See summary. Emerging qemu doesn't pull in libcap even though it's required for successful installation. ERROR: app-emulation/qemu-1.4.0-r1 failed (postinst phase): Checking caps 'cap_net_admin=ep' on '/usr/libexec/qemu-bridge-helper' failed Reproducible: Always Steps to Reproduce: 1. Uninstall libcap 2. Install qemu Actual Results: Installation fails Simple workaround is to emerge libcap manually.
1) Please attach the entire build log to this bug report. 2) Please post your `emerge --info' output in a comment.
there's no build log as the error occurs during installation. # emerge --info '=app-emulation/qemu-1.4.0-r1' Portage 2.1.11.62 (default/linux/amd64/13.0, gcc-4.6.3, glibc-2.15-r3, 3.8.13-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.8.13-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E5430_@_2.66GHz-with-gentoo-2.2 KiB Mem: 8195700 total, 1150888 free KiB Swap: 15999608 total, 15999608 free Timestamp of tree: Mon, 27 May 2013 02:45:01 +0000 ld GNU ld (GNU Binutils) 2.22 ccache version 3.1.9 [enabled] app-shells/bash: 4.2_p45 dev-lang/python: 2.7.3-r3, 3.2.3-r2 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.10.2-r2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6, 1.12.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.7 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=nocona -O2 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=nocona -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ rsync://ftp-stud.hs-esslingen.de/gentoo/ ftp://91.121.124.139/gentoo-distfiles/ http://gentoo.mirror.dkm.cz/pub/gentoo/ http://91.121.125.139/gentoo-distfiles/ ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/ rsync://mirror.netcologne.de/gentoo/ http://91.121.124.139/gentoo-distfiles/ http://mirror.qubenet.net/mirror/gentoo/ ftp://ftp.free.fr/mirrors/ftp.gentoo.org/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl acpi amd64 berkdb bzip2 cli cracklib crypt cxx device-mapper dhcp dri fortran gdbm gpm hddtemp hvm iconv ipv6 kvm lm_sensors logrotate loop-aes lvm mmx modules mudflap multilib ncurses nls nptl openmp pam pcre readline sasl session sse sse2 sse3 ssl ssse3 tcpd unicode virt-network zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ================================================================= Package Settings ================================================================= app-emulation/qemu-1.4.0-r1 was built with the following: USE="aio caps curl filecaps jpeg ncurses png sasl seccomp spice threads uuid vhost-net vnc -alsa -bluetooth -brltty -debug -doc -fdt -iscsi -mixemu -opengl -pulseaudio -python -rbd -sdl (-selinux) -smartcard -static -static-softmmu -static-user -systemtap -tci -test -tls -usbredir -vde -virtfs -xattr -xen -xfs" QEMU_SOFTMMU_TARGETS="x86_64 (-alpha) (-arm) -cris -i386 -lm32 (-m68k) -microblaze -microblazeel (-mips) -mips64 -mips64el -mipsel -or32 (-ppc) (-ppc64) -ppcemb -s390x -sh4 -sh4eb (-sparc) -sparc64 -unicore32 -xtensa -xtensaeb" QEMU_USER_TARGETS="(-alpha) (-arm) -armeb -cris -i386 (-m68k) -microblaze -microblazeel (-mips) -mipsel -or32 (-ppc) (-ppc64) -ppc64abi32 -s390x -sh4 -sh4eb (-sparc) -sparc32plus -sparc64 -unicore32 -x86_64" >>> Attempting to run pkg_info() for 'app-emulation/qemu-1.4.0-r1' Using: app-emulation/spice-protocol-0.12.3 sys-firmware/ipxe-1.0.0_p20120905 sys-firmware/seabios-1.7.2 USE=binary sys-firmware/vgabios-0.7a
This functionality comes from the fcaps.eclass which is maintained by base-system. The functionality should be provided by sys-libs/libcap-ng when you don't have sys-libs/libcap installed.
