Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Daniel Pittman Tue, 27 Jan 2009 18:38:06 -0800

Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable


When trying to start a VE I get the following output:

] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted

When I strace the system I see the following call to set capabilities:

[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0)               = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0, 
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000,
 
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000,
 
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000})
 = -1 EPERM (Operation not permitted)


This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly not
to change the capability set of the VE or anything like that.

This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it ever
worked on the 2.6.26 kernel.

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vzctl depends on:
ii  iproute                       20080725-2 networking and traffic control too
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  vzquota                       3.0.11-1   server virtualization solution - q

Versions of packages vzctl recommends:
ii  rsync                         3.0.5-1    fast remote file copy program (lik

Versions of packages vzctl suggests:
pn  linux-patch-openvz            <none>     (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

Reply via email to