Cpio: cap_set_file


I’m hitting an error while trying to install httpd on a centos 7 and fedora 26 container. The httpd RPM installation fails with the following error:

error: unpacking of archive failed on file /usr/sbin/suexec;599f08ce: cpio: cap_set_file

I’ve only been able to find info on that it’s related to an AUFS bug, but no solutions on how to overcome. I have this error on LXC with Ubuntu 16.04 host on ZFS and Fedora 26 host.

That’s not an aufs bug.

Unpacking httpd is failing because one of its files (/usr/sbin/suexec) has a filesystem capability set (cap_set_file). The Linux kernel doesn’t allow unprivileged users (and therefore unprivileged containers) to set such capabilities on files.

@hallyn has been working on a kernel fix to this problem for quite a while now. Once that fix is merged in the upstream kernel, installing such packages will then work fine.

Until then, you have only a few options:

  • Use a privileged container rather than an unprivileged one
  • Stay away from any affected packages
  • Use another Linux distribution for your container

I tried chroot to container’s rootfs and installing httpd package worked for me without any issues.
Just needed to chown the container’s root uid:gid to the files installed (to fix permission issues).

1 Like