Hello, On Thu, May 30, 2019 at 09:08:38AM +0300, Reco wrote: > Easy. You run debootstrap, set some --include options (which pull > libcap2-bin by dependency), and then you tar the whole resulting > filesystem. > tar never understood file capabilities, so they are lost in the process.
Sure, tar is one of the example ways I mentioned before of how I've seen this go wrong. > debootstrap (no --variant) does install iputils-ping, but does not > install libcap2-bin. Hence iputils-ping postinst script simply sets > suid bit on /bin/ping as postinst cannot locate setcap. Oh, that's interesting. I didn't think of the case where there is no libcap2-bin. Still, these reporters aren't getting a suid bit either, so I guess there must be something else going wrong. Not debootstrap. Cheers, Andy
