Hi, everyone. Have a trouble with wireshark pkg installation. Process failed with msg:
error: unpacking of archive failed on file /usr/bin/dumpcap;6340843e: cpio: cap_set_file failed - Opertaion not permitted
Can’t found nothing helpfull in Internet. Someone know what is the problem?
Hello and welcome to the openSUSE forums.
Please always copy/paste complete. Not only the output (as you did above), but starting with the line with the prompt and the command, all output up to and including the line with the next prompt. Now we have no idea what you did.
Sorry. There is full input/output. But nothing strange or non tipical, what can be important apart error message:
viktor-pc:~ # zypper in wiresharkLoading repository data...
Reading installed packages...
Resolving package dependencies...
The following recommended package was automatically selected:
wireshark-ui-qt
The following 2 NEW packages are going to be installed:
wireshark wireshark-ui-qt
2 new packages to install.
Overall download size: 0 B. Already cached: 6.8 MiB. After the operation, additional 19.4 MiB will be used.
Continue? [y/n/v/...? shows all options] (y):
In cache wireshark-4.0.0-394.1.x86_64.rpm (1/2), 2.7 MiB ( 11.2 MiB unpacked)
In cache wireshark-ui-qt-4.0.0-394.1.x86_64.rpm (2/2), 4.1 MiB ( 8.2 MiB unpacked)
Checking for file conflicts: ................................................................................................................................[done]
error: unpacking of archive failed on file /usr/bin/dumpcap;63414df9: cpio: cap_set_file failed - Operation not permitted
error: wireshark-4.0.0-394.1.x86_64: install failed
(1/2) Installing: wireshark-4.0.0-394.1.x86_64 .............................................................................................................[error]
Installation of wireshark-4.0.0-394.1.x86_64 failed:
Error: Subprocess failed. Error: RPM failed: Command exited with status 1.
Abort, retry, ignore? [a/r/i] (a):
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.
Please see the above error message for a hint.
viktor-pc:~ #
Thanks for posting.
Your conclusion of what is important and what not is only a conclusion. People here like to come to their own conclusions, or at least like it to have the chance to come to their own conclusions. We now see e.g. exactly what you did. Only when you think that you never make mistakes (and others believe that) and that others always do everything the same way as you, that might be superfluous. And this request is not just for this case or for your person. It is a good practice here to do so.
Remember that we can not look over your shoulder and completely depend on your report on what you did, got and saw.
Where do you get that Version?
In Tumbleweed:
https://download.opensuse.org/tumbleweed/repo/oss/x86_64/wireshark-3.6.8-2.1.x86_64.rpm
Post
zypper lr -d
same for version 3.6.8.
Version 4.0.0 from repo build.opensuse.org/network:utilities
1 | Archiving | Archiving | 99 | rpm-md | https://download.opensuse.org/repositories/Archiving/openSUSE_Factory/ 2 | Kernel_stable | Kernel_stable | 99 | rpm-md | https://download.opensuse.org/repositories/Kernel:stable/standard/ |
3 | download.opensuse.org-non-oss | NON-OSS | 99 | rpm-md | http://download.opensuse.org/tumbleweed/repo/non-oss/ |
4 | download.opensuse.org-oss | OSS | 99 | rpm-md | http://download.opensuse.org/tumbleweed/repo/oss/ |
5 | download.opensuse.org-tumbleweed | Updtes | 99 | rpm-md | http://download.opensuse.org/update/tumbleweed/ |
6 | ftp.gwdg.de-Essentials | Packman Essentials Repository | 99 | rpm-md | http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials |
7 | jami | jami | 99 | rpm-md | https://dl.jami.net/ring-nightly/opensuse-tumbleweed/ |
8 | jitsi | jitsi | 99 | rpm-md | https://download.opensuse.org/repositories/home:happenpappen/openSUSE_Tumbleweed/ |
9 | openSUSE_Factory | network_utilities | 99 | rpm-md | https://download.opensuse.org/repositories/network:/utilities/openSUSE_Factory/ |
10 | openSUSE_Factory_1 | utilities | 99 | rpm-md | https://download.opensuse.org/repositories/utilities/openSUSE_Factory/ |
11 | openSUSE_Factory_2 | Virtualization | 99 | rpm-md | https://download.opensuse.org/repositories/Virtualization/openSUSE_Tumbleweed/ |
12 | openSUSE_Tumbleweed | Games_Tools | 99 | rpm-md | https://download.opensuse.org/repositories/games:/tools/openSUSE_Tumbleweed/ |
13 | openSUSE_Tumbleweed_1 | Games | 99 | rpm-md | https://download.opensuse.org/repositories/games/openSUSE_Tumbleweed/ |
27 | openSUSE_Tumbleweed_3 | Database_PostgreSQL | 99 | rpm-md | https://download.opensuse.org/repositories/server:/database:/postgresql/openSUSE_Tumbleweed/ |
28 | openSUSE_Tumbleweed_4 | devel_tools | 99 | rpm-md | https://download.opensuse.org/repositories/devel:/tools/openSUSE_Tumbleweed/ |
29 | openSUSE_Tumbleweed_5 | devel_python | 99 | rpm-md | https://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_Tumbleweed/ |
30 | openSUSE_Tumbleweed_6 | editors | 99 | rpm-md | https://download.opensuse.org/repositories/editors/openSUSE_Tumbleweed/ |
31 | openSUSE_Tumbleweed_7 | Education | 99 | rpm-md | https://download.opensuse.org/repositories/Education/openSUSE_Tumbleweed/ |
32 | openSUSE_Tumbleweed_8 | Emulators | 99 | rpm-md | https://download.opensuse.org/repositories/Emulators/openSUSE_Tumbleweed/ |
33 | openSUSE_Tumbleweed_9 | filesystems | 99 | rpm-md | https://download.opensuse.org/repositories/filesystems/openSUSE_Tumbleweed/ |
14 | openSUSE_Tumbleweed_10 | graphics | 99 | rpm-md | https://download.opensuse.org/repositories/graphics/openSUSE_Tumbleweed/ |
15 | openSUSE_Tumbleweed_11 | hardware | 99 | rpm-md | https://download.opensuse.org/repositories/hardware/openSUSE_Tumbleweed/ |
16 | openSUSE_Tumbleweed_12 | Java_Factory | 99 | rpm-md | https://download.opensuse.org/repositories/Java:/Factory/openSUSE_Tumbleweed/ |
17 | openSUSE_Tumbleweed_13 | Java_packages | 99 | rpm-md | https://download.opensuse.org/repositories/Java:/packages/openSUSE_Tumbleweed/ |
18 | openSUSE_Tumbleweed_14 | mozilla | 99 | rpm-md | https://download.opensuse.org/repositories/mozilla/openSUSE_Tumbleweed/ |
19 | openSUSE_Tumbleweed_15 | network | 99 | rpm-md | https://download.opensuse.org/repositories/network/openSUSE_Tumbleweed/ |
20 | openSUSE_Tumbleweed_16 | network_vpn | 99 | rpm-md | https://download.opensuse.org/repositories/network:/vpn/openSUSE_Tumbleweed/ |
21 | openSUSE_Tumbleweed_17 | network_wireguard | 99 | rpm-md | https://download.opensuse.org/repositories/network:/vpn:/wireguard/openSUSE_Tumbleweed/ |
22 | openSUSE_Tumbleweed_18 | packman | 98 | rpm-md | http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/ |
23 | openSUSE_Tumbleweed_19 | science | 99 | rpm-md | https://download.opensuse.org/repositories/science/openSUSE_Tumbleweed/ |
24 | openSUSE_Tumbleweed_20 | security | 99 | rpm-md | https://download.opensuse.org/repositories/security/openSUSE_Tumbleweed/ |
25 | openSUSE_Tumbleweed_21 | KDE_extra | 99 | rpm-md | https://download.opensuse.org/repositories/KDE:/Extra/openSUSE_Tumbleweed/ |
26 | openSUSE_Tumbleweed_23 | libpangox | 99 | rpm-md | https://download.opensuse.org/repositories/home:/Dead_Mozay/openSUSE_Tumbleweed/ |
34 | proaudio | proaudio | 99 | rpm-md | https://download.opensuse.org/repositories/multimedia:proaudio/openSUSE_Tumbleweed/ |
35 | repo-debug | openSUSE-Tumbleweed-Debug | 99 | rpm-md | http://download.opensuse.org/debug/tumbleweed/repo/oss/ |
36 | repo-source | openSUSE-Tumbleweed-Source | 99 | rpm-md | http://download.opensuse.org/source/tumbleweed/repo/oss/ |
37 | telephony | telephony | 99 | rpm-md | https://download.opensuse.org/repositories/network:telephony/openSUSE_Factory/ |
38 | vivaldi | vivaldi | 99 | rpm-md | https://repo.vivaldi.com/archive/rpm/x86_64 |
It does not really matter because Tumbleweed package sets capability for this file as well:
tw:~ # getcap /usr/bin/dumpcap
/usr/bin/dumpcap cap_net_admin,cap_net_raw=ep
tw:~ #
This implies that process that unpacks RPM payload lacks CAP_SETFCAP capability, either because it is non-root or because its capabilities are restricted. Run your zypper command, when it pauses with an error, show current capabilities for all processes starting with your current shell ($$) up to zypper and output of “id -a” in the same shell. Always provide full command invocations including final command promps. Also explain how you access your system. Is it local GUI session (which DM, which DE), is it local console login or is it remote network login (SSH or something else?).
Here is what is expected of unrestricted process with UID 0:
tw:~ # grep Cap /proc/$$/status
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
tw:~ # rm /tmp/foo
tw:~ # touch /tmp/foo
tw:~ # setcap cap_net_raw,cap_net_admin+ep /tmp/foo
tw:~ # getcap /tmp/foo
/tmp/foo cap_net_admin,cap_net_raw=ep
tw:~ #
Now start root shell without necessary capability
tw:~ # setpriv --bounding-set=-setfcap bash
tw:~ # rm /tmp/foo
tw:~ # touch /tmp/foo
tw:~ # setcap cap_net_raw,cap_net_admin+ep /tmp/foo
unable to set CAP_SETFCAP effective capability: Operation not permitted
tw:~ # grep Cap /proc/$$/status
CapInh: 0000000000000000
CapPrm: 000001ff7fffffff
CapEff: 000001ff7fffffff
CapBnd: 000001ff7fffffff
CapAmb: 0000000000000000
tw:~ #
Here is block of results
viktor-pc:~ # ps
PID TTY TIME CMD
13755 pts/1 00:00:00 sudo
13756 pts/1 00:00:00 su
13757 pts/1 00:00:00 bash
14355 pts/1 00:00:01 Zypp-main
14397 pts/1 00:00:00 systemd-inhibit
14398 pts/1 00:00:00 btrfs-defrag-pl
14400 pts/1 00:00:00 cat
14405 pts/1 00:00:00 permissions.py
14441 pts/1 00:00:00 ps
viktor-pc:~ #
viktor-pc:~ # grep Cap /proc/$$/statusCapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
viktor-pc:~ #
viktor-pc:~ # grep Cap /proc/14355/status
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
viktor-pc:~ #
viktor-pc:~ # rm /tmp/foo
rm: cannot remove '/tmp/foo': No such file or directory
viktor-pc:~ # touch /tmp/foo
viktor-pc:~ # setcap cap_net_raw,cap_net_admin+ep /tmp/foo
viktor-pc:~ # getcap /tmp/foo
/tmp/foo cap_net_admin,cap_net_raw=ep
viktor-pc:~ # setpriv --bounding-set=-setfcap bash
viktor-pc:~ # rm /tmp/foo
viktor-pc:~ # touch /tmp/foo
viktor-pc:~ # setcap cap_net_raw,cap_net_admin+ep /tmp/foo
unable to set CAP_SETFCAP effective capability: Operation not permitted
viktor-pc:~ # grep Cap /proc/$$/status
CapInh: 0000000000000000
CapPrm: 000001ff7fffffff
CapEff: 000001ff7fffffff
CapBnd: 000001ff7fffffff
CapAmb: 0000000000000000
viktor-pc:~ #
viktor-pc:~ # id -a
uid=0(root) gid=0(root) groups=0(root)
viktor-pc:~ #
It’s a local machine with KDE, using app Konsole. But totally same in tty2.
Download package and try installing it locally with rpm directly. