When I run command 'vserver myguest start' (from sys-cluster/util-vserver-0.30.212-r2, linked against dev-libs/dietlibc-0.30-r2), it doesn't work. 


Reproducible: Always

Steps to Reproduce:
1. prepare vserver ready kernel and vserver-util as described in http://www.gentoo.org/proj/en/vps/vserver-howto.xml
2. create guest vserver named 'myguest'
3. execute 'vserver myguest start' command

Actual Results:  
# vserver myguest start
'VERIFYCAP' can be executed as root only
capabilities are not enabled in kernel-setup


Failed to start vserver 'myguest'



Expected Results:  
# vserver myguest start

Gentoo/Linux 1.13.0_alpha12; http://www.gentoo.org/
 Copyright 1999-2007 Gentoo Foundation; Distributed under the GPLv2

Press I to enter interactive boot mode

 * Using existing device nodes in /dev                    [ ok ]
 * root filesystem is mounted read-write - skipping
 * Checking all filesystems                               [ ok ]
 * Mounting local filesystems                             [ ok ]
 * Activating (possible) swap                             [ ok ]
 * Setting hostname to myguest                            [ ok ]
 * Updating environment                                   [ ok ]
 * Cleaning /var/lock, /var/run                           [ ok ]
 * Cleaning /tmp directory                                [ ok ]
 * Initializing random number generator                   [ ok ]
 * Setting system clock using the hardware clock [VPS]    [ ok ]
 * Starting syslog-ng                                     [ ok ]
 * Starting vixie-cron                                    [ ok ]
 * Starting local                                         [ ok ]


# emerge --info
Portage 2.1.2.12 (hardened/x86/2.6, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r6-vs2.2.0.3 i686)
=================================================================
System uname: 2.6.20-hardened-r6-vs2.2.0.3 i686 Intel(R) Xeon(TM) CPU 2.00GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Tue, 11 Sep 2007 20:50:01 +0000
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.7.9-r1, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=i686 -O2 -pipe -fforce-addr"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-mtune=i686 -O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.mirror.web4u.cz/ http://gentoo.tiscali.nl/ http://gentoo.intergenia.de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="amavis apache2 authdaemond authfile bash-completion berkdb bzip2 chroot clamav clamd cli colordiff cracklib crypt doc fbcon filter gd gdbm gif hardened hpn iconv imap innodb jpeg jpeg2k libclamav libwww logrotate maildir midi mysql mysqli ncurses network-cron nls nptl nptlonly pam pam_chroot pam_console pam_timestamp pcre pdf perl php pic png profile python readline sasl sftp sftplogging spamassassin spell spl ssl syslog tcpd threads unicode unsupported_8bit urandom vhosts workbench x86 xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


According to howto and uncle Google I've checked that my kernel config contains:
CONFIG_SECURITY_CAPABILITIES=y
and I run the mentioned command as root.

Using the source I discovered the message comes from src/vserver-info.c (from vserver-util, see below):

...
  if (getuid()!=0) {
    WRITE_MSG(2, "'VERIFYCAP' can be executed as root only\n");
    return false;
  }
...

It seems like getuid() from dev-libs/dietlibc-0.30-r2 doesn't work properly as it should return 0 when I'm root. I've confirmed it with simple program getuid.c:

#include <stdio.h>
int main() {
printf("getuid:%d, getuid32:%d\n", getuid(), getuid32());
return 0;
}

linked against dietlibc using 'diet gcc getuid.c -o getuid' it returns:

server ~ # ./getuid
getuid:-1, getuid32:0
server ~ # su jirik
jirik@server /root $ ./getuid
getuid:-1, getuid32:1000

I see several possible solutions:
1) change sys-cluster/util-vserver ebuild in order util-vserver is not linked against dietlibc (probably depending on dietlibc USE flag or something like that) as getuid() from glibc works fine (but it is not recomended for util-vserver, I know)
2) fix dietlibc to handle getuid() correctly.
3) fix util-vserver not to use broken getuid() from dietlibc, but getuid32() which seems to be working (but it will probably break compatibility with glibc, as I didn't find getuid32() in glibc.