Your message dated Fri, 30 Jan 2009 08:00:11 +0100
with message-id <20090130070011.ga11...@inguza.net>
and subject line Re: [Debian] Re: Bug#513310: vzctl fails to set capabilities,
and subsequently fails to start any VE
has caused the Debian Bug report #513310,
regarding vzctl fails to set capabilities, and subsequently fails to start any
VE
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
513310: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513310
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: vzctl
Version: 3.0.22-14
Severity: grave
Justification: renders package unusable
When trying to start a VE I get the following output:
] sudo vzctl start sd-dev
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted
When I strace the system I see the following call to set capabilities:
[pid 14391] capget(0x20071026, 0, NULL) = -1 EFAULT (Bad address)
[pid 14390] exit_group(0) = ?
Process 14390 detached
[pid 14391] capset(0x20071026, 0,
{CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000,
CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TTY_CONFIG|0x78000000})
= -1 EPERM (Operation not permitted)
This fails to start the VE, reporting that the capset operation failed.
None of my configuration has been modified significantly, and certainly not
to change the capability set of the VE or anything like that.
This same configuration worked on a 2.6.24 VZ kernel, but I am not sure it ever
worked on the 2.6.26 kernel.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vzctl depends on:
ii iproute 20080725-2 networking and traffic control too
ii libc6 2.7-18 GNU C Library: Shared libraries
ii vzquota 3.0.11-1 server virtualization solution - q
Versions of packages vzctl recommends:
ii rsync 3.0.5-1 fast remote file copy program (lik
Versions of packages vzctl suggests:
pn linux-patch-openvz <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi Daniel
On Fri, Jan 30, 2009 at 12:44:53PM +1100, Daniel Pittman wrote:
> Ola Lundqvist <o...@inguza.com> writes:
>
> > If you could try this fix out it would be really great.
> > A built package for amd64 is available at:
> > http://apt.inguza.org/vzctl/
>
> Ah. I am on amd64, and that is an i386 package without source.
Sorry. I built the package using the wrong chroot.
I have uploaded new build, but with the information below I do not think
that helps much. :-(
> Anyway, I grabbed the source, manually applied the patch and downgraded
> the vzctl package to 3.0.22-14 from sid.
>
> I then went to reproduce the problem and couldn't: 3.0.22-14 worked fine
> for me after downgrading, without any additional patches at all.
Um... Not what I expected. :-)
> Um, all of which leaves me a bit mystified, but the upgrade to 3.0.23,
> then back down to 3.0.22 did replace all the distribution configuration
> files, etc...
>
>
> In any case I can no longer reproduce the fault with 3.0.22-14 from sid,
> so I can only presume that there was something very strange went wrong
> on my local system, but that the issue is now resolved.
This is both good and bad. Good that your problem is solved, bad that
we do not know why this happend.
> Thank you both for your help, and I am sorry for the trouble.
Thanks a lot for your help as well.
I have closed the bug for now, but will keep my eye open on new similar
problems. Please tell if you see this problem again and I will reopen the
bug again.
Best regards,
// Ola
> Regards,
> Daniel
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ o...@inguza.com Annebergsslingan 37 \
| o...@debian.org 654 65 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- End Message ---
