[ISSUE] yggdrasil: setpriv: libcap-ng is too old for "all" caps

[ISSUE] yggdrasil: setpriv: libcap-ng is too old for "all" caps

[whoizit]

[-- Attachment #1: Type: text/plain, Size: 1481 bytes --]

New issue by whoizit on void-packages repository

https://github.com/void-linux/void-packages/issues/26188

Description:
<!-- Don't request update of package. We have a script for that. https://alpha.de.repo.voidlinux.org/void-updates/void-updates.txt . However, a quality pull request may help. -->
### System

* xuname:  
  *output of ``xuname`` (part of xtools)*
```
~ $ xuname 
Do you want to import this public key? [Y/n] Y
Void 5.8.18_1 x86_64 AuthenticAMD notuptodate rF
```
* package:  
  *affected package(s) including the version*: ``xbps-query -p pkgver <pkgname>``
yggdrasil-0.3.14_2

### Expected behavior

### Actual behavior

### Steps to reproduce the behavior
```
~ $ doas /etc/sv/yggdrasil/run 
setpriv: libcap-ng is too old for "all" caps
~ $ xrs libcap
[*] libcap-2.45_1           POSIX.1e capabilities suite
[-] libcap-devel-2.45_1     POSIX.1e capabilities suite - development files
[*] libcap-ng-0.8_2         Alternate POSIX capabilities library
[-] libcap-ng-devel-0.8_2   Alternate POSIX capabilities library - development files
[-] libcap-ng-progs-0.8_2   Alternate POSIX capabilities library - utilities
[-] libcap-ng-python-0.8_2  Alternate POSIX capabilities library - transitional dummy pkg
[-] libcap-ng-python3-0.8_2 Alternate POSIX capabilities library - Python3 bindings
[-] libcap-pam-2.34_1       POSIX.1e capabilities suite - PAM module
[*] libcap-progs-2.45_1     POSIX.1e capabilities suite - utilities
```

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[Piraty]

[-- Attachment #1: Type: text/plain, Size: 155 bytes --]

New comment by Piraty on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-723484844

Comment:
@jcgruenhage 

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[jcgruenhage]

[-- Attachment #1: Type: text/plain, Size: 414 bytes --]

New comment by jcgruenhage on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-723494668

Comment:
The bug is not in yggdrasil or our package. It needs to be fixed by rebuilding some lib with newer kernel headers, but tbh, I don't know enough about that.

The 0.3.15 update PR disables the dropping of all privileges, which works around this, but it's not merged yet

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 262 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-723500552

Comment:
The plan was to wait on the 5.10 release for a new `kernel-libc-headers` package. We could queue a libcap rebuild then.

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 251 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-723502298

Comment:
> The bug is not in yggdrasil or our package.

It is our package, more specifically the yggdrasil service.

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[jcgruenhage]

[-- Attachment #1: Type: text/plain, Size: 231 bytes --]

New comment by jcgruenhage on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-723546597

Comment:
@ericonr Isn't this a bug in util-linux which causes things to break in our service?

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 366 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-723584190

Comment:
Kinda? I'm not sure if it's a bug or intended, so I reached out to upstream util-linux, which might end up with me reaching out to upstream libcap-ng as well.

But still, we were the ones who added setpriv to the service.

Re: yggdrasil: setpriv: libcap-ng is too old for "all" caps

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 285 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/issues/26188#issuecomment-752317558

Comment:
This has been temporarily fixed; I will see about backporting the util-linux changes so we can re-enable dropping capabilities in the service.

Re: [ISSUE] [CLOSED] yggdrasil: setpriv: libcap-ng is too old for "all" caps

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]

Closed issue by whoizit on void-packages repository

https://github.com/void-linux/void-packages/issues/26188

Description:
<!-- Don't request update of package. We have a script for that. https://alpha.de.repo.voidlinux.org/void-updates/void-updates.txt . However, a quality pull request may help. -->
### System

* xuname:  
  *output of ``xuname`` (part of xtools)*
```
~ $ xuname 
Do you want to import this public key? [Y/n] Y
Void 5.8.18_1 x86_64 AuthenticAMD notuptodate rF
```
* package:  
  *affected package(s) including the version*: ``xbps-query -p pkgver <pkgname>``
yggdrasil-0.3.14_2

### Expected behavior

### Actual behavior

### Steps to reproduce the behavior
```
~ $ doas /etc/sv/yggdrasil/run 
setpriv: libcap-ng is too old for "all" caps
~ $ xrs libcap
[*] libcap-2.45_1           POSIX.1e capabilities suite
[-] libcap-devel-2.45_1     POSIX.1e capabilities suite - development files
[*] libcap-ng-0.8_2         Alternate POSIX capabilities library
[-] libcap-ng-devel-0.8_2   Alternate POSIX capabilities library - development files
[-] libcap-ng-progs-0.8_2   Alternate POSIX capabilities library - utilities
[-] libcap-ng-python-0.8_2  Alternate POSIX capabilities library - transitional dummy pkg
[-] libcap-ng-python3-0.8_2 Alternate POSIX capabilities library - Python3 bindings
[-] libcap-pam-2.34_1       POSIX.1e capabilities suite - PAM module
[*] libcap-progs-2.45_1     POSIX.1e capabilities suite - utilities
```