Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 471414 - sys-libs/libcap-ng: filecap silently does exit(0) when files are unreadable or xattrs are not supported (breaks fcaps.eclass)
Summary: sys-libs/libcap-ng: filecap silently does exit(0) when files are unreadable o...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-27 10:53 UTC by masc
Modified: 2018-09-03 11:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
qemu.build.log.tar.bz2 (qemu.build.log.tar.bz2,67.06 KB, application/x-bzip2)
2013-05-30 09:24 UTC, masc
Details
strace -s 4096 filecap /usr/libexec/qemu-bridge-helper net_admin (filecap.strace.log,5.84 KB, text/plain)
2013-06-02 09:22 UTC, masc
Details

Note You need to log in before you can comment on or make changes to this bug.
Description masc 2013-05-27 10:53:52 UTC
See summary. Emerging qemu doesn't pull in libcap even though it's required for successful installation.

ERROR: app-emulation/qemu-1.4.0-r1 failed (postinst phase):
   Checking caps 'cap_net_admin=ep' on '/usr/libexec/qemu-bridge-helper' failed

Reproducible: Always

Steps to Reproduce:
1. Uninstall libcap
2. Install qemu
Actual Results:  
Installation fails


Simple workaround is to emerge libcap manually.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2013-05-27 18:53:47 UTC
1) Please attach the entire build log to this bug report.
2) Please post your `emerge --info' output in a comment.
Comment 2 masc 2013-05-27 19:03:26 UTC
there's no build log as the error occurs during installation.

# emerge --info '=app-emulation/qemu-1.4.0-r1'
Portage 2.1.11.62 (default/linux/amd64/13.0, gcc-4.6.3, glibc-2.15-r3, 3.8.13-gentoo x86_64)
=================================================================
                        System Settings
=================================================================
System uname: Linux-3.8.13-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E5430_@_2.66GHz-with-gentoo-2.2
KiB Mem:     8195700 total,   1150888 free
KiB Swap:   15999608 total,  15999608 free
Timestamp of tree: Mon, 27 May 2013 02:45:01 +0000
ld GNU ld (GNU Binutils) 2.22
ccache version 3.1.9 [enabled]
app-shells/bash:          4.2_p45
dev-lang/python:          2.7.3-r3, 3.2.3-r2
dev-util/ccache:          3.1.9
dev-util/cmake:           2.8.10.2-r2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.69
sys-devel/automake:       1.11.6, 1.12.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.7 (virtual/os-headers)
sys-libs/glibc:           2.15-r3
Repositories: gentoo
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=nocona -O2 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=nocona -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ rsync://ftp-stud.hs-esslingen.de/gentoo/ ftp://91.121.124.139/gentoo-distfiles/ http://gentoo.mirror.dkm.cz/pub/gentoo/ http://91.121.125.139/gentoo-distfiles/ ftp://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/ rsync://mirror.netcologne.de/gentoo/ http://91.121.124.139/gentoo-distfiles/ http://mirror.qubenet.net/mirror/gentoo/ ftp://ftp.free.fr/mirrors/ftp.gentoo.org/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acl acpi amd64 berkdb bzip2 cli cracklib crypt cxx device-mapper dhcp dri fortran gdbm gpm hddtemp hvm iconv ipv6 kvm lm_sensors logrotate loop-aes lvm mmx modules mudflap multilib ncurses nls nptl openmp pam pcre readline sasl session sse sse2 sse3 ssl ssse3 tcpd unicode virt-network zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

=================================================================
                        Package Settings
=================================================================

app-emulation/qemu-1.4.0-r1 was built with the following:
USE="aio caps curl filecaps jpeg ncurses png sasl seccomp spice threads uuid vhost-net vnc -alsa -bluetooth -brltty -debug -doc -fdt -iscsi -mixemu -opengl -pulseaudio -python -rbd -sdl (-selinux) -smartcard -static -static-softmmu -static-user -systemtap -tci -test -tls -usbredir -vde -virtfs -xattr -xen -xfs" QEMU_SOFTMMU_TARGETS="x86_64 (-alpha) (-arm) -cris -i386 -lm32 (-m68k) -microblaze -microblazeel (-mips) -mips64 -mips64el -mipsel -or32 (-ppc) (-ppc64) -ppcemb -s390x -sh4 -sh4eb (-sparc) -sparc64 -unicore32 -xtensa -xtensaeb" QEMU_USER_TARGETS="(-alpha) (-arm) -armeb -cris -i386 (-m68k) -microblaze -microblazeel (-mips) -mipsel -or32 (-ppc) (-ppc64) -ppc64abi32 -s390x -sh4 -sh4eb (-sparc) -sparc32plus -sparc64 -unicore32 -x86_64"

>>> Attempting to run pkg_info() for 'app-emulation/qemu-1.4.0-r1'
Using:
  app-emulation/spice-protocol-0.12.3
  sys-firmware/ipxe-1.0.0_p20120905
  sys-firmware/seabios-1.7.2
    USE=binary
  sys-firmware/vgabios-0.7a
Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2013-05-30 02:32:30 UTC
This functionality comes from the fcaps.eclass which is maintained by base-system. The functionality should be provided by sys-libs/libcap-ng when you don't have sys-libs/libcap installed.
Comment 4 SpanKY gentoo-dev 2013-05-30 06:43:51 UTC
(In reply to masc from comment #2)

sure there is.  `emerge --debug qemu >& log`.

as Doug mentioned, the eclass supports both libcap & libcap-ng.  it also has a DEPEND on them.  so how exactly are you install qemu w/out them ?

i'd also point out the error is "checking caps ... failed", not "could not set caps".  that means we already managed to execute a program to set the caps successfully, and that really can only be done if you have one of the libcap packages installed.
Comment 5 masc 2013-05-30 09:24:14 UTC
Created attachment 349632 [details]
qemu.build.log.tar.bz2
Comment 6 masc 2013-05-30 09:24:48 UTC
> sure there is.  `emerge --debug qemu >& log`.
attached.

