[arch-general] Updating iputils over NFS

Thomas Bächler thomas at archlinux.org
Mon Oct 1 05:09:05 EDT 2012


Am 01.10.2012 11:05, schrieb Paul Gideon Dann:
> On Friday 28 Sep 2012 16:32:09 Bryan Schumaker wrote:
>>> I suspect this is something to do with NFS not supporting the capabilities
>>> that setcap is trying to use, but I admit I haven't encountered
>>> capabilities before I ran into this issue, so it's just a guess.
>>>
>>> Has anyone else seen this problem, or does anyone have an idea how to fix
>>> it?
>> NFS doesn't support any capibilities, so I guess the output is to be
>> expected... I'm not sure what to do as a workaround, though.  Does the
>> package still install and run even though it printed the warning?
> 
> Hmm; yeah.  Well the package installs, but ping doesn't work for non-root 
> users.  It's not a critical issue, because these are network-booted worker 
> nodes in a cluster, and I doubt ping will be needed directly on the nodes.  
> However, it worries me that other things might be affected at some point if 
> capabilities are increasingly used.  I might put in a bug report and see what 
> the devs think.

The lack of capability support on NFS is a shame. In general, we should
probably fall back to setuid-root whenever setcap fails and silence this
error message.

In my opinion, capabilities should be used much more widely and replace
setuid-root whereever possible.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20121001/3c3954bf/attachment.asc>


More information about the arch-general mailing list