Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#67781 - [util-linux] Reports libcap-ng being too old to drop all capabilities

Attached to Project: Arch Linux
Opened by Nico Wellpott (mightyBroccoli) - Monday, 31 August 2020, 14:37 GMT
Last edited by Christian Hesse (eworm) - Wednesday, 02 September 2020, 09:10 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Christian Hesse (eworm)
Architecture x86_64
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The setpriv binary installed from util-linux utilizing libcap-ng reports it being to old to drop all capabilities.

# setpriv --clear-groups --inh-caps=-all /bin/bash
setpriv: libcap-ng is too old for "all" caps


Additional info:
* util-linux: 2.36-2
* libcap-ng: 0.7.11-1

Steps to reproduce:
Have util-linux and libcap-ng installed and call it as seen above.
This task depends upon

Closed by  Christian Hesse (eworm)
Wednesday, 02 September 2020, 09:10 GMT
Reason for closing:  Fixed
Additional comments about closing:  libcap-ng 0.7.11-2
util-linux 2.36-3
Comment by Levente Polyak (anthraxx) - Monday, 31 August 2020, 15:06 GMT
whats the output of the followings?

# cat /proc/sys/kernel/cap_last_cap
# pacman -Qi linux|grep Version
# uname -a
Comment by Nico Wellpott (mightyBroccoli) - Monday, 31 August 2020, 15:09 GMT
# cat /proc/sys/kernel/cap_last_cap
36

# pacman -Qi linux|grep Version
5.8.5.arch1-1

# uname -a
Linux dashwood.domain.tld 5.8.5-arch1-1 #1 SMP PREEMPT Thu, 27 Aug 2020 18:53:02 +0000 x86_64 GNU/Linux
Comment by Christian Hesse (eworm) - Monday, 31 August 2020, 15:09 GMT
Has it always been this way or is there a regression?
Comment by Levente Polyak (anthraxx) - Monday, 31 August 2020, 15:12 GMT
The error is a safe guard in setpriv to exit if it wouldn't drop all caps because of inconsistency what "all" means.
it checks /proc/sys/kernel/cap_last_cap against CAP_LAST_CAP from /usr/include/linux/capability.h
Comment by Nico Wellpott (mightyBroccoli) - Monday, 31 August 2020, 15:12 GMT
I noticed it just recently due to various containers not finishing their entrypoints due to this error.
Comment by Levente Polyak (anthraxx) - Monday, 31 August 2020, 15:14 GMT
the buildinfo says linux-api-headers-5.7-1-any was used when discovering CAP_LAST_CAP
I guess it may just needs a rebuild
Comment by Nico Wellpott (mightyBroccoli) - Monday, 31 August 2020, 15:14 GMT
Curious is that, with a different Debian system it works perfectly.
Comment by Levente Polyak (anthraxx) - Monday, 31 August 2020, 15:18 GMT
oh, linux-api-headers is outdated
Comment by Christian Hesse (eworm) - Monday, 31 August 2020, 15:19 GMT
But linux-api-headers has not been updated since, no? So what do you think needs a rebuild?
Comment by Levente Polyak (anthraxx) - Monday, 31 August 2020, 15:24 GMT
linux-api-headers needs a bump to 5.8.x, the toolchain rebuild against it and then util-linux as well (potentially also libcap-ng)

Loading...