[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#798659: live-build: /bin/ping gives permission denied as normal user in live system

Package: live-build
Version: 5.0~a11-1
Severity: normal

/bin/ping (from iputils-ping) should normally in jessie be set with
"cap_net_raw+ep" if the filesystem supports it, or with the sticky bit
otherwise. But in a live system, neither is set, and ping reports:
"ping: icmp open socket: Operation not permitted"

Ben Armstrong (IRC) pointed out that this might be due to squashfs being
unable to handle posix capabilities, combined with the chroot being
setup on a system which can handle them. Thus the fix would be for
live-build to have a hook which can fall back to using sticky bit when
the target binary filesystem is known to be thus limited.

This does not seem to effect wheezy (and prior?), since there /bin/ping
has the sticky bit set regardless.

Related: https://lists.debian.org/debian-boot/2014/04/msg00061.html

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages live-build depends on:
ii  debootstrap  1.0.72

Versions of packages live-build recommends:
ii  apt-utils                       1.0.10.2
ii  cpio                            2.11+dfsg-4.1
ii  live-boot-doc                   5.0~a5-1
ii  live-config-doc                 5.0~a5-1
ii  live-manual-html [live-manual]  1:5.0~a2-1
ii  wget                            1.16.3-3

Versions of packages live-build suggests:
ii  debian-keyring  2015.08.13
ii  gpgv            1.4.19-5

-- no debconf information
Reply to: