Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Kir Kolyshkin k...@openvz.org writes: This is caused by newer kernel headers (in this case on a build system that was used to build this vzctl package), and is fixed in vzctl-3.0.23. See the following git commit: vzctl 3.0.23-2 is available in experimental, so I have installed it and tested it on my machine; it addresses the problem and the VE will again start. So the solution is either to upgrade to vzctl-3.0.23 or to backport this simple fix. I can confirm that the newer package version resolves the problem. Ola Lundqvist wrote: Hi Daniel This is interesting as it works very well on my systems. On other hand that system is a 686 based one. You write that you have not significantly changed your system, but at the same time you write that you are not sure that it has ever worked with the 2.6.26 kernel. Sorry, I see I was unclear: I have upgraded to sid, which significantly changed the system, but the OpenVZ configuration remained stable. I thought that the VE had started successfully under 2.6.26 before, but could only confirm from my logs that I had used it under 2.6.24. Sorry for being so unclear, and thankfully Kir has saved me by identifying the problem despite my poor communication. Regards, Daniel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Hi Daniel Thanks a lot for your information. I'll backport the fix today, upload and request unblock to the debian release team. Best regards, // Ola Quoting Daniel Pittman dan...@rimspace.net: Kir Kolyshkin k...@openvz.org writes: This is caused by newer kernel headers (in this case on a build system that was used to build this vzctl package), and is fixed in vzctl-3.0.23. See the following git commit: vzctl 3.0.23-2 is available in experimental, so I have installed it and tested it on my machine; it addresses the problem and the VE will again start. So the solution is either to upgrade to vzctl-3.0.23 or to backport this simple fix. I can confirm that the newer package version resolves the problem. Ola Lundqvist wrote: Hi Daniel This is interesting as it works very well on my systems. On other hand that system is a 686 based one. You write that you have not significantly changed your system, but at the same time you write that you are not sure that it has ever worked with the 2.6.26 kernel. Sorry, I see I was unclear: I have upgraded to sid, which significantly changed the system, but the OpenVZ configuration remained stable. I thought that the VE had started successfully under 2.6.26 before, but could only confirm from my logs that I had used it under 2.6.24. Sorry for being so unclear, and thankfully Kir has saved me by identifying the problem despite my poor communication. Regards, Daniel -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comAnnebergsslingan 37\ | o...@debian.org 654 65 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
This was already corrected in
vzctl (3.0.22-9) unstable; urgency=low
* Correction of capability problem on some platforms. Closes: #482974.
-- Ola Lundqvist o...@debian.org Sat, 7 Jun 2008 19:26:21 +0200
Do you have any other idéa?
// Ola
On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
Hi Kir
I will backport this fix. I thought I already did that. Thanks!
// Ola
Quoting Kir Kolyshkin k...@openvz.org:
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport
this simple fix.
Ola Lundqvist wrote:
Hi Daniel
This is interesting as it works very well on my systems. On other hand
that
system is a 686 based one.
You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800})
= -1 EPERM (Operation not
permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly
not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not
sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and
traffic control too
ii libc6 2.7-18 GNU C Library: Shared
libraries
ii vzquota 3.0.11-1 server virtualization
solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy
program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
--- Inguza Technology AB --- MSc in Information Technology
/ o...@inguza.comAnnebergsslingan 37\
| o...@debian.org 654 65 KARLSTAD|
| http://inguza.com/Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
--- Inguza Technology AB --- MSc in Information Technology
/ o...@inguza.comAnnebergsslingan 37\
| o...@debian.org 654 65 KARLSTAD|
| http://inguza.com/Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Hi Kir and Daniel
When I started to backport this fix, I realized that this fix was
already backported to the version running.
This means that we have some other problem that has been fixed in the
3.0.23 version available in experimental.
Best regards,
// Ola
On Thu, Jan 29, 2009 at 10:01:43AM +0300, Kir Kolyshkin wrote:
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport this
simple fix.
Ola Lundqvist wrote:
Hi Daniel
This is interesting as it works very well on my systems. On other hand that
system is a 686 based one.
You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800})
= -1 EPERM (Operation not permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly
not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not sure
it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and traffic
control too
ii libc6 2.7-18 GNU C Library: Shared
libraries
ii vzquota 3.0.11-1 server virtualization
solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy
program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
--- Inguza Technology AB --- MSc in Information Technology
/ o...@inguza.comAnnebergsslingan 37\
| o...@debian.org 654 65 KARLSTAD|
| http://inguza.com/Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
I'm not really sure but maybe this one can help:
http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
Daniel, can you try it out?
If that does not work I need straces from both working and non-working
versions.
Ola Lundqvist wrote:
This was already corrected in
vzctl (3.0.22-9) unstable; urgency=low
* Correction of capability problem on some platforms. Closes: #482974.
-- Ola Lundqvist o...@debian.org Sat, 7 Jun 2008 19:26:21 +0200
Do you have any other idéa?
// Ola
On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
Hi Kir
I will backport this fix. I thought I already did that. Thanks!
// Ola
Quoting Kir Kolyshkin k...@openvz.org:
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport
this simple fix.
Ola Lundqvist wrote:
Hi Daniel
This is interesting as it works very well on my systems. On other hand
that
system is a 686 based one.
