I have tweaked zipl to do a perror, and did a build out of a PPA. This resulted in:
+ chroot mountpoint /sbin/zipl -V --image=/boot/vmlinuz --ramdisk=/boot/initrd.img --parameters=root=LABEL=cloudimg-rootfs --target=/boot/ --targetbase=/dev/loop0 --targettype=SCSI --targetblocksize=512 --targetoffset=2048
Could not get file mapping.: Operation not permitted
As expected. Checking kernel code, it does this:
52static int ioctl_fibmap(struct file *filp, int __user *p)
53{
54 struct address_space *mapping = filp->f_mapping;
55 int res, block;
56
57 /* do we support this mess? */
58 if (!mapping->a_ops->bmap)
59 return -EINVAL;
60 if (!capable(CAP_SYS_RAWIO))
61 return -EPERM;
62 res = get_user(block, p);
63 if (res)
64 return res;
65 res = mapping->a_ops->bmap(mapping, block);
66 return put_user(res, p);
67}
Thus this suggests that !capable(CAP_SYS_RAWIO) is not available, and this capability is checked against root user-space (as in real root should have CAP_SYS_RAWIO). And this does sound scary that this is allowed on the devirt livefs builds on s390x....
To get cpc builds going please allow this capability, on s390x, as it was before. Meanwhile I will work on extending zipl command + matching livecd-rootfs SRUs to avoid using FIBMAP by providing pre-calculated values that it tries to inspect.
I have tweaked zipl to do a perror, and did a build out of a PPA. This resulted in:
+ chroot mountpoint /sbin/zipl -V --image= /boot/vmlinuz --ramdisk= /boot/initrd. img --parameters= root=LABEL= cloudimg- rootfs --target=/boot/ --targetbase= /dev/loop0 --targettype=SCSI --targetblocksi ze=512 --targetoffset=2048
Could not get file mapping.: Operation not permitted
As expected. Checking kernel code, it does this:
52static int ioctl_fibmap(struct file *filp, int __user *p) >a_ops- >bmap) CAP_SYS_ RAWIO)) >a_ops- >bmap(mapping, block);
53{
54 struct address_space *mapping = filp->f_mapping;
55 int res, block;
56
57 /* do we support this mess? */
58 if (!mapping-
59 return -EINVAL;
60 if (!capable(
61 return -EPERM;
62 res = get_user(block, p);
63 if (res)
64 return res;
65 res = mapping-
66 return put_user(res, p);
67}
Thus this suggests that !capable( CAP_SYS_ RAWIO) is not available, and this capability is checked against root user-space (as in real root should have CAP_SYS_RAWIO). And this does sound scary that this is allowed on the devirt livefs builds on s390x....
To get cpc builds going please allow this capability, on s390x, as it was before. Meanwhile I will work on extending zipl command + matching livecd-rootfs SRUs to avoid using FIBMAP by providing pre-calculated values that it tries to inspect.