[Bug 1313550] Re: ping does not work as a normal user on trusty tarball cloud images.

Stéphane Graber stgraber at stgraber.org
Thu May 8 13:39:14 UTC 2014 

gnome-keyring-daemon isn't really a problem because all official images
shipping it have installer hooks to restore the flag.

Setting the binary setuid would also be completely wrong as we never
want this to run as root, we just want it to have extra ipc locking
capabilities. My understanding is that those aren't even entirely
required and that it has a fallback mode for systems where the
capability isn't set.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1313550

Title:
  ping does not work as a normal user on trusty tarball cloud images.

Status in The curt installer:
  Confirmed
Status in MAAS:
  Confirmed
Status in “curtin” package in Ubuntu:
  Confirmed
Status in “iputils” package in Ubuntu:
  Fix Released
Status in “lxc” package in Ubuntu:
  Confirmed
Status in “maas” package in Ubuntu:
  Confirmed
Status in “tar” package in Ubuntu:
  Fix Released
Status in “lxc” source package in Precise:
  Confirmed
Status in “tar” source package in Precise:
  Confirmed
Status in “curtin” source package in Saucy:
  Confirmed
Status in “lxc” source package in Saucy:
  Confirmed
Status in “maas” source package in Saucy:
  Confirmed
Status in “tar” source package in Saucy:
  Confirmed
Status in “curtin” source package in Trusty:
  Confirmed
Status in “lxc” source package in Trusty:
  Confirmed
Status in “maas” source package in Trusty:
  Confirmed
Status in “tar” source package in Trusty:
  Fix Released

Bug description:
  With trusty, /bin/ping relies on having extended attributes and kernel
  capabilities to gain the cap_net_raw+p capability. This allows
  removing the suid bit.

  However, the tarball cloud images do not preserve the extended
  attributes, and thus /bin/ping does not work on a system derived from
  them.

  Summary of problem per package:
   * lxc: ubuntu cloud template needs to extract
   * download template needs to extract with xattr flags
   * server side download creation tools need xattr flags
   * [unconfirmed] tarball caches need creation and extraction with xattr flags
   * tar: need the '--xattr' and '--acl' flags backported
   * maas: uec2roottgz needs to use xattr/acl flags 
   * curtin: extraction needs to use xattr/acl flags.
   * cloud-image-build: needs to create -root.tar.gz with xattr/acl flags

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1313550/+subscriptions

More information about the foundations-bugs mailing list