(In reply to masc from comment #2) sure there is. `emerge --debug qemu >& log`. as Doug mentioned, the eclass supports both libcap & libcap-ng. it also has a DEPEND on them. so how exactly are you install qemu w/out them ? i'd also point out the error is "checking caps ... failed", not "could not set caps". that means we already managed to execute a program to set the caps successfully, and that really can only be done if you have one of the libcap packages installed.
Created attachment 349632 [details] qemu.build.log.tar.bz2
> sure there is. `emerge --debug qemu >& log`. attached. > as Doug mentioned, the eclass supports both libcap & libcap-ng. it also has > a DEPEND on them. so how exactly are you install qemu w/out them ? I don't. libcap-ng has been installed and it happens with 0.6.6 as well as 0.7.3.
(In reply to masc from comment #5) so that log shows it ran: filecap /usr/libexec/qemu-bridge-helper net_admin and that returned 0 (meaning success) it then ran: filecap /usr/libexec/qemu-bridge-helper but got back nothing libcap-ng is crap and `filecap` silently does exit(0) when it can't read a file. maybe it has other crappy codepaths. so what if you run it yourself by hand (as root)? post the output from doing: filecap /usr/libexec/qemu-bridge-helper filecap /usr/libexec/qemu-bridge-helper net_admin filecap /usr/libexec/qemu-bridge-helper
> so what if you run it yourself by hand (as root)? post the output from > doing: > filecap /usr/libexec/qemu-bridge-helper > filecap /usr/libexec/qemu-bridge-helper net_admin > filecap /usr/libexec/qemu-bridge-helper / # filecap /usr/libexec/qemu-bridge-helper && filecap /usr/libexec/qemu-bridge-helper net_admin && echo ok ok
filecap -d terminates with segmentation fault.
(In reply to masc from comment #8) ok, so run (as root) and then post the log file as an attachment: strace -s 4096 -o log filecap /usr/libexec/qemu-bridge-helper net_admin
Created attachment 349892 [details] strace -s 4096 filecap /usr/libexec/qemu-bridge-helper net_admin
(In reply to masc from comment #9) > filecap -d terminates with segmentation fault. this is resolved in 0.7.3 so probably not related.
(In reply to masc from comment #11) > Created attachment 349892 [details] > strace -s 4096 filecap /usr/libexec/qemu-bridge-helper net_admin fails as extended attributes have not been enabled on my ext3 filesystem. upgrading to ext4 resolved it (as enabling user_xattr for ext3 probably would)
ok, so libcap-ng is just terrible fsetxattr(3, "security.capability", "\x01\x00\x00\x02\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 20, 0) = -1 EOPNOTSUPP (Operation not supported) close(3) = 0 exit_group(0) = ? i guess for now i'll have to drop libcap-ng from the DEPEND list
i've sent a patch upstream. let's see if i hear back. fix is fairly simple -- just check the return value in the filecap util.
(In reply to SpanKY from comment #15) > i've sent a patch upstream. let's see if i hear back. fix is fairly simple > -- just check the return value in the filecap util. Is this possibly fixed in https://github.com/stevegrubb/libcap-ng/commit/03ad07b37ebaa06abdca4506c1c211b0a7342401 ?
(In reply to Michael Everitt (IRC: veremitz) from comment #16) looks similar, but isn't quite the same. that doesn't include the errno which is needed to properly diagnose the failure for users. i'll send a PR via github. maybe it'll take them less than a year to resolve this time.
This seems to be fixed in 0.7.9. masc, can you confirm?
(In reply to Sam from comment #18) > This seems to be fixed in 0.7.9. > > masc, can you confirm? libcap-ng-0.7.9, that is
segmentation is gone and `libcap` as well as `libcap-ng` are pulled in so this should be fixed yes.
(In reply to masc from comment #20) > segmentation *fault
(In reply to masc from comment #20) > segmentation is gone and `libcap` as well as `libcap-ng` are pulled in so > this should be fixed yes. Thanks. As it doesn't yet help to figure out whether we can allow only libcap-ng on a system that doesn't have xattrs; can you post results of: 1. uninstalling libcap, then 2. installing the relevant package with --nodeps (and 3., if you want, installing libcap again)
I currently don't have systems without xattrs for testing.