[Debian-ha-maintainers] Bug#551479: adding some capability-related code probably originating from drbd8 upstream, successful build but drbdadm up resources returns CAP_SYS_ADMIN necessary error while selinux is completely disabled

Piotr Wadas pwadas at jewish.org.pl
Sun Oct 18 14:22:53 UTC 2009 

Package: drbd8-source
Version: 2:8.3.4-1
Severity: grave


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux left 2.6.27.23-0.1_lustre.1.8.1-default #1 SMP 2009-05-26 17:02:05 -0400 i686 GNU/Linux
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL)
Shell: /bin/sh linked to /bin/bash

Boot command line: 
BOOT_IMAGE=/boot/vmlinuz-2.6.27.23-0.1_lustre.1.8.1-default root=/dev/mapper/left-root ro enforcing=0 selinux=0

This did not appear in 8.3.3rc3. Guess it's regarding capability/selinux include issue, because
comparing recursive diff of drbd8-source between 8.3.3rc3 and 8.3.4. Not attaching a fix
patch, because this capability include is probably considered a "feature" in upstream version,
so, a patch will actually revert it back to 8.3.3rc3 (?). Selinux is actually not build/included at all
with this kernel, enforcing and disable in boot cmdline is added just-for-sake

This appears while attaching previously created resources, or initializing newly-created resources.

0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 disk /dev/drbdvg/lvmdt0 /dev/drbdvg/lvmdt0 internal --set-defaults --create-device --on-io-error=detach' terminated with exit code 10
0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 syncer --set-defaults --create-device --verify-alg=crc32c --rate=10M' terminated with exit code 10
0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 net 192.168.57.101:7789 192.168.57.102:7789 C --set-defaults --create-device --cram-hmac-alg=sha1 --shared-secret=di9AM0Wae5ge' terminated with exit code 10
0: Failure: (152) Permission denied. CAP_SYS_ADMIN necessary
Command 'drbdsetup 0 disk /dev/drbdvg/lvmdt0 /dev/drbdvg/lvmdt0 internal --set-defaults --create-device --on-io-error=detach' terminated with exit code 10

More information about the Debian-ha-maintainers mailing list