You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800}) = -1 EPERM (Operation not
permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly
not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not
sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and
traffic control too
ii libc6 2.7-18 GNU C Library: Shared
libraries
ii vzquota 3.0.11-1 server virtualization
solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy
program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
--- Inguza Technology AB --- MSc in Information Technology
/ o...@inguza.comAnnebergsslingan 37\
| o...@debian.org 654 65 KARLSTAD|
| http://inguza.com/Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Hi Daniel
If you could try this fix out it would be really great.
A built package for amd64 is available at:
http://apt.inguza.org/vzctl/
// Ola
On Thu, Jan 29, 2009 at 07:57:54PM +0300, Kir Kolyshkin wrote:
I'm not really sure but maybe this one can help:
http://git.openvz.org/?p=vzctl;a=commitdiff;h=bca585d9c7c9e72bad99fc3f48bd8245ab21848c
Daniel, can you try it out?
If that does not work I need straces from both working and non-working
versions.
Ola Lundqvist wrote:
This was already corrected in
vzctl (3.0.22-9) unstable; urgency=low
* Correction of capability problem on some platforms. Closes: #482974.
-- Ola Lundqvist o...@debian.org Sat, 7 Jun 2008 19:26:21 +0200
Do you have any other idéa?
// Ola
On Thu, Jan 29, 2009 at 08:54:13AM +0100, Ola Lundqvist wrote:
Hi Kir
I will backport this fix. I thought I already did that. Thanks!
// Ola
Quoting Kir Kolyshkin k...@openvz.org:
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport
this simple fix.
Ola Lundqvist wrote:
Hi Daniel
This is interesting as it works very well on my systems. On other hand
that
system is a 686 based one.
You write that you have not significantly changed your system, but at
the
same time you write that you are not sure that it has ever worked with
the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have
done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800})
= -1 EPERM (Operation not
permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and
certainly not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not
sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and
traffic control too
ii libc6 2.7-18 GNU C Library: Shared
libraries
ii vzquota 3.0.11-1 server virtualization
solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy
program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
--- Inguza Technology AB --- MSc in Information Technology
/ o...@inguza.comAnnebergsslingan 37\
| o...@debian.org 654 65 KARLSTAD|
| http://inguza.com/Mobile: +46 (0)70-332 1551 |
\
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Ola Lundqvist o...@inguza.com writes: If you could try this fix out it would be really great. A built package for amd64 is available at: http://apt.inguza.org/vzctl/ Ah. I am on amd64, and that is an i386 package without source. Anyway, I grabbed the source, manually applied the patch and downgraded the vzctl package to 3.0.22-14 from sid. I then went to reproduce the problem and couldn't: 3.0.22-14 worked fine for me after downgrading, without any additional patches at all. Um, all of which leaves me a bit mystified, but the upgrade to 3.0.23, then back down to 3.0.22 did replace all the distribution configuration files, etc... In any case I can no longer reproduce the fault with 3.0.22-14 from sid, so I can only presume that there was something very strange went wrong on my local system, but that the issue is now resolved. Thank you both for your help, and I am sorry for the trouble. Regards, Daniel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Hi Daniel
This is interesting as it works very well on my systems. On other hand that
system is a 686 based one.
You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800})
= -1 EPERM (Operation not permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it
ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and traffic control
too
ii libc6 2.7-18 GNU C Library: Shared libraries
ii vzquota 3.0.11-1 server virtualization solution -
q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy program
(lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
- Ola Lundqvist ---
/ o...@debian.org Annebergsslingan 37 \
| o...@inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport this
simple fix.
Ola Lundqvist wrote:
Hi Daniel
This is interesting as it works very well on my systems. On other hand that
system is a 686 based one.
You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800})
= -1 EPERM (Operation not permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and traffic control too
ii libc6 2.7-18 GNU C Library: Shared libraries
ii vzquota 3.0.11-1 server virtualization solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: [Debian] Re: Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Hi Kir
I will backport this fix. I thought I already did that. Thanks!
// Ola
Quoting Kir Kolyshkin k...@openvz.org:
This is caused by newer kernel headers (in this case on a build system
that was used to build this vzctl package), and is fixed in
vzctl-3.0.23. See the following git commit:
http://git.openvz.org/?p=vzctl;a=commit;h=0d6bfad92c7cb6a193801ce8dac3a0dc64396ca8
So the solution is either to upgrade to vzctl-3.0.23 or to backport
this simple fix.
Ola Lundqvist wrote:
Hi Daniel
This is interesting as it works very well on my systems. On other hand that
system is a 686 based one.
You write that you have not significantly changed your system, but at the
same time you write that you are not sure that it has ever worked with the
2.6.26 kernel.
Can you please elaborate when it worked last time, and what you have done
since then?
Which version of the linux kernel are you running for example?
If you switch to the 2.6.24 kernel do it work then?
Best regards,
// Ola
On Wed, Jan 28, 2009 at 01:34:52PM +1100, Daniel Pittman wrote:
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800}) = -1 EPERM (Operation not
permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not
sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and
traffic control too
ii libc6 2.7-18 GNU C Library: Shared
libraries
ii vzquota 3.0.11-1 server virtualization
solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy
program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
--- Inguza Technology AB --- MSc in Information Technology
/ o...@inguza.comAnnebergsslingan 37\
| o...@debian.org 654 65 KARLSTAD|
| http://inguza.com/Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#513310: vzctl fails to set capabilities, and subsequently fails to start any VE
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x7800})
= -1 EPERM (Operation not permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and traffic control too
ii libc6 2.7-18 GNU C Library: Shared libraries
ii vzquota 3.0.11-1 server virtualization solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1fast remote file copy program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvznone (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
