"hom...@163.com": > I have the AppArmor and Seccomp closed, but still got the warning.
Ok. Now define our test command as "chown apt:root ./aaae" and let's step forward. We already know that chown failed because fchownat(2) returned EPERM. (from your previous log) fchownat(AT_FDCWD, "./aaae", 104, 0, 0) = -1 EPERM (Operation not permitted) Assuming there is no error in VFS and LSM, let's track down aufs. - enable CONFIG_AUFS_DEBUG - set a module parameter debug=1 just before chown, and reset to debug=0 just after chown # id # echo 1 >> /sys/module/aufs/parameter/debug # strace chown apt:root ./aaae # echo 0 >> /sys/module/aufs/parameter/debug and show me the strace output and the kernel log. Just to make sure, you coundn't find any related msg in your LSM logs, right? And this is unrelated to capability, right? J. R. Okajima
