Hi, I run archlinuxarm on cubox-i 4x4 linux-imx6 3.14.79-3. Recently one of the programs I run in it upgraded to avoid running as root and instead make use of ambient capabilities with a normal user. It didn't work. Project is pihole-FTL.
$this->bbcode_second_pass_quote('', '
')max.bra commented on 2019-10-07 11:20
so, i.MX6... at the moment i don't have any other clue. Maybe you can ask to
the archarm devs about ambient capabilities state?
pepper_chico commented on 2019-10-07 10:51 (edited on 2019-10-07 11:19 by pepper_chico)
@max.bra I run pi-hole on ARM with https://archlinuxarm.org/, I think their
kernel is recent enough to support this, but I dunno whether it's enabled.
I'm not willing keep compiling kernel for ARM myself for this, so, if there
isn't another way, I'll fix running as root :/ Specifically it's a Cubox-i,
so kernel is linux-imx6 3.14.79-3: https://archlinuxarm.org/packages/armv7h/linux-imx6
max.bra commented on 2019-10-07 04:06
@pepper_chico it seems that your kernel has not ambient capabilities enabled.
can you try, or better, upgrade to a different/recent kernel version checking
that CONFIG_SECURITY_CAPABILITIES kernel config option is enabled?
pepper_chico commented on 2019-10-06 23:49
@max.bra, this is what's in journal:
Oct 06 23:46:54 planck systemd[1]: pihole-FTL.service: Main process exited, code=exited, status=218/CAPABILITIES
Oct 06 23:46:54 planck systemd[14094]: pihole-FTL.service: Failed at step CAPABILITIES spawning /usr/bin/pihole-FTL: Invalid argument
Oct 06 23:46:54 planck systemd[14094]: pihole-FTL.service: Failed to apply ambient capabilities (before UID change): Invalid argument