← Back to team overview

touch-packages team mailing list archive

[Bug 1313550] Re: ping does not work as a normal user on trusty tarball cloud images.

 

** Description changed:

  With trusty, /bin/ping relies on having extended attributes and kernel
  capabilities to gain the cap_net_raw+p capability. This allows removing
  the suid bit.
  
  However, the tarball cloud images do not preserve the extended
  attributes, and thus /bin/ping does not work on a system derived from
  them.
  
  Summary of problem per package:
   * lxc: ubuntu cloud template needs to extract
   * download template needs to extract with xattr flags
   * server side download creation tools need xattr flags
   * [unconfirmed] tarball caches need creation and extraction with xattr flags
   * tar: need the '--xattr' and '--acl' flags backported
   * maas: uec2roottgz needs to use xattr/acl flags
   * curtin: extraction needs to use xattr/acl flags.
   * cloud-image-build: needs to create -root.tar.gz with xattr/acl flags
  
- SRU curtin
- ==========
- 
- [Impact]
- 
- As the original bug report description mentions, curtin's extraction
- needs to use xattr/acl flags.
- 
- [Test Case]
- 
- To reproduce this bug, use curtin extraction without the extended file
- attributes.
- 
- [Regression Potential]
- 
- Since the patch for this bug fix *looks* to see if there are extended
- file attributes, it should work in the event that they are there or are
- not there or are.  More specifically, if tar cmd supports xattrs, curtin
- will return the required flags to extract them.  This lowers the
- probability of introducing a regression.
+ Related Bugs:
+  * bug 1382632: horizon insecure key file permissions
+  * bug 1386237: tar strange behavior with --acl
+  * bug 1313550: ping broken (xattrs lost in tar extraction)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1313550

Title:
  ping does not work as a normal user on trusty tarball cloud images.

Status in The curt installer:
  Confirmed
Status in MAAS:
  Confirmed
Status in “curtin” package in Ubuntu:
  Confirmed
Status in “iputils” package in Ubuntu:
  Fix Released
Status in “lxc” package in Ubuntu:
  Confirmed
Status in “maas” package in Ubuntu:
  Confirmed
Status in “tar” package in Ubuntu:
  Fix Released
Status in “lxc” source package in Precise:
  Confirmed
Status in “tar” source package in Precise:
  Confirmed
Status in “curtin” source package in Saucy:
  Won't Fix
Status in “lxc” source package in Saucy:
  Confirmed
Status in “maas” source package in Saucy:
  Confirmed
Status in “tar” source package in Saucy:
  Confirmed
Status in “curtin” source package in Trusty:
  Confirmed
Status in “lxc” source package in Trusty:
  Confirmed
Status in “maas” source package in Trusty:
  Confirmed
Status in “tar” source package in Trusty:
  Fix Released

Bug description:
  With trusty, /bin/ping relies on having extended attributes and kernel
  capabilities to gain the cap_net_raw+p capability. This allows
  removing the suid bit.

  However, the tarball cloud images do not preserve the extended
  attributes, and thus /bin/ping does not work on a system derived from
  them.

  Summary of problem per package:
   * lxc: ubuntu cloud template needs to extract
   * download template needs to extract with xattr flags
   * server side download creation tools need xattr flags
   * [unconfirmed] tarball caches need creation and extraction with xattr flags
   * tar: need the '--xattr' and '--acl' flags backported
   * maas: uec2roottgz needs to use xattr/acl flags
   * curtin: extraction needs to use xattr/acl flags.
   * cloud-image-build: needs to create -root.tar.gz with xattr/acl flags

  Related Bugs:
   * bug 1382632: horizon insecure key file permissions
   * bug 1386237: tar strange behavior with --acl
   * bug 1313550: ping broken (xattrs lost in tar extraction)

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1313550/+subscriptions