Ticket #626 (new defect)
aufs doesn't support file capabilities
Reported by: | geofft | Owned by: | |
---|---|---|---|
Priority: | insignificant | Milestone: | Upstream Utopia |
Component: | login chroot | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
$ getcap /usr/bin/timidity Failed to get capabilities of file `/usr/bin/timidity' (Operation not supported) $ getcap /bin/ls Failed to get capabilities of file `/bin/ls' (Operation not supported)
petards, hosting, etc. etc.
Change History
comment:2 Changed 8 years ago by geofft
So AUFS finally implemented support for xattrs and therefore for file capabilities in March 2015: https://github.com/sfjro/aufs4-standalone/commit/6660bf6 , behind the CONFIG_AUFS_XATTR config option, which is off by default. (This support should be in the versions of AUFS for kernel 4.0 and up, if I'm reading this right.)
The CONFIG_AUFS_XATTR option was enabled in Ubuntu 15.10 with kernel 4.2.0-38.45, Ubuntu 16.04 with kernel 4.4.0-22.39, and Ubuntu 16.10 with kernel 4.8.0-30.32. It looks like it's not supported at all in older versions of Ubuntu, certainly not in 14.04. See https://pad.lv/1557776
The CONFIG_AUFS_XATTR option is not currently enabled in Debian. The kernel in Debian 8 "Jessie" (current stable), 3.16, is too old anyway. In Debian 9 "Stretch" (current testing), AUFS is in a separate package called aufs-dkms, but the option is disabled. I've filed https://bugs.debian.org/863166 requesting that it be enabled, although it's likely too late for the Stretch release.
Debathena only uses AUFS on Ubuntu, right? Then this ticket can probably be closed.
Not sure if it's aufs or tmpfs (but likely both). A patch to add file capability support to tmpfs was just posted to LKML:
http://lwn.net/Articles/422624/
If Ubuntu starts relying more on file capabilities, like Fedora is (which was the motivation for this patch), and if we start pushing #761, then we'll actually need to care.