[Bug 1084000] Re: libcap2: List of capabilities not in sync with the linux kernel

Launchpad Bug Tracker 1084000 at bugs.launchpad.net
Fri Jan 18 22:24:11 UTC 2013 

This bug was fixed in the package libcap2 - 1:2.22-1.2ubuntu2

---------------
libcap2 (1:2.22-1.2ubuntu2) raring; urgency=low

  * Add patch (which has been forwarded to the upstream maintainer) to define
    new capabilities in most recent kernels.  (LP: #1084000) (Closes: #689035)
 -- Serge Hallyn <serge.hallyn at ubuntu.com>   Fri, 18 Jan 2013 15:34:40 -0600

** Changed in: libcap2 (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1084000

Title:
  libcap2: List of capabilities not in sync with the linux kernel

Status in “libcap2” package in Ubuntu:
  Fix Released

Bug description:
  Ubuntu 12.04.1 LTS
  libcap2 1:2.22-1ubuntu3
  lxc 0.8-rc2

  As stated in the summary, list of capabilities is not in sync with the
  linux kernel. We have encountered this bug, wile migrating our server
  from Debian 6 (with 3.2.18 kernel from backport), to Ubuntu 12.04 LTS
  with stock kernel (...). When we tried to run lxc-execute as a non
  root user, we got an error:

      lxc-execute: failed to cap_get_flag: Invalid argument
      lxc-execute: Operation not permitted - failed to clone

      lxc-execute: failed to create vethHzECcM-veth5n8dhR : Operation
  not permitted

  We have only found out what is the problem, thanks to this bug report
  for debian (however on our installation debian works just fine):

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689035

  It seems that problems lay in outdated header "capabilities.h" used to
  compile libcap2. We have hot fixed this bug, by replacing in lxc-
  execute source code (caps.c file), CAP_LAST_CAP with hardcoded "34"
  constant:

  caps.c:	for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
  caps.c-
  caps.c-		cap_flag_value_t flag;
  caps.c-
  caps.c-		ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
  caps.c-		if (ret) {
  caps.c-			ERROR("failed to cap_get_flag: %m");
  caps.c-			goto out;
  caps.c-		}

  But this can not be the permanent solution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1084000/+subscriptions

More information about the foundations-bugs mailing list