[Bug 1313550] Re: ping does not work as a normal user on trusty tarball cloud images.

Mon Apr 28 20:51:32 UTC 2014

Serge,
  I don't see why new files would make something non-SRU-able.
  I dont' think that is a blocker in and of itself.

 The complexity of the patch and likelyhood of regression is the bigger
concern.

 We have a real bug here, and we have 2 ways to fix it (possibly others that i've not thought of):
a.) backport functionality into 'tar' and then make programs able to use that functionality in exactly the same way that they would/do in Utopic.
b.) craft a special tarball that has a '.xattrs_hack file in it, and then SRU patches to programs to say something like "if there is a .xattrs_hack file in a tarball, then apply those attributes with setfattr and then remove .xattrs_hack".

b seems a hack, and probably means adding a dependency on 'attr' to maas
and lxc. Admittedly maas only has this problem in saucy and trusty (and
saucy EOL shortly).  So lxc on precise is the real issue.

In summary, to fix this bug in precise, we can do it fairly cleanly (and
I think probably pretty safely) with 'a', or hackily in 'b'.

If I were SRU team, 'a' would look more appealing, or some other option
I havent thought of.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1313550

Title:
  ping does not work as a normal user on trusty tarball cloud images.

Status in The curt installer:
  Confirmed
Status in MAAS:
  Confirmed
Status in “curtin” package in Ubuntu:
  Confirmed
Status in “iputils” package in Ubuntu:
  Confirmed
Status in “lxc” package in Ubuntu:
  Confirmed
Status in “maas” package in Ubuntu:
  Confirmed
Status in “tar” package in Ubuntu:
  Fix Released
Status in “lxc” source package in Precise:
  Confirmed
Status in “tar” source package in Precise:
  Confirmed
Status in “curtin” source package in Saucy:
  Confirmed
Status in “lxc” source package in Saucy:
  Confirmed
Status in “maas” source package in Saucy:
  Confirmed
Status in “tar” source package in Saucy:
  Confirmed
Status in “curtin” source package in Trusty:
  Confirmed
Status in “lxc” source package in Trusty:
  Confirmed
Status in “maas” source package in Trusty:
  Confirmed
Status in “tar” source package in Trusty:
  Fix Released

Bug description:
  With trusty, /bin/ping relies on having extended attributes and kernel
  capabilities to gain the cap_net_raw+p capability. This allows
  removing the suid bit.

  However, the tarball cloud images do not preserve the extended
  attributes, and thus /bin/ping does not work on a system derived from
  them.

  Summary of problem per package:
   * lxc: ubuntu cloud template needs to extract
   * download template needs to extract with xattr flags
   * server side download creation tools need xattr flags
   * [unconfirmed] tarball caches need creation and extraction with xattr flags
   * tar: need the '--xattr' and '--acl' flags backported
   * maas: uec2roottgz needs to use xattr/acl flags 
   * curtin: extraction needs to use xattr/acl flags.
   * cloud-image-build: needs to create -root.tar.gz with xattr/acl flags

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1313550/+subscriptions