You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems like CPIO doesn't support xattrs and thus loses capabilities set on files via setcap. ping, for example, currently yields Operation not permitted unless you set sudo sysctl net.ipv4.ping_group_range="0 2147483647", even though it was properly setcap'ed before being packed into the CPIO rootfs.
Before packing the CPIO rootfs, getcap centos7-builder/diskless-root/bin/ping (from inside the build container) shows: centos7-builder/diskless-root/bin/ping = cap_net_admin,cap_net_raw+p
After booting the image in Qemu, I see: Failed to get capabilities of file /bin/ping' (Operation not supported)`
It's worth noting that our linuxRT images do not have this issue because they already use EXT2 rootfs images.
It seems like CPIO doesn't support xattrs and thus loses capabilities set on files via
setcap.ping, for example, currently yieldsOperation not permittedunless you setsudo sysctl net.ipv4.ping_group_range="0 2147483647", even though it was properly setcap'ed before being packed into the CPIO rootfs.Before packing the CPIO rootfs,
getcap centos7-builder/diskless-root/bin/ping(from inside the build container) shows:centos7-builder/diskless-root/bin/ping = cap_net_admin,cap_net_raw+pAfter booting the image in Qemu, I see:
Failed to get capabilities of file/bin/ping' (Operation not supported)`It's worth noting that our linuxRT images do not have this issue because they already use EXT2 rootfs images.
Linux docs about initrd images: https://docs.kernel.org/admin-guide/initrd.html
The text was updated successfully, but these errors were encountered: