[lxc-users] Cannot chmod g+s within unprivileged container anymore

Carsten Aulbert carsten at welcomes-you.com
Thu Dec 21 15:33:56 UTC 2017 

Hi again

brief f'up on my previous mail. It looks it has something to do with
rights/capabilities/... as I *can* set the suid bit if (but only if) the
file is also owned by the primary gid of root (adding root to postdrop
does *not* help):

stat postqueue; chown -v root:root postqueue; \
stat postqueue; chmod -v 2555 postqueue; \
stat postqueue; chown -v root:postdrop postqueue; \
stat postqueue

  File: postqueue
  Size: 22600           Blocks: 21         IO Block: 23040  regular file
Device: 31h/49d Inode: 32397       Links: 1
Access: (0555/-r-xr-xr-x)  Uid: (    0/    root)   Gid: (  110/postdrop)
Access: 2017-12-21 14:34:21.000000000 +0000
Modify: 2017-09-27 04:56:28.000000000 +0000
Change: 2017-12-21 15:30:03.058681568 +0000
 Birth: -

changed ownership of 'postqueue' from root:postdrop to root:root

  File: postqueue
  Size: 22600           Blocks: 21         IO Block: 23040  regular file
Device: 31h/49d Inode: 32397       Links: 1
Access: (0555/-r-xr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2017-12-21 14:34:21.000000000 +0000
Modify: 2017-09-27 04:56:28.000000000 +0000
Change: 2017-12-21 15:31:34.227390065 +0000
 Birth: -

mode of 'postqueue' changed from 0555 (r-xr-xr-x) to 2555 (r-xr-sr-x)

  File: postqueue
  Size: 22600           Blocks: 21         IO Block: 23040  regular file
Device: 31h/49d Inode: 32397       Links: 1
Access: (2555/-r-xr-sr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2017-12-21 14:34:21.000000000 +0000
Modify: 2017-09-27 04:56:28.000000000 +0000
Change: 2017-12-21 15:31:34.231390097 +0000
 Birth: -

changed ownership of 'postqueue' from root:root to root:postdrop

  File: postqueue
  Size: 22600           Blocks: 21         IO Block: 23040  regular file
Device: 31h/49d Inode: 32397       Links: 1
Access: (0555/-r-xr-xr-x)  Uid: (    0/    root)   Gid: (  110/postdrop)
Access: 2017-12-21 14:34:21.000000000 +0000
Modify: 2017-09-27 04:56:28.000000000 +0000
Change: 2017-12-21 15:31:34.239390160 +0000
 Birth: -

What really puzzles me is that the last chown resets it.

Does this ring any bell with anyone? I'm still at a loss here.

Cheers
Carsten

PS: Ruled out so far: The two different Linux kernel versions and ZFS
setting xattr (sa vs. on)

More information about the lxc-users mailing list