I setup a couple of VMs with 2.9 clients and servers (ldiskfs) and unfortunately setcap/getcap still are unhappy - same as with my previous 2.9 clients with 2.8 servers (ZFS).
hmm. I took a gander at the source and noticed that llite/xattr.c deliberately filters out 'security.capability' and returns 0/-ENODATA for setcap/getcap, which is indeed what strace sees. so setcap/getcap is never even sent to the MDS. if I remove that filter (see patch on lustre-devel) then setcap/getcap works -> # df . Filesystem 1K-blocks Used Available Use% Mounted on 10.122.1.5@tcp:/test8 4797904 33992 4491480 1% /mnt/test8 # touch blah # setcap cap_net_admin,cap_net_raw+p blah # getcap blah blah = cap_net_admin,cap_net_raw+p and I also tested that the 'ping' binary run as unprivileged user works from lustre. success! 'b15587' is listed as the reason for the filtering. I don't know what that refers to. is it still relevant? cheers, robin _______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
