Cpio: cap_set_file

cg28oh · August 28, 2017, 6:43pm

Hello,

I’m hitting an error while trying to install httpd on a centos 7 and fedora 26 container. The httpd RPM installation fails with the following error:

error: unpacking of archive failed on file /usr/sbin/suexec;599f08ce: cpio: cap_set_file

I’ve only been able to find info on that it’s related to an AUFS bug, but no solutions on how to overcome. I have this error on LXC with Ubuntu 16.04 host on ZFS and Fedora 26 host.

stgraber · August 28, 2017, 6:50pm

That’s not an aufs bug.

Unpacking httpd is failing because one of its files (/usr/sbin/suexec) has a filesystem capability set (cap_set_file). The Linux kernel doesn’t allow unprivileged users (and therefore unprivileged containers) to set such capabilities on files.

@hallyn has been working on a kernel fix to this problem for quite a while now. Once that fix is merged in the upstream kernel, installing such packages will then work fine.

Until then, you have only a few options:

Use a privileged container rather than an unprivileged one
Stay away from any affected packages
Use another Linux distribution for your container

VijayBais · April 13, 2018, 9:40am

I tried chroot to container’s rootfs and installing httpd package worked for me without any issues.
Just needed to chown the container’s root uid:gid to the files installed (to fix permission issues).