FS#22386 - LXC is broken in 2.6.37-ARCH

Attached to Project: Arch Linux
Opened by Kristoffer Jan-Olov Tångfelt (revellion) - Monday, 10 January 2011, 21:32 GMT
Last edited by Andrea Scarpino (BaSh) - Sunday, 20 February 2011, 15:39 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
LXC was working in 2.6.36 but was broken in 2.6.37 due to atleast from what i can tell from
lxc-checkconfig the removal of File Capabilities configuration in the kernel build.

Additional info:
* kernel26 2.6.37-ARCH


Steps to reproduce:
1. install kernel26 (2.6.37)
2. install lxc
3. run lxc-checkconfig
4. notice file capabilities being in the state: missing compared to enabled in 2.6.36.
This task depends upon

Closed by  Andrea Scarpino (BaSh)
Sunday, 20 February 2011, 15:39 GMT
Reason for closing:  Won't fix
Additional comments about closing:  the bug is in lxc which is in AUR
Comment by nathan (ndowens) - Thursday, 27 January 2011, 22:17 GMT
Currently the stable/supported version of kernel26 is 2.6.36.3-2. Assuming you are using a kernel from AUR, then the kernel is unsupported since AUR is not supported.
Comment by James Hunt (brandnewmath) - Monday, 14 February 2011, 13:15 GMT
I can confirm this is present in the released stable version of 2.6.37:

% pacman -Qs kernel26 | head -1
local/kernel26 2.6.37-5 (base)
% lxc-checkconfig | grep 'File'
File capabilities: missing

The steps to reproduce this are identical to those in the initial report.
Comment by James Hunt (brandnewmath) - Sunday, 20 February 2011, 08:43 GMT
After some more research, it looks like this message might be a bug in lxc-checkconfig (part of the lxc package, which comes from AUR and would thus be unsupported) due to the CONFIG_SECURITY_FILE_CAPABILITIES kernel config option being removed, and POSIX file capabilities thus being enabled by default in newer kernels. The commit happened back in the 2.6.33 cycle and can be seen here:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b3a222e52e4d4be77cc4520a57af1a4a0d8222d1

There is a patch in for lxc-checkconfig that fixes the problem with it misreporting file capabilities as absent:

lxc-devel@lists.sourceforge.net/msg00615.html"> http://www.mail-archive.com/lxc-devel@lists.sourceforge.net/msg00615.html

All that being the case, this looks closable to me.

Loading...