> as Doug mentioned, the eclass supports both libcap & libcap-ng.  it also has
> a DEPEND on them.  so how exactly are you install qemu w/out them ?
I don't. libcap-ng has been installed and it happens with 0.6.6 as well as 0.7.3.
Comment 7 SpanKY gentoo-dev 2013-06-01 02:28:33 UTC
(In reply to masc from comment #5)

so that log shows it ran:
  filecap /usr/libexec/qemu-bridge-helper net_admin
and that returned 0 (meaning success)

it then ran:
  filecap /usr/libexec/qemu-bridge-helper
but got back nothing

libcap-ng is crap and `filecap` silently does exit(0) when it can't read a file.  maybe it has other crappy codepaths.

so what if you run it yourself by hand (as root)?  post the output from doing:
  filecap /usr/libexec/qemu-bridge-helper
  filecap /usr/libexec/qemu-bridge-helper net_admin
  filecap /usr/libexec/qemu-bridge-helper
Comment 8 masc 2013-06-01 11:10:10 UTC
> so what if you run it yourself by hand (as root)?  post the output from
> doing:
>   filecap /usr/libexec/qemu-bridge-helper
>   filecap /usr/libexec/qemu-bridge-helper net_admin
>   filecap /usr/libexec/qemu-bridge-helper

/ # filecap /usr/libexec/qemu-bridge-helper && filecap /usr/libexec/qemu-bridge-helper net_admin && echo ok
ok
Comment 9 masc 2013-06-01 11:33:23 UTC
filecap -d terminates with segmentation fault.
Comment 10 SpanKY gentoo-dev 2013-06-02 02:12:32 UTC
(In reply to masc from comment #8)

ok, so run (as root) and then post the log file as an attachment:
  strace -s 4096 -o log filecap /usr/libexec/qemu-bridge-helper net_admin
Comment 11 masc 2013-06-02 09:22:47 UTC
Created attachment 349892 [details]
strace -s 4096 filecap /usr/libexec/qemu-bridge-helper net_admin
Comment 12 masc 2013-06-02 09:23:35 UTC
(In reply to masc from comment #9)
> filecap -d terminates with segmentation fault.

this is resolved in 0.7.3 so probably not related.
Comment 13 masc 2013-06-02 10:43:55 UTC
(In reply to masc from comment #11)
> Created attachment 349892 [details]
> strace -s 4096 filecap /usr/libexec/qemu-bridge-helper net_admin

fails as extended attributes have not been enabled on my ext3 filesystem.
upgrading to ext4 resolved it (as enabling user_xattr for ext3 probably would)
Comment 14 SpanKY gentoo-dev 2013-06-02 15:19:05 UTC
ok, so libcap-ng is just terrible

fsetxattr(3, "security.capability", "\x01\x00\x00\x02\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 20, 0) = -1 EOPNOTSUPP (Operation not supported)
close(3)                                = 0
exit_group(0)                           = ?

i guess for now i'll have to drop libcap-ng from the DEPEND list
Comment 15 SpanKY gentoo-dev 2016-11-26 06:36:14 UTC
i've sent a patch upstream.  let's see if i hear back.  fix is fairly simple -- just check the return value in the filecap util.
Comment 16 Michael 'veremitz' Everitt 2017-12-28 14:45:47 UTC
(In reply to SpanKY from comment #15)
> i've sent a patch upstream.  let's see if i hear back.  fix is fairly simple
> -- just check the return value in the filecap util.

Is this possibly fixed in https://github.com/stevegrubb/libcap-ng/commit/03ad07b37ebaa06abdca4506c1c211b0a7342401 ?
Comment 17 SpanKY gentoo-dev 2018-01-16 22:52:21 UTC
(In reply to Michael Everitt (IRC: veremitz) from comment #16)

looks similar, but isn't quite the same.  that doesn't include the errno which is needed to properly diagnose the failure for users.

i'll send a PR via github.  maybe it'll take them less than a year to resolve this time.
Comment 18 Sam 2018-09-01 22:05:20 UTC
This seems to be fixed in 0.7.9.

masc, can you confirm?
Comment 19 Sam 2018-09-01 22:05:51 UTC
(In reply to Sam from comment #18)
> This seems to be fixed in 0.7.9.
> 
> masc, can you confirm?

libcap-ng-0.7.9, that is
Comment 20 masc 2018-09-02 16:21:37 UTC
segmentation is gone and `libcap` as well as `libcap-ng` are pulled in so this should be fixed yes.
Comment 21 masc 2018-09-02 16:22:11 UTC
(In reply to masc from comment #20)
> segmentation
*fault
Comment 22 Sam 2018-09-02 20:07:06 UTC
(In reply to masc from comment #20)
> segmentation is gone and `libcap` as well as `libcap-ng` are pulled in so
> this should be fixed yes.

Thanks.

As it doesn't yet help to figure out whether we can allow only libcap-ng on a system that doesn't have xattrs; can you post results of:
1. uninstalling libcap, then
2. installing the relevant package with --nodeps
(and 3., if you want, installing libcap again)
Comment 23 masc 2018-09-03 11:16:21 UTC
I currently don't have systems without xattrs for testing.