Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify CAPABILITIES exec error "Invalid argument" #5000

Closed
1 task done
mestaritonttu opened this issue Dec 30, 2016 · 2 comments
Closed
1 task done

Clarify CAPABILITIES exec error "Invalid argument" #5000

mestaritonttu opened this issue Dec 30, 2016 · 2 comments

Comments

@mestaritonttu
Copy link

Submission type

  • Request for enhancement (RFE)

systemd version the issue has been seen with

229-232

Used distribution

Arch Linux

This is similar to #4959

Using the service file for Caddy webserver, if I uncomment AmbientCapabilities=CAP_NET_BIND_SERVICE I get Failed at step CAPABILITIES spawning /usr/bin/caddy: Invalid argument.

Same is observed with this test service:

[Service]
ExecStart=/sbin/capsh --print
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
User=nobody

Would be great to have a more detailed error appear in journal.
@jnpkrn
Copy link
Contributor

jnpkrn commented Jan 11, 2017

It would be helpful if the log was more detailed about what call
or action failed in particular. At least I wished there was a bigger
verbosity when finding a root cause of
https://bugzilla.redhat.com/show_bug.cgi?id=1412165
which turned out to be SELinux (or rather selinux-policy) issue,
unfortunate decision to make respective rules dontaudit did not
exactly help there.

@mestaritonttu
Copy link
Author

mestaritonttu commented Jan 11, 2017
edited

By the way, I did an strace and this is the exact error:
prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_NET_BIND_SERVICE, 0, 0) = -1 EINVAL (Invalid argument)
.. and I still have no idea of the cause

keszybz added a commit to keszybz/systemd that referenced this issue Jan 12, 2017
@keszybz
pid1: provide a more detailed error message when execution fails
79d3497 
Fixed systemd#5000.
@keszybz keszybz mentioned this issue Jan 12, 2017
Merged
keszybz added a commit to keszybz/systemd that referenced this issue Jan 16, 2017
@keszybz
pid1: provide a more detailed error message when execution fails
1a3a5dc 
Fixed systemd#5000.
keszybz added a commit that referenced this issue Jan 18, 2017
@keszybz
pid1: provide a more detailed error message when execution fails (#5074)
70dd455 
Fixes #5000.
@evverx evverx mentioned this issue Sep 26, 2017
Merged
@syuu1228 syuu1228 mentioned this issue Apr 4, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mestaritonttu @jnpkrn