Ubuntu
iproute2 package

capabilities set with setcap are not honoured

Eoan (19.10)
Bug #1856045

Bug #1856045 reported by Lars Ekman on 2019-12-11

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	iproute2 (Ubuntu)	Won't Fix	Undecided	Unassigned
	Eoan	Confirmed	Undecided	Unassigned

Bug Description

Hi,

In Ubuntu 19.10 I set capabilities as;

setcap cap_net_admin,cap_sys_admin+ep /bin/ip
getcap /bin/ip
/bin/ip = cap_net_admin,cap_sys_admin+ep

but;

> ip addr add 20.20.20.20/32 dev lo
RTNETLINK answers: Operation not permitted

*exactly* the same works perfect on 18.04.3 LTS.

BTW the set of a silly address on "lo" is just an example.
Nothing works on Ubuntu 19.10

Regards,

ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: libcap2-bin 1:2.25-2
ProcVersionSignature: Ubuntu 5.3.0-24.26-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: amd64
Date: Wed Dec 11 15:27:00 2019
InstallationDate: Installed on 2019-12-09 (2 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
SourcePackage: libcap2
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Lars Ekman (uablrek) wrote on 2019-12-11:

Dependencies.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (301 bytes, text/plain; charset="utf-8")

Sebastien Bacher (seb128) on 2019-12-12

tags:

added: rls-ee-incoming

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-12-19:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libcap2 (Ubuntu):
status:	New → Confirmed

Brian Murray (brian-murray) on 2019-12-19

Changed in libcap2 (Ubuntu Eoan):
status:	New → Confirmed
Changed in libcap2 (Ubuntu):
status:	Confirmed → New

Francis Ginther (fginther) on 2019-12-20

tags:

added: id-5dfbada861bbb0737ab3648f

Brian Murray (brian-murray) on 2020-01-09

tags:

removed: rls-ee-incoming

Launchpad Janitor (janitor) on 2020-02-10

Changed in iproute2 (Ubuntu):
status:	New → Confirmed

Michael Hudson-Doyle (mwhudson) on 2020-02-10

affects:

libcap2 (Ubuntu) → iproute2 (Ubuntu)

Revision history for this message

Michael Hudson-Doyle (mwhudson) wrote on 2020-02-10:

Well this is a consequence of this upstream change in iproute2: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?h=v4.16.0&id=ba2fc55b99f8363c80ce36681bc1ec97690b66f5. Upstream discussion, such as it is, of the patch appears to be here: https://<email address hidden>/

Probably the next step is to email the netdev list about this. Is that something you would be interested in doing? You are probably better able to explain your use case than I am!

Changed in iproute2 (Ubuntu):
status:	New → Triaged

Revision history for this message

Michael Hudson-Doyle (mwhudson) wrote on 2020-02-10:

Talking about this more, the Ubuntu solution for this sort of thing is to configure sudo appropriately, so we'll close the bug here.

Changed in iproute2 (Ubuntu):
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuiproute2 package

capabilities set with setcap are not honoured

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
iproute2 package