linux-headers-2.6.25 and up have a new _LINUX_CAPABILITY_VERSION that causes capset to fail with EINVAL when trying to start a VE. As a result, if vzctl is compiled against those headers, it will not be usable (although it will compile without complaining). Reproducible: Always Steps to Reproduce: After compiling vzctl with linux-headers-2.6.25 and up, do : vzctl start <VEID> Actual Results: Unable to set capability: Invalid argument Expected Results: <normal VE start> Installing linux-headers-2.6.24 or earlier and recompiling vzctl solves the problem. It was suggested (#openvz on Freenode) that the problem should be corrected upstream instead of creating a dependency on linux-headers.
Similar issues were observed for squid in bug 223051, and a solution found at http://www.squid-cache.org/bugs/show_bug.cgi?id=2350#c3 Maybe the same solution, i.e. using _LINUX_CAPABILITY_VERSION_1 instead of _LINUX_CAPABILITY_VERSION if available, would work for vzctl as well.
(In reply to comment #1) > Similar issues were observed for squid in bug 223051, and a solution found at > http://www.squid-cache.org/bugs/show_bug.cgi?id=2350#c3 > Maybe the same solution, i.e. using _LINUX_CAPABILITY_VERSION_1 instead of > _LINUX_CAPABILITY_VERSION if available, would work for vzctl as well. > It would probably work since that is the argument used by capset() and causing it to fail. I'll try and give it a shot, if it hasn't been patched upstream by then.
Any progress on this issue? Actually, imho this is a blocker for bug 228189 as that bug cause the compile to fail which ironically safe a currently working vzctl to be hit by this one.
Thank you all for report and sorry for delay. The patch from upstream was added to vzctl-3.0.22-r1. Fixed.