Marking as 'fix-released' in maas in wily and xenial, as the fix went into
trunk at revision 4028.
https://code.launchpad.net/~rvb/maas/lp-1313550/+merge/262314
** Changed in: maas (Ubuntu Wily)
Status: New => Fix Released
** Changed in: maas (Ubuntu)
Status: Confirmed => Fix
** Changed in: maas
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball
** Changed in: lxc (Ubuntu Precise)
Status: Confirmed => Won't Fix
** No longer affects: lxc (Ubuntu Precise)
** No longer affects: lxc (Ubuntu Saucy)
** Changed in: lxc (Ubuntu Trusty)
Status: Confirmed => Triaged
** Changed in: lxc (Ubuntu)
Status: Confirmed => Triaged
** Changed in: maas
Status: Confirmed = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud
** Changed in: curtin
Status: Confirmed = Fix Committed
** Changed in: curtin (Ubuntu)
Status: Confirmed = Fix Released
** No longer affects: curtin (Ubuntu Saucy)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug
** Branch linked: lp:~rvb/maas/lp-1313550
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
To manage
** Branch linked: lp:~smoser/maas/lp-1313550
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
To
Should this be marked fix-released (or invalid) for lxc?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud
This bug was fixed in the package curtin - 0.1.0~bzr195-0ubuntu1~14.04.1
---
curtin (0.1.0~bzr195-0ubuntu1~14.04.1) trusty-proposed; urgency=medium
* New upstream snapshot.
- hardware enablement: ppc64 support (LP: #1386394)
- hardware enablement: know kernel mapping for
This was the test case:
1) Update trusty daily root-tgz image with a copy of dcap and cap properties.
2) Sync image to cache
3) Deploy a node with trusty
4) Access deployed node
5) Ensure that cap properties for the new file are preserved on deployed system.
This test passed.
Here are test
saucy has seen the end of its life and is no longer receiving any
updates. Marking the saucy task for this ticket as Won't Fix.
** Changed in: maas (Ubuntu Saucy)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
saucy has seen the end of its life and is no longer receiving any
updates. Marking the saucy task for this ticket as Won't Fix.
** Changed in: tar (Ubuntu Saucy)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
saucy has seen the end of its life and is no longer receiving any
updates. Marking the saucy task for this ticket as Won't Fix.
** Changed in: lxc (Ubuntu Saucy)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Hello Clint, or anyone else affected,
Accepted curtin into trusty-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/curtin/0.1.0~bzr195-0ubuntu1~14.04.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
** Branch linked: lp:ubuntu/trusty-proposed/curtin
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
** Description changed:
With trusty, /bin/ping relies on having extended attributes and kernel
capabilities to gain the cap_net_raw+p capability. This allows removing
the suid bit.
However, the tarball cloud images do not preserve the extended
attributes, and thus /bin/ping does not
** Description changed:
With trusty, /bin/ping relies on having extended attributes and kernel
capabilities to gain the cap_net_raw+p capability. This allows removing
the suid bit.
However, the tarball cloud images do not preserve the extended
attributes, and thus /bin/ping does not
** Description changed:
With trusty, /bin/ping relies on having extended attributes and kernel
capabilities to gain the cap_net_raw+p capability. This allows removing
the suid bit.
However, the tarball cloud images do not preserve the extended
attributes, and thus /bin/ping does not
** Description changed:
With trusty, /bin/ping relies on having extended attributes and kernel
capabilities to gain the cap_net_raw+p capability. This allows removing
the suid bit.
However, the tarball cloud images do not preserve the extended
attributes, and thus /bin/ping does not
** Branch linked: lp:~smoser/ubuntu/trusty/curtin/sru-utopic-level
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball
** Changed in: curtin (Ubuntu Saucy)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty
** Branch linked: lp:curtin
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
To manage notifications
This also affects the `gnome-keyring` package. The System76 imaging
system (Tribble) uses a tar-based approach similar to the MAAS fast-path
installer, and we've had to add a work-around for /usr/bin/gnome-
keyring-daemon on our desktop images:
$ getcap /usr/bin/gnome-keyring-daemon
gnome-keyring-daemon isn't really a problem because all official images
shipping it have installer hooks to restore the flag.
Setting the binary setuid would also be completely wrong as we never
want this to run as root, we just want it to have extra ipc locking
capabilities. My understanding is
Stéphane,
Gotcha, thanks for the feedback! So am I correct in thinking that the
--xattrs option is currently broken in tar on 14.04? If so, is there any
chance this could be fixed in an SRU?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
So yeah, my understanding is that --xattr is broken at the moment, we should
fix that as an SRU but we also have the problem that:
1) It's not set by default in either create or extract mode
2) Not all tar implementations we use support it
3) Not all version of gnu-tar we support have it
So
Excerpts from Jason Gerard DeRose's message of 2014-05-08 16:45:23 UTC:
Stéphane,
Gotcha, thanks for the feedback! So am I correct in thinking that the
--xattrs option is currently broken in tar on 14.04? If so, is there any
chance this could be fixed in an SRU?
No, --xattrs works fine in
Clint,
Ah, thanks for bringing up --xattrs-include=*, I didn't notice this
option!
