> [root at hachi ~]# vzctl set 1111 --capability cap_set_file:on --save
> Warning: The --capability option is deprecated
>
> In any case, the yum operation continues to fail
>
> How might I proceed in troubleshooting this? A peek at the openvz bug tracker seems to indicate this was fixed long ago, but here we are. Any advice welcome
>
> Regards,
>
> J