[lxc-devel] Followup to: capset fails with userns

Christian Brauner christianvanbrauner at gmail.com
Wed Feb 11 09:23:33 UTC 2015


Here is the original problem which I'm still
experiencing with lxc 1.1:

> w/ userns:
> [root at fedora2 ~]# setcap 'cap_net_admin,cap_net_raw+ep' /usr/bin/ping
> Failed to set capabilities on file `/usr/bin/ping' (Operation not permitted)
> [root at fedora2 ~]# id
> uid=0(root) gid=0(root) groups=0(root)
> 
> w/o userns:
> [root at fedora2 ~]# setcap 'cap_net_admin,cap_net_raw+ep' /usr/bin/ping
> [root at fedora2 ~]# getcap /usr/bin/ping
> /usr/bin/ping = cap_net_admin,cap_net_raw+ep
> [root at fedora2 ~]# id
> uid=0(root) gid=0(root) groups=0(root)
> 
> every yum install <pkg> where the pkg has file capabilities fails with
> 
> Error unpacking rpm package <PKG>
> error: unpacking of archive failed on file <FILE>: cpio: cap_set_file
> 
> is there a way to get this working?

(posted by Stephan Sachse)

The relevant threads are:
https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-February/008220.html

and:
https://www.redhat.com/archives/libvir-list/2014-February/msg01545.html

Has there been a solution to this problem / an acceptable patch? Running Fedora
Rawhide unprivileged trying to install iputils still shows this behaviour.

Best,
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150211/d38f5582/attachment.sig>


More information about the lxc-devel mailing list