[lxc-users] setcap capabilities

Serge Hallyn serge.hallyn at ubuntu.com
Fri Feb 19 04:54:52 UTC 2016


Quoting Mark Constable (markc at renta.net):
> On 19/02/16 12:21, Serge Hallyn wrote:
> >>>>Unpacking systemd (229-1ubuntu2) over (228-5ubuntu3) ...
> >>>>dpkg: error processing archive /var/cache/apt/archives/systemd_229-1ubuntu2_amd64.deb (--unpack):
> >>>>  unable to make backup link of './bin/systemctl' before installing new version: Operation not permitted
> >[...]
> >What does ls -l /bin/systemctl show?
> 
> ~ ls -l /bin/systemctl
> -rwxr-xr-x 1 root root 659848 Feb 14 22:41 /bin/systemctl
> 
> I did an "echo 0 > /proc/sys/fs/protected_hardlinks" on the host and
> reran the update which proceeded and installed the rest of the package

... AFAICS this shouldn't be happening.  It's not setuid, not a
non-regular file, not setgid, and you should be privileged over
the file.  Could you try with a newer kernel, 3.16 or 4.2 or 4.4?

> updates but along the way I got this...
> 
> Failed to set capabilities on file `/usr/bin/systemd-detect-virt' (Invalid argument)
> The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

Yes, again that is going to happen, but it should only be a warning,
the package should not fail to install, if it does it is a bug in
the systemd packaging.

> ~ ls -l /usr/bin/systemd-detect-virt
> -rwxr-xr-x 1 root root 35248 Feb 14 22:41 /usr/bin/systemd-detect-virt
> 
> ~ lsattr /usr/bin/systemd-detect-virt
> ---------------- /usr/bin/systemd-detect-virt
> 
> ~ getcap -v /usr/bin/systemd-detect-virt
> /usr/bin/systemd-detect-virt
> 
> 
> Whereas on the xenial host I get...
> 
> ~ getcap -v /usr/bin/systemd-detect-virt
> /usr/bin/systemd-detect-virt = cap_dac_override,cap_sys_ptrace+ep
> 
> 
> So is no one else reporting this problem when upgrading to systemd_229-1ubuntu2?

I get that message,

Installing new version of config file /etc/systemd/resolved.conf ...
addgroup: The group `systemd-journal' already exists as a system group. Exiting.
Failed to set capabilities on file `/usr/bin/systemd-detect-virt' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
Setting up udev (229-1ubuntu2) ...
addgroup: The group `input' already exists as a system group. Exiting.
update-initramfs: deferring update (trigger activated)
Setting up libpam-systemd:amd64 (229-1ubuntu2) ...
Processing triggers for initramfs-tools (0.120ubuntu6) ...
root at upgr:~# echo $?
0

but it's just a warning as you can see ^.


More information about the lxc-users mailing list