Package: nvtop
Version: 3.2.0-2
Severity: normal
Forwarded: https://bugs.launchpad.net/bugs/2148148
Dear maintainer,
I am forwarding a regression report originally filed against the Ubuntu
sync of nvtop 3.2.0-2, as the issue appears to originate from a Debian
packaging change introduced in this version.
== Problem ==
nvtop 3.2.0-2 fails to execute in rootless containers (Podman, Docker
rootless, etc.) with:
$ nvtop
bash: /usr/bin/nvtop: Operation not permitted
The binary itself is otherwise valid:
* ldd resolves correctly
* manual interpreter invocation works:
$ /lib64/ld-linux-x86-64.so.2 $(which nvtop)
No GPU to monitor.
Versions prior to 3.2.0-2 do not exhibit this behaviour.
== Root Cause ==
Commit e9178727 (
https://salsa.debian.org/nvidia-team/nvtop/-/commit/e9178727c59ec163ca1ddda88df7607c42262398
)
in the nvtop packaging added:
setcap cap_perfmon=ep /usr/bin/nvtop
to debian/nvtop.postinst.
This unconditionally applies CAP_PERFMON to the nvtop executable in order
to enable full Intel i915/Xe memory telemetry. However, binaries carrying
file capabilities cannot be executed inside many rootless container
environments, resulting in EPERM before the application starts.
== Impact ==
nvtop becomes completely unusable in rootless container environments after
upgrading to 3.2.0-2. This is a regression — prior versions (e.g. 3.2.0-1)
did not have this issue.
Because the postinst runs unconditionally on every install/upgrade,
rootless container environments using nvtop from this package will continue
to fail until the capability is manually stripped.
== Workaround ==
Removing the capability restores normal functionality:
sudo setcap -r /usr/bin/nvtop
This allows nvtop to run in rootless containers, though Intel GPU memory
reporting becomes incomplete (i915 reports unallocated size as total; xe
reports 0 KB used).
== Original Report ==
The Launchpad bug report (https://bugs.launchpad.net/bugs/2148148) contains
full diagnostic evidence including ldd output, manual interpreter
invocation,
and apt-cache policy data confirming the behaviour across multiple Ubuntu
versions.
Thank you for your time.
