On Fri, May 11, 2018 at 13:50:41 +0300, Mantas Mikulėnas wrote: > On Fri, May 11, 2018 at 1:02 PM Luca Boccassi <bl...@debian.org> wrote: > > Here's a built amd64 package for buster/sid: > > > > https://download.opensuse.org/repositories/home:/bluca/Debian_Next/amd64/iproute2_4.16.0-3~git1_amd64.deb > > > > Your patch seems to work, but there's also another problem: /sbin/ip has an > empty (but present) security.capability xattr, which gets ANDed with > effective capabilities on exec. In other words, ip starts with > inheritable=NET_ADMIN but effective=0. (When debconf asked me about making > ip setuid, I chose "No".) > > This is a bug in Debian's postinst – if $CAPS is empty, it should call > `setcap -r /bin/ip` to remove the xattr, instead of setting it to an empty > value. > > After installing your patched version *and* clearing the empty caps xattr, > I verified that zerotier-one finally works correctly. >
Virtualbox works with the iproute2_4.16.0-3~git1_amd64.deb with the additional 'setcap -r /bin/ip' fix described by Mantas. -- Jon Doge Wrangler X(7): A program for managing terminal windows. See also screen(1) and tmux(1).
