1940791 – libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1940791 - libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply

Summary: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP i...

Keywords:
Status:	CLOSED DUPLICATE of bug 1924218
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	34
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-03-19 07:42 UTC by rmandrad
Modified:	2021-05-19 22:25 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-03-19 18:15:22 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description rmandrad 2021-03-19 07:42:05 UTC

Description of problem:

Checking the service status I get the following message after upgrading from F33 to F34

 libvirtd[4724]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply

Version-Release number of selected component (if applicable):
libvirtd (libvirt) 7.0.0 on Fedora 34 (upgraded from F33)

Comment 1 rmandrad 2021-03-19 18:15:22 UTC

Problem went away after an update to libvirt

Comment 2 Martin Wolf 2021-04-17 18:07:47 UTC

what exactly did you do to make this error disappear?
I have two of them after the update to F34

1. libcap-ng used by "/usr/sbin/libvirt-dbus" failed due to not having CAP_SETPCAP in capng_apply
2. libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply

Comment 3 Sampson Fung 2021-04-19 18:17:13 UTC

I got this problem with Silverblue 34.

$ rpm-ostree status
Deployments:
● ostree://fedora:fedora/34/x86_64/silverblue
                   Version: 34.20210419.n.0 (2021-04-19T08:11:39Z)
                BaseCommit: 33b03db67237704cc191e9553627ffe7feb77454c4637b74f14ab60511de4398
              GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39
           LayeredPackages: fedora-workstation-repositories gparted ibus-cangjie-engine-cangjie iwd langpacks-en libguestfs-tools
                            libvirt-daemon-config-network libvirt-daemon-kvm lxpolkit nmap-ncat python3-libguestfs qemu-kvm sway
                            virt-install virt-manager virt-top virt-viewer waypipe


$rpm -qa libvirt*
libvirt-bash-completion-7.0.0-4.fc34.x86_64
libvirt-libs-7.0.0-4.fc34.x86_64
libvirt-daemon-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-core-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-network-7.0.0-4.fc34.x86_64
libvirt-daemon-config-network-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-qemu-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-secret-7.0.0-4.fc34.x86_64
libvirt-glib-4.0.0-1.fc34.x86_64
libvirt-daemon-driver-storage-disk-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-gluster-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-iscsi-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-iscsi-direct-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-logical-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-mpath-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-scsi-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-sheepdog-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-zfs-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-interface-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-nodedev-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-nwfilter-7.0.0-4.fc34.x86_64
libvirt-client-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-rbd-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-7.0.0-4.fc34.x86_64
libvirt-daemon-kvm-7.0.0-4.fc34.x86_64

$journalctl  -b -u libvirtd
-- Journal begins at Sun 2021-03-14 13:52:59 HKT, ends at Tue 2021-04-20 02:16:24 HKT. --
Apr 20 01:24:53 amdf systemd[1]: Starting Virtualization daemon...
Apr 20 01:24:54 amdf systemd[1]: Started Virtualization daemon.
Apr 20 01:24:54 amdf libvirtd[946]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
Apr 20 01:24:54 amdf libvirtd[947]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
Apr 20 01:24:54 amdf libvirtd[1011]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
Apr 20 01:24:54 amdf libvirtd[1012]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
Apr 20 01:24:54 amdf dnsmasq[1025]: started, version 2.84rc2 cachesize 150
Apr 20 01:24:54 amdf dnsmasq[1025]: compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-connt>
Apr 20 01:24:54 amdf dnsmasq-dhcp[1025]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h
Apr 20 01:24:54 amdf dnsmasq-dhcp[1025]: DHCP, sockets bound exclusively to interface virbr0
Apr 20 01:24:54 amdf dnsmasq[1025]: reading /etc/resolv.conf
Apr 20 01:24:54 amdf dnsmasq[1025]: using nameserver 127.0.0.53#53
Apr 20 01:24:54 amdf dnsmasq[1025]: read /etc/hosts - 2 addresses
Apr 20 01:24:54 amdf dnsmasq[1025]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Apr 20 01:24:54 amdf dnsmasq-dhcp[1025]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Apr 20 01:24:54 amdf libvirtd[1038]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
Apr 20 01:24:55 amdf libvirtd[1053]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SET

