libcap2: List of capabilities not in sync with the linux kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libcap2 (Ubuntu) |
Fix Released
|
High
|
Serge Hallyn |
Bug Description
Ubuntu 12.04.1 LTS
libcap2 1:2.22-1ubuntu3
lxc 0.8-rc2
As stated in the summary, list of capabilities is not in sync with the linux kernel. We have encountered this bug, wile migrating our server from Debian 6 (with 3.2.18 kernel from backport), to Ubuntu 12.04 LTS with stock kernel (...). When we tried to run lxc-execute as a non root user, we got an error:
lxc-execute: failed to cap_get_flag: Invalid argument
lxc-execute: Operation not permitted - failed to clone
lxc-execute: failed to create vethHzECcM-
We have only found out what is the problem, thanks to this bug report for debian (however on our installation debian works just fine):
http://
It seems that problems lay in outdated header "capabilities.h" used to compile libcap2. We have hot fixed this bug, by replacing in lxc-execute source code (caps.c file), CAP_LAST_CAP with hardcoded "34" constant:
caps.c: for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
caps.c-
caps.c- cap_flag_value_t flag;
caps.c-
caps.c- ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
caps.c- if (ret) {
caps.c- ERROR("failed to cap_get_flag: %m");
caps.c- goto out;
caps.c- }
But this can not be the permanent solution.
Related branches
Changed in libcap2 (Ubuntu): | |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
status: | Confirmed → In Progress |
importance: | Undecided → High |
no longer affects: | lxc (Ubuntu) |
Status changed to 'Confirmed' because the bug affects multiple users.