1430352873 Q * _zerick_ Remote host closed the connection 1430356700 M * AlexanderS rpc.statd under jessie wants to modify the capability bounding set, it only work with the SETPCAP capability... 1430356810 M * AlexanderS is there any way, to give a vserver the capability that a process can only drop capabilites from its own permitted set? 1430357298 M * Bertl that's the default, I presume it tries to raise it 1430357334 M * Bertl but it might be a bug in the Linux-VServer patch, what version are we talking about? 1430357357 M * AlexanderS it is doing: "prctl(PR_CAPBSET_DROP, 0, 0, 0, 0) = -1 EPERM" 1430357399 M * AlexanderS (currently running 3.18.11-vs2.3.7.4) 1430357582 M * Bertl are you using namespaces? specifically USER_NS? 1430357740 M * AlexanderS this example is running in a network namespace, but I am just creating a minimal test case... 1430357759 M * Bertl okay 1430358218 M * AlexanderS something like this: http://pastebin.com/PEefSiGC returns also "-1" on 3.18.7-vs2.3.7.4 without netns and default capabilites 1430358273 M * Bertl okay, the question is, when you execute it, does /proc show SETPCAP (inside the guest)/ 1430358279 M * Bertl s/\//? 1430358379 M * Bertl e.g. 'grep Cap /proc/self/status' 1430358478 M * AlexanderS CapEff: 8000003fffffffff 1430358640 M * Bertl hmm, no idea where the EPERM comes from then 1430358671 M * Bertl probably needs some debug printks to figure out what happens 1430359751 M * Bertl try to replace the ns_capable(current_user_ns(), CAP_SETPCAP) in security/commoncap.c 1430359771 M * Bertl by cap_raised(current_cap(), CAP_SETPCAP) 1430359791 M * Bertl in cap_prctl_drop() 1430364855 M * Bertl off to bed now ... have a good one everyone! 1430364861 N * Bertl Bertl_zZ 1430367807 Q * Aiken Remote host closed the connection 1430367857 J * Aiken ~Aiken@d63f.h.jbmb.net 1430372745 J * Ghislain ~aqueos@adsl1.aqueos.com 1430376643 Q * derjohn_mob Ping timeout: 480 seconds 1430376703 J * wicope ~wicope@0001fd8a.user.oftc.net 1430382323 J * nikolayK ~nikolay.k@199.91.137.248 1430382653 Q * nikolayK Quit: Leaving 1430382672 J * nikolayK ~nikolay.k@199.91.137.248 1430382771 Q * nikolayK 1430382783 Q * dustinm` Ping timeout: 480 seconds 1430382785 J * nikolayK ~nikolay.k@199.91.137.248 1430383628 J * dustinm` ~dustinm`@2607:5300:100:200::160d 1430383703 Q * eyck Ping timeout: 480 seconds 1430383898 M * yang Hello ! I am trying to figure out how to assign one IPv6 address per running guest ? 1430384004 M * yang is it something like "ip -6 addr add 2001:123:234::1/48 dev eth0" then "naddress --add --nid 55 --ip 2001:123:234::1/48" ? 1430384291 N * Bertl_zZ Bertl 1430384293 M * Bertl morning folks! 1430384321 M * Bertl yes, given that your system is compiled with IPv6, it is as simple as this 1430384610 M * yang ok 1430388131 J * eyck ~eyck@u28n61.nowanet.pl 1430388645 J * Gremble ~Gremble@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net 1430394371 Q * Gremble Quit: I Leave 1430395159 Q * fstd Remote host closed the connection 1430395172 J * fstd ~fstd@xdsl-84-44-146-107.netcologne.de 1430396069 Q * wicope Ping timeout: 480 seconds 1430397166 J * wicope ~wicope@0001fd8a.user.oftc.net 1430397213 J * derjohn_mob ~aj@ip-95-223-126-17.hsi16.unitymediagroup.de 1430399049 J * Gremble ~Gremble@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net 1430399242 Q * nikolayK Quit: Leaving 1430399256 Q * wicope Read error: Connection reset by peer 1430399257 J * nikolayK ~nikolay.k@199.91.137.248 1430401638 Q * derjohn_mob Ping timeout: 480 seconds 1430402583 M * Bertl off for now ... bbl 1430402586 N * Bertl Bertl_oO 1430403349 J * Wermwud ~Wermwud@69-29-150-18.stat.centurytel.net 1430404240 N * AbyssOne a1-away 1430404301 J * derjohn_mob ~aj@b2b-94-79-172-98.unitymedia.biz 1430405444 Q * funnel Ping timeout: 480 seconds 1430406220 J * funnel ~funnel@0001c7d4.user.oftc.net 1430409681 Q * Gremble Quit: I Leave 1430409903 Q * nikolayK Quit: Leaving 1430410303 J * bonbons ~bonbons@2001:a18:200:4f01:a0bd:31a4:ac18:b76 1430413247 J * wicope ~wicope@0001fd8a.user.oftc.net 1430413398 Q * bonbons Quit: Leaving 1430416441 Q * derjohn_mob Ping timeout: 480 seconds 1430418474 J * wicope_ ~wicope@107.Red-83-34-214.dynamicIP.rima-tde.net 1430418498 Q * wicope Read error: Connection reset by peer 1430418632 J * yang_ yang@jazz.prunk.network 1430418657 Q * yang Ping timeout: 480 seconds 1430419288 Q * yang_ Remote host closed the connection 1430419291 J * yang yang@yang.netrep.oftc.net 1430419691 N * Bertl_oO Bertl 1430419693 M * Bertl back now ... 1430419798 J * derjohn_mob ~aj@ip-95-223-126-17.hsi16.unitymediagroup.de 1430420765 Q * Wermwud Quit: Leaving (Please imagine me slamming the door on my way out) 1430422062 J * Wermwud ~Wermwud@69-29-150-18.stat.centurytel.net 1430424989 Q * wicope_ Read error: Connection reset by peer 1430426215 Q * opuk Ping timeout: 480 seconds 1430428599 Q * Defaultti Quit: Quitting. 1430428661 J * Defaultti defaultti@lakka.kapsi.fi 1430431368 J * opuk ~kupo@h-1-5.a176.priv.bahnhof.se 1430433746 Q * Wermwud Quit: Leaving (Please imagine me slamming the door on my way out) 1430435348 Q * opuk Ping timeout: 480 seconds 1430435919 Q * Ghislain Quit: Leaving. 1430437069 J * opuk ~kupo@h-1-5.a176.priv.bahnhof.se 1430438360 Q * fstd Remote host closed the connection 1430438371 J * fstd ~fstd@xdsl-84-44-220-89.netcologne.de