touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #29410
[Bug 1313550] Re: ping does not work as a normal user on trusty tarball cloud images.
** Description changed:
With trusty, /bin/ping relies on having extended attributes and kernel
capabilities to gain the cap_net_raw+p capability. This allows removing
the suid bit.
However, the tarball cloud images do not preserve the extended
attributes, and thus /bin/ping does not work on a system derived from
them.
Summary of problem per package:
* lxc: ubuntu cloud template needs to extract
* download template needs to extract with xattr flags
* server side download creation tools need xattr flags
* [unconfirmed] tarball caches need creation and extraction with xattr flags
* tar: need the '--xattr' and '--acl' flags backported
* maas: uec2roottgz needs to use xattr/acl flags
* curtin: extraction needs to use xattr/acl flags.
* cloud-image-build: needs to create -root.tar.gz with xattr/acl flags
- SRU curtin
- ==========
-
- [Impact]
-
- As the original bug report description mentions, curtin's extraction
- needs to use xattr/acl flags.
-
- [Test Case]
-
- To reproduce this bug, use curtin extraction without the extended file
- attributes.
-
- [Regression Potential]
-
- Since the patch for this bug fix *looks* to see if there are extended
- file attributes, it should work in the event that they are there or are
- not there or are. More specifically, if tar cmd supports xattrs, curtin
- will return the required flags to extract them. This lowers the
- probability of introducing a regression.
+ Related Bugs:
+ * bug 1382632: horizon insecure key file permissions
+ * bug 1386237: tar strange behavior with --acl
+ * bug 1313550: ping broken (xattrs lost in tar extraction)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1313550
Title:
ping does not work as a normal user on trusty tarball cloud images.
Status in The curt installer:
Confirmed
Status in MAAS:
Confirmed
Status in “curtin” package in Ubuntu:
Confirmed
Status in “iputils” package in Ubuntu:
Fix Released
Status in “lxc” package in Ubuntu:
Confirmed
Status in “maas” package in Ubuntu:
Confirmed
Status in “tar” package in Ubuntu:
Fix Released
Status in “lxc” source package in Precise:
Confirmed
Status in “tar” source package in Precise:
Confirmed
Status in “curtin” source package in Saucy:
Won't Fix
Status in “lxc” source package in Saucy:
Confirmed
Status in “maas” source package in Saucy:
Confirmed
Status in “tar” source package in Saucy:
Confirmed
Status in “curtin” source package in Trusty:
Confirmed
Status in “lxc” source package in Trusty:
Confirmed
Status in “maas” source package in Trusty:
Confirmed
Status in “tar” source package in Trusty:
Fix Released
Bug description:
With trusty, /bin/ping relies on having extended attributes and kernel
capabilities to gain the cap_net_raw+p capability. This allows
removing the suid bit.
However, the tarball cloud images do not preserve the extended
attributes, and thus /bin/ping does not work on a system derived from
them.
Summary of problem per package:
* lxc: ubuntu cloud template needs to extract
* download template needs to extract with xattr flags
* server side download creation tools need xattr flags
* [unconfirmed] tarball caches need creation and extraction with xattr flags
* tar: need the '--xattr' and '--acl' flags backported
* maas: uec2roottgz needs to use xattr/acl flags
* curtin: extraction needs to use xattr/acl flags.
* cloud-image-build: needs to create -root.tar.gz with xattr/acl flags
Related Bugs:
* bug 1382632: horizon insecure key file permissions
* bug 1386237: tar strange behavior with --acl
* bug 1313550: ping broken (xattrs lost in tar extraction)
To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1313550/+subscriptions