Comment 4 Alexander Murashkin 2021-05-05 00:55:28 UTC

The same here after upgrade to F34

  1 May 04 19:46:27 host.example.com systemd[1]: Started Virtualization daemon.
  2 May 04 19:46:27 host.example.com libvirtd[15012]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
  3 May 04 19:46:27 host.example.com libvirtd[15013]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
  4 May 04 19:46:27 host.example.com dnsmasq[6277]: read /etc/hosts - 2 addresses
  5 May 04 19:46:27 host.example.com dnsmasq[6277]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
  6 May 04 19:46:27 host.example.com dnsmasq-dhcp[6277]: read /var/lib/libvirt/dnsmasq/default.hostsfile
  7 May 04 19:46:27 host.example.com libvirtd[14992]: libvirt version: 7.0.0, package: 4.fc34 (Fedora Project, 2021-02-03-20:03:12, )
  8 May 04 19:46:27 host.example.com libvirtd[14992]: hostname: raptor.castle.aimk.com
  9 May 04 19:46:27 host.example.com libvirtd[14992]: ignoring dangling symlink '/usr/share/virtio-win/virtio-win_servers_x86.vfd'
 10 May 04 19:46:27 host.example.com libvirtd[15079]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
 11 May 04 19:46:28 host.example.com libvirtd[15099]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
 12 May 04 19:46:28 host.example.com libvirtd[15123]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
 13 May 04 19:46:29 host.example.com libvirtd[15141]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
 14 May 04 19:46:29 host.example.com systemd[1]: Listening on Virtual machine log manager socket.
 15 May 04 19:46:29 host.example.com systemd[1]: Started Virtual machine log manager.

Kernel 5.11.17-300.fc34.x86_64

libvirt packages

fence-virtd-libvirt-1.0.0-4.fc34.x86_64
libvirt-7.0.0-4.fc34.x86_64
libvirt-admin-7.0.0-4.fc34.x86_64
libvirt-bash-completion-7.0.0-4.fc34.x86_64
libvirt-cim-0.6.3-16.fc34.x86_64
libvirt-client-7.0.0-4.fc34.x86_64
libvirt-daemon-7.0.0-4.fc34.x86_64
libvirt-daemon-config-network-7.0.0-4.fc34.x86_64
libvirt-daemon-config-nwfilter-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-interface-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-libxl-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-lxc-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-network-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-nodedev-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-nwfilter-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-qemu-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-secret-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-core-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-disk-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-gluster-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-iscsi-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-iscsi-direct-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-logical-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-mpath-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-rbd-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-scsi-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-sheepdog-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-storage-zfs-7.0.0-4.fc34.x86_64
libvirt-daemon-driver-vbox-7.0.0-4.fc34.x86_64
libvirt-daemon-kvm-7.0.0-4.fc34.x86_64
libvirt-daemon-lxc-7.0.0-4.fc34.x86_64
libvirt-daemon-qemu-7.0.0-4.fc34.x86_64
libvirt-daemon-vbox-7.0.0-4.fc34.x86_64
libvirt-dbus-1.4.0-3.fc34.x86_64
libvirt-docs-7.0.0-4.fc34.x86_64
libvirt-gconfig-4.0.0-1.fc34.x86_64
libvirt-glib-4.0.0-1.fc34.x86_64
libvirt-gobject-4.0.0-1.fc34.x86_64
libvirt-libs-7.0.0-4.fc34.x86_64
libvirt-lock-sanlock-7.0.0-4.fc34.x86_64
libvirt-login-shell-7.0.0-4.fc34.x86_64
libvirt-nss-7.0.0-4.fc34.x86_64
libvirt-sandbox-0.8.0-7.fc34.x86_64
libvirt-sandbox-libs-0.8.0-7.fc34.x86_64
libvirt-wireshark-7.0.0-4.fc34.x86_64
python3-libvirt-7.0.0-2.fc34.x86_64

Comment 5 salvatore dario minonne 2021-05-05 09:07:21 UTC

Hi,

it appears I've two problems with libvirt
1) the CAP_SETPCAP
2) the firewalld issue: GDBus.Error:org.fedoraproject.FirewallD1.Exception: COMMAND_FAILED: 'python-nftables' failed

Unsure if they're related. Let me know if I need to open another BZ.

Here is the systemctl output, Thanks!


$ sudo systemctl status libvirtd.service
○ libvirtd.service - Virtualization daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Wed 2021-05-05 11:00:13 CEST; 1min 57s ago
TriggeredBy: ● libvirtd-admin.socket
             ● libvirtd.socket
             ● libvirtd-ro.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
    Process: 427443 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
   Main PID: 427443 (code=exited, status=0/SUCCESS)
      Tasks: 2 (limit: 32768)
     Memory: 1.8M
        CPU: 329ms
     CGroup: /system.slice/libvirtd.service
             ├─39619 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
             └─39620 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

