[lxc-users] setcap capabilities
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Feb 19 04:54:52 UTC 2016
Quoting Mark Constable (markc at renta.net):
> On 19/02/16 12:21, Serge Hallyn wrote:
> >>>>Unpacking systemd (229-1ubuntu2) over (228-5ubuntu3) ...
> >>>>dpkg: error processing archive /var/cache/apt/archives/systemd_229-1ubuntu2_amd64.deb (--unpack):
> >>>> unable to make backup link of './bin/systemctl' before installing new version: Operation not permitted
> >[...]
> >What does ls -l /bin/systemctl show?
>
> ~ ls -l /bin/systemctl
> -rwxr-xr-x 1 root root 659848 Feb 14 22:41 /bin/systemctl
>
> I did an "echo 0 > /proc/sys/fs/protected_hardlinks" on the host and
> reran the update which proceeded and installed the rest of the package
... AFAICS this shouldn't be happening. It's not setuid, not a
non-regular file, not setgid, and you should be privileged over
the file. Could you try with a newer kernel, 3.16 or 4.2 or 4.4?
> updates but along the way I got this...
>
> Failed to set capabilities on file `/usr/bin/systemd-detect-virt' (Invalid argument)
> The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
Yes, again that is going to happen, but it should only be a warning,
the package should not fail to install, if it does it is a bug in
the systemd packaging.
> ~ ls -l /usr/bin/systemd-detect-virt
> -rwxr-xr-x 1 root root 35248 Feb 14 22:41 /usr/bin/systemd-detect-virt
>
> ~ lsattr /usr/bin/systemd-detect-virt
> ---------------- /usr/bin/systemd-detect-virt
>
> ~ getcap -v /usr/bin/systemd-detect-virt
> /usr/bin/systemd-detect-virt
>
>
> Whereas on the xenial host I get...
>
> ~ getcap -v /usr/bin/systemd-detect-virt
> /usr/bin/systemd-detect-virt = cap_dac_override,cap_sys_ptrace+ep
>
>
> So is no one else reporting this problem when upgrading to systemd_229-1ubuntu2?
I get that message,
Installing new version of config file /etc/systemd/resolved.conf ...
addgroup: The group `systemd-journal' already exists as a system group. Exiting.
Failed to set capabilities on file `/usr/bin/systemd-detect-virt' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
Setting up udev (229-1ubuntu2) ...
addgroup: The group `input' already exists as a system group. Exiting.
update-initramfs: deferring update (trigger activated)
Setting up libpam-systemd:amd64 (229-1ubuntu2) ...
Processing triggers for initramfs-tools (0.120ubuntu6) ...
root at upgr:~# echo $?
0
but it's just a warning as you can see ^.
More information about the lxc-users
mailing list