This was the test case: 1) Update trusty daily root-tgz image with a copy of dcap and cap properties. 2) Sync image to cache 3) Deploy a node with trusty 4) Access deployed node 5) Ensure that cap properties for the new file are preserved on deployed system. This test passed. Here are test details: ====================================================================== 1) Update image root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# ls -l usr/bin/dpkgcap -rwxr-xr-x 1 root root 261840 Dec 17 09:33 usr/bin/dpkgcap root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# getcap usr/bin/dpkgcap usr/bin/dpkgcap = cap_net_raw+p root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# tar --xattrs '--xattrs-include=*' -czf root.tar.gz * tar: root.tar.gz: file changed as we read it 2) Sync image root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# ls -l total 550812 drwxr-xr-x 2 root root 4096 Dec 17 02:54 bin drwxr-xr-x 3 root root 4096 Dec 8 14:34 boot drwxr-xr-x 6 root root 4096 Dec 8 14:34 dev drwxr-xr-x 96 root root 4096 Dec 17 02:56 etc drwxr-xr-x 2 root root 4096 Apr 10 2014 home lrwxrwxrwx 1 root root 33 Dec 8 14:33 initrd.img -> boot/initrd.img-3.13.0-40-generic drwxr-xr-x 22 root root 4096 Dec 8 14:31 lib drwxr-xr-x 2 root root 4096 Dec 4 18:40 lib64 drwx------ 2 root root 4096 Dec 4 18:43 lost+found drwxr-xr-x 2 root root 4096 Dec 4 18:40 media drwxr-xr-x 2 root root 4096 Apr 10 2014 mnt drwxr-xr-x 2 root root 4096 Dec 4 18:40 opt drwxr-xr-x 2 root root 4096 Apr 10 2014 proc drwx------ 2 root root 4096 Dec 17 02:05 root -rw-r--r-- 1 root root 563942052 Dec 17 09:40 root.tar.gz drwxr-xr-x 4 root root 4096 Dec 8 14:33 run drwxr-xr-x 2 root root 4096 Dec 17 02:54 sbin drwxr-xr-x 2 root root 4096 Dec 4 18:40 srv drwxr-xr-x 2 root root 4096 Mar 12 2014 sys drwxrwxrwt 4 root root 4096 Dec 17 02:55 tmp drwxr-xr-x 10 root root 4096 Dec 4 18:40 usr drwxr-xr-x 12 root root 4096 Dec 4 18:43 var lrwxrwxrwx 1 root root 30 Dec 8 14:33 vmlinuz -> boot/vmlinuz-3.13.0-40-generic root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# ls -l ../root-tgz-3d15bdc99ae5cfe7e0be2e06e084636dc6fd809ec09ca54732ec83c9224376a2 -rw-r--r-- 1 root root 424884409 Dec 17 03:28 ../root-tgz-3d15bdc99ae5cfe7e0be2e06e084636dc6fd809ec09ca54732ec83c9224376a2 root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# cp root.tar.gz ../root-tgz-3d15bdc99ae5cfe7e0be2e06e084636dc6fd809ec09ca54732ec83c9224376a2 root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# ls -l ../root-tgz-3d15bdc99ae5cfe7e0be2e06e084636dc6fd809ec09ca54732ec83c9224376a2 -rw-r--r-- 1 root root 563942052 Dec 17 09:42 ../root-tgz-3d15bdc99ae5cfe7e0be2e06e084636dc6fd809ec09ca54732ec83c9224376a2 root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# service tgt restart tgt stop/waiting tgt start/running, process 16692 root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# cp ../root-tgz-3d15bdc99ae5cfe7e0be2e06e084636dc6fd809ec09ca54732ec83c9224376a2 ../../current/ubuntu/amd64/generic/trusty/daily/root-tgz root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# sync;sync root@ubuntumaas:/var/lib/maas/boot-resources/cache/root# exit logout 3) Deploy node from maas 4) Access deployed node lmic@ubuntumaas:/var/lib/maas/boot-resources/cache/root$ ssh 192.168.224.100 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is 5b:1b:de:c3:ff:d6:e5:64:3c:b7:be:19:55:69:b5:7e. Please contact your system administrator. Add correct host key in /home/lmic/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/lmic/.ssh/known_hosts:20 remove with: ssh-keygen -f "/home/lmic/.ssh/known_hosts" -R 192.168.224.100 ECDSA host key for 192.168.224.100 has changed and you have requested strict checking. Host key verification failed. lmic@ubuntumaas:/var/lib/maas/boot-resources/cache/root$ ssh-keygen -f "/home/lmic/.ssh/known_hosts" -R 192.168.224.100 # Host 192.168.224.100 found: line 20 type ECDSA /home/lmic/.ssh/known_hosts updated. Original contents retained as /home/lmic/.ssh/known_hosts.old lmic@ubuntumaas:/var/lib/maas/boot-resources/cache/root$ ssh 192.168.224.100 The authenticity of host '192.168.224.100 (192.168.224.100)' can't be established. ECDSA key fingerprint is 5b:1b:de:c3:ff:d6:e5:64:3c:b7:be:19:55:69:b5:7e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.224.100' (ECDSA) to the list of known hosts. Permission denied (publickey). lmic@ubuntumaas:/var/lib/maas/boot-resources/cache/root$ ssh ubuntu@192.168.224.100 Enter passphrase for key '/home/lmic/.ssh/id_rsa': Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-40-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Wed Dec 17 15:51:42 UTC 2014 System load: 0.16 Memory usage: 2% Processes: 55 Usage of /: 37.9% of 7.75GB Swap usage: 0% Users logged in: 0 Graph this data and manage this system at: https://landscape.canonical.com/ Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 21 packages can be updated. 15 updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. 5) Check capabilities on Test file ubuntu@vm:~$ ls /usr/bin/dpkg* /usr/bin/dpkg /usr/bin/dpkg-deb /usr/bin/dpkg-maintscript-helper /usr/bin/dpkg-split /usr/bin/dpkg-trigger /usr/bin/dpkgcap /usr/bin/dpkg-divert /usr/bin/dpkg-query /usr/bin/dpkg-statoverride ubuntu@vm:~$ getcap /usr/bin/dpkgcap /usr/bin/dpkgcap = cap_net_raw+p <<< TEST PASSED ubuntu@vm:~$ ubuntu@vm:~$ dpkgcap dpkg: error: need an action option Type dpkg --help for help about installing and deinstalling packages [*]; Use 'apt' or 'aptitude' for user-friendly package management; Type dpkg -Dhelp for a list of dpkg debug flag values; Type dpkg --force-help for a list of forcing options; Type dpkg-deb --help for help about manipulating *.deb files; Options marked [*] produce a lot of output - pipe it through 'less' or 'more' ! ubuntu@vm:~$ ======================================================================