I agree this is really a bug/misfeature in tar... if I use --xattrs both
when creating and unpacking a tarball, I expect it to just work.
--
You received this bug notification because you are a member of Ubuntu
** Tags added: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
To manage
After some more discussion we decided to simply make it setuid again for
now and then spend some time thinking about a proper solution for all
this, possibly involving small dpkg/debhelper changes so there's a
cleaner nicer way of declaring filesystem capabilities.
--
You received this bug
** Branch linked: lp:ubuntu/trusty-proposed/iputils
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty
This bug was fixed in the package iputils - 3:20121221-4ubuntu1.1
---
iputils (3:20121221-4ubuntu1.1) trusty; urgency=medium
* Mark ping and ping6 setuid again as there's currently no good ways
to have capabilities be kept in all our images. (LP: #1313550)
-- Stephane Graber
one other hting to think about if we're going the --xattrs route
anywhere, we likely have to consider the fact that '--xattrs' might
*fail* on a filesystem that doesn't support xattrs. I've not looked at
how tar handles that. that makes that a bit tricky.
--
You received this bug notification
trusty tarball daily (20140429) now correctly contains the capability info:
$ wget
http://cloud-images.ubuntu.com/trusty/20140429/trusty-server-cloudimg-amd64-root.tar.gz
$ sudo tar --xattrs '--xattrs-include=*' --acls -Szxpf
trusty-server-cloudimg-amd64-root.tar.gz bin/ping
$ attr -l bin/ping
I am kind of leaning towards stgraber's suggestion of fixing iputils
in 14.04 to be setuid.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a
This debdiff against the precise version of tar implements xattr
support.
** Patch added: tar-xattr.debdiff
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1313550/+attachment/4100853/+files/tar-xattr.debdiff
--
You received this bug notification because you are a member of Ubuntu
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
To manage notifications about
Is this a dup of 1302192?
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1302192
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a
** Also affects: maas (Ubuntu)
Importance: Undecided
Status: New
** Also affects: maas
Importance: Undecided
Status: New
** Changed in: maas
Status: New = Confirmed
** Changed in: iputils (Ubuntu)
Status: New = Confirmed
** Changed in: maas (Ubuntu)
This would seem straight forward enough (I thought I could just add '--
xattrs' to both creation and extraction of tar), but that doesn't seem
to look. See the attachment, and its output here, it seems that tar is
losing these.
$ sudo /tmp/xattr-save-ping
$ ls -l /bin/ping
-rwxr-xr-x 1 root
OK,
so i put this as affecting curtin and affecting maas.
- maas: uec2roottgz (which creates the -root.tar.gz file from an image file)
will be affected
- curtin: extracts the tarball and will need to do so with xattrs in place.
** Also affects: curtin
Importance: Undecided
FYI may also want to see comment 5 from previous/related bug 1302192;
attributes were OK in cloudimage at that point.
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1302192/comments/5
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Changed in: lxc (Ubuntu)
Status: New = Confirmed
** Changed in: lxc (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
OK, so with 14.04 level maas, this is fairly trivial.
'tar --xattrs --xattrs-include=*'
Unfortunately, 12.04 level maas doesn't have that, so we'd have to do
some backwards compatibility check/fix/hack if we want to support
the fix in the installer was to do something like:
getfattr |
** Also affects: tar (Ubuntu)
Importance: Undecided
Status: New
** Changed in: tar (Ubuntu)
Status: New = Fix Released
** Changed in: tar (Ubuntu)
Importance: Undecided = Medium
** Also affects: iputils (Ubuntu Precise)
Importance: Undecided
Status: New
** Also
** Branch linked: lp:~smoser/vmbuilder/automated-ec2-builds-tar-xattr
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty
** Branch linked: lp:~smoser/curtin/lp1313550
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
To
** No longer affects: maas (Ubuntu Precise)
** Changed in: tar (Ubuntu Saucy)
Status: New = Confirmed
** Changed in: maas (Ubuntu Trusty)
Status: New = Confirmed
** Changed in: maas (Ubuntu Saucy)
Status: New = Confirmed
** Changed in: lxc (Ubuntu Trusty)
Status:
Unfortunately src/xattrs.c is wholly non-existent in the precise
version. So backporting xattr support would include src/xattr.{c,h} as
well as inserting the calls to functions defined there throughout the
rest of the code. Unfortunately that doesn't seem SRU-able. The safest
way forward would
Serge,
I don't see why new files would make something non-SRU-able.
I dont' think that is a blocker in and of itself.
The complexity of the patch and likelyhood of regression is the bigger
concern.
We have a real bug here, and we have 2 ways to fix it (possibly others that
i've not
There's a third I mentioned on IRC, just make ping setuid again for
14.04 and only switch to capabilities in 14.10, assuming we don't intend
to support 14.10 on 12.04, we'll be good as 14.04 will have a suitable
version of tar.
--
You received this bug notification because you are a member of
Quoting Scott Moser (smo...@ubuntu.com):
Serge,
I don't see why new files would make something non-SRU-able.
A new file by itself would be nice as it's self-contained. It's
particularly adding the new calls that would seem protentially
problematic.
Anyway if it seems sane I'll post a
53 matches
Mail list logo
