Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE

[Kir Kolyshkin]

I'm not really sure but maybe this one can help:

http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
Daniel, can you try it out?

If that does not work I need straces from both working and non-working 
versions.

Ola Lundqvist wrote:
This was already corrected in

vzctl (3.0.22-9) unstable; urgency=low

  * Correction of capability problem on some platforms. Closes: #482974.

 -- Ola Lundqvist <o...@debian.org>  Sat,  7 Jun 2008 19:26:21 +0200

Do you have any other idéa?

// Ola

On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
  
Hi Kir

I will backport this fix. I thought I already did that. Thanks!

// Ola

Quoting Kir Kolyshkin <k...@openvz.org>:

    
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:

http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8

So the solution is either to upgrade to vzctl-3.0.23 or to backport
this simple fix.

Ola Lundqvist wrote:
      
Hi Daniel

This is interesting as it works very well on my systems. On other hand 
that
system is a 686 based one.

You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.

Can you please elaborate when it worked last time, and what you have done
since then?

Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?

Best regards,

// Ola

On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:

        
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable

When trying to start a VE I get the following output:

] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted

When I strace the system I see the following call to set capabilities:

[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0)               = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,   
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000}) = -1 EPERM (Operation not   
permitted)


This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly 
not
to change the capability set of the VE or anything like that.

This same configuration worked on a 2.6.24 VZ kernel, but I am not  
sure it ever
worked on the 2.6.26 kernel.

-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vzctl depends on:
ii  iproute                       20080725-2 networking and   
traffic control too
ii  libc6                         2.7-18     GNU C Library: Shared  
libraries
ii  vzquota                       3.0.11-1   server virtualization  
solution - q

Versions of packages vzctl recommends:
ii  rsync                         3.0.5-1    fast remote file copy  
program (lik

Versions of packages vzctl suggests:
pn  linux-patch-openvz            <none>     (no description available)

-- no debconf information




          
        

--
 --- Inguza Technology AB --- MSc in Information Technology ----
/  o...@inguza.com                    Annebergsslingan 37        \
|  o...@debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------


    

  





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org