Bug 1177715

Summary: setpriv: libcap-ng is too old for "all" caps
Product: [openSUSE] openSUSE Tumbleweed Reporter: André Werlang <beppe85>
Component: SecurityAssignee: Stanislav Brabec <sbrabec>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: gilbertoca, jimc, meissner, tchvatal
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description André Werlang 2020-10-14 20:21:48 UTC
setpriv doesn't recognize newer kernel capabilities (>=39)

$ setpriv --inh-caps=+all cat /proc/self/status
setpriv: libcap-ng is too old for "all" caps
$ uname -r
$ cat /proc/sys/kernel/cap_last_cap
$ ldd /usr/bin/setpriv
        linux-vdso.so.1 (0x00007ffcbaf89000)
        libcap-ng.so.0 => /usr/lib64/libcap-ng.so.0 (0x00007f28049d4000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f280480b000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f2804a01000)

CAP_BPF (39) was added to libcap2 [https://build.opensuse.org/request/show/824647] but setpriv doesn't seem to depend on it, but libcap-ng0 instead which is outdated.
Comment 1 James Carter 2020-10-21 18:10:50 UTC
Mee tooo.  I just (2020-10-20) updated to kernel-default-5.8.14-1.2 and I
have libcap-ng0-0.7.10-1.16.x86_64 installed since 2020-09-01, and
unbound-1.12.0-1.1.x86_64 installed 2020-10-20.  Unbound won't start,
exuding the error message that the OP showed.  This kind of interferes
with normal operation of the host.  (I raised the bug's severity level to 
"Major".)  I had kernel 5.7.1-1-default available; reverting to that
"fixed" the problem.
Comment 2 James Carter 2020-11-05 05:51:56 UTC
In https://bugs.archlinux.org/task/67781 (2020-08-31) the 
developer describes what he did to fix it in Arch Linux.  

I just installed SuSE Tumbleweed on a new machine, and on boot it 
was complaining because of no local stub resolver (unbound) that 
could do DNSSEC.  I ended up installing 
kernel-default-5.3.18-lp152.47.2 from Leap 15.2 which "solved" the 
Comment 3 James Carter 2021-01-08 22:36:01 UTC
I made some progress on the "too old" issue.  

util-linux-2.35.1-2.3.x86_64 (for setpriv)
linux-glibc-devel-5.10-1.1.x86_64 (for /usr/include/linux/capability.h)
kernel-default-5.10.4-1.1.x86_64 (failing)
kernel-default-5.6.12-1.3.x86_64 (not failing)

Symptom: Running a recent kernel, you try to start unbound.  It drops
privileges by (I'm guessing here) re-execing itself using setpriv, and
it dies.  This message is found in /var/log/debug or systemctl status
setpriv: libcap-ng is too old for "all" caps

I dug through the source code (from the .srpm), specifically 
See also: /proc/sys/kernel/cap_last_cap (value 40)

setpriv.c does: 
if (!strcmp(c + 1, "all")) {
    if (cap_last_cap() > CAP_LAST_CAP) {error message and die}
cap_last_cap() is defined in ./lib/caputils.c ; it reads
/proc/sys/kernel/cap_last_cap and caches the value for subsequent calls.
On kernel 5.10.4 there are 40 caps and all sources are up to date on
this; CAP_LAST_CAP is defined in /usr/include/linux/capability.h
I don't see why the code fails, but it does.  

On kernel 5.6.12 there are 37 caps and unbound starts up with no
complaints (despite the running kernel having fewer caps than 
/usr/include/linux/capability.h knows about, i.e. CAP_LAST_CAP == 40).
Unbound started failing in kernel 5.7.(early).  

Workaround: I installed the experimental util-linux-2.36 ; URL:
Unbound starts right up.  

So my request is, please expedite moving util-linux-2.36 to official 
status.  It seems to be SuSE policy to use unbound, and when it fails to
start, that really puts a crimp in uptake.
Comment 4 André Werlang 2021-02-24 01:35:31 UTC
Seems fixed.
Comment 5 James Carter 2021-02-24 19:45:40 UTC
Confirmed -- recently I got an update to util-linux-2.36.1-3.2.x86_64
(installed 2021-02-23).  Unbound starts up with no hassle.  Thank
you for moving out this new version.
Comment 6 Gilberto C. Andrade 2021-08-05 13:04:21 UTC
Same problem with openSUSE Leap 15.3, upgrading from 15.2:

gilberto.andrade@C430760:~$ setpriv --inh-caps=+all cat /proc/self/status
setpriv: aplicar capacidades: Operação não permitida

gilberto.andrade@C430760:~$ uname -a
Linux C430760 5.3.18-59.16-default #1 SMP Thu Jul 15 11:28:57 UTC 2021 (0b62bdb) x86_64 x86_64 x86_64 GNU/Linux

gilberto.andrade@C430760:~$ ldd /usr/bin/setpriv
        linux-vdso.so.1 (0x00007ffdaadc8000)
        libcap-ng.so.0 => /usr/lib64/libcap-ng.so.0 (0x00007fba04376000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fba03fa1000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fba04788000)

gilberto.andrade@C430760:~$ rpm -qa|grep util-linux


I don't know which util-linux version is appropriated.