May 05 10:58:13 lnvtp53 libvirtd[427470]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
May 05 10:58:13 lnvtp53 libvirtd[427443]: libvirt version: 7.0.0, package: 4.fc34 (Fedora Project, 2021-02-03-20:03:12, )
May 05 10:58:13 lnvtp53 libvirtd[427443]: hostname: lnvtp53
May 05 10:58:13 lnvtp53 libvirtd[427443]: error from service: GDBus.Error:org.fedoraproject.FirewallD1.Exception: COMMAND_FAILED: 'python-nftables' failed: 
                                          JSON blob:
                                          {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "virbr0"}}, {"goto": {"target": "filter_IN_libvirt"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZO>
May 05 10:58:13 lnvtp53 dnsmasq[39619]: read /etc/hosts - 3 addresses
May 05 10:58:13 lnvtp53 dnsmasq[39619]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
May 05 10:58:13 lnvtp53 dnsmasq-dhcp[39619]: read /var/lib/libvirt/dnsmasq/default.hostsfile
May 05 11:00:13 lnvtp53 systemd[1]: libvirtd.service: Deactivated successfully.
May 05 11:00:13 lnvtp53 systemd[1]: libvirtd.service: Unit process 39619 (dnsmasq) remains running after unit stopped.
May 05 11:00:13 lnvtp53 systemd[1]: libvirtd.service: Unit process 39620 (dnsmasq) remains running after unit stopped.

Comment 6 JianHong Yin 2021-05-08 06:54:13 UTC

got same problem on Fedora-34 Cloud image #As KVM host:

'''
[foo@fedora-host ~]$ sudo systemctl status libvirtd
● libvirtd.service - Virtualization daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-05-08 06:42:15 UTC; 4min 42s ago
TriggeredBy: ● libvirtd-admin.socket
             ● libvirtd.socket
             ● libvirtd-ro.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
   Main PID: 15006 (libvirtd)
      Tasks: 23 (limit: 32768)
     Memory: 17.9M
        CPU: 2.506s
     CGroup: /system.slice/libvirtd.service
             ├─14801 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
             ├─14802 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
             └─15006 /usr/sbin/libvirtd --timeout 120

May 08 06:43:25 fedora-host libvirtd[15446]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply
May 08 06:43:25 fedora-host libvirtd[15006]: libvirt version: 7.0.0, package: 4.fc34 (Fedora Project, 2021-02-03-20:03:12, )
May 08 06:43:25 fedora-host libvirtd[15006]: hostname: fedora-host
May 08 06:43:25 fedora-host libvirtd[15006]: Domain id=1 name='nested-fedora' uuid=0b16cff5-4605-40b3-aeb8-e368585f109f is tainted: custom-argv
May 08 06:43:49 fedora-host dnsmasq-dhcp[14801]: DHCPDISCOVER(virbr0) 52:54:00:f8:9d:f3
May 08 06:43:49 fedora-host dnsmasq-dhcp[14801]: DHCPOFFER(virbr0) 192.168.124.226 52:54:00:f8:9d:f3
May 08 06:43:49 fedora-host dnsmasq-dhcp[14801]: DHCPDISCOVER(virbr0) 52:54:00:f8:9d:f3
May 08 06:43:49 fedora-host dnsmasq-dhcp[14801]: DHCPOFFER(virbr0) 192.168.124.226 52:54:00:f8:9d:f3
May 08 06:43:49 fedora-host dnsmasq-dhcp[14801]: DHCPREQUEST(virbr0) 192.168.124.226 52:54:00:f8:9d:f3
May 08 06:43:49 fedora-host dnsmasq-dhcp[14801]: DHCPACK(virbr0) 192.168.124.226 52:54:00:f8:9d:f3 nested-fedora
'''

Comment 7 NM 2021-05-13 17:08:06 UTC

irqbalance reporting the same: 

May 13 08:08:51 /usr/sbin/irqbalance[2478]: libcap-ng used by "/usr/sbin/irqbalance" failed due to not having CAP_SETPCAP in capng_apply
May 13 08:08:55 libvirtd[3934]: libcap-ng used by "/usr/sbin/libvirtd" failed due to not having CAP_SETPCAP in capng_apply

Why is this marked as 'CLOSED NOTABUG'?

Comment 8 Sorin Sbarnea 2021-05-15 16:53:38 UTC

I am quite curious about the subject because I get the same with f34 and there is no mention on why this happens and what is the solution for it. I get this on my own "baremetal" lenovo laptop which has virtualization enabled and not inside a VM.

Comment 9 NM 2021-05-15 17:14:32 UTC

Bug status is 'CLOSED NOTABUG' which seems premature. Can it be reopened,please?

Comment 10 Cole Robinson 2021-05-19 22:25:33 UTC

There's another bug already tracking this: https://bugzilla.redhat.com/show_bug.cgi?id=1924218

*** This bug has been marked as a duplicate of bug 1924218 ***

Note You need to log in before you can comment on or make changes to this bug.

agedosier
alex765
alexandermurashkin
andrew.kavalov
berrange
clalancette
crobinso
dario.minonne
darknater
devin
jforbes
jiyin
laine
libvirt-maint
mihai
mwolf
sampsonfung
ssbarnea
veillard
virt-maint