On Wed, 09 May 2018 09:17:26 +0100 Luca Boccassi <bl...@debian.org> wrote: > On Tue, 2018-05-08 at 22:47 -0400, Jon DeVree wrote: > > Package: iproute2 > > Version: 4.16.0-2 > > Followup-For: Bug #898015 > > > > Dear Maintainer, > > > > This also appears to break the ability of VirtualBox to configure its > > host only networking interface in the host OS. > > > > vbox appears to be able to want to use: > > > > ip addr show ... > > ip addr add ... > > ip addr del ... > > ip link set dev $DEV up > > > > I dunno if you want this as a separate bug report or combined. > > Hi, > > It's the same issue so this bug is fine. > > I need to find time to think about a solution, and if not we'll need to > revert and break ip vrf exec.
Hi, I've added check to see if CAP_NET_ADMIN is set to INHERITABLE, which is what happens when a program with ambient caps forks and execs ip, but it is not set by the iproute2 package (for the vrf exec case). Before I send that upstream for comments, would you be up to test it and see if it fixes your problems? I've tried with a simple program that uses the ambient caps, but I don't use zerotier-one nor virtual box so I'd like to be sure. Here's a built amd64 package for buster/sid: https://download.opensuse.org/repositories/home:/bluca/Debian_Next/amd64/iproute2_4.16.0-3~git1_amd64.deb Thanks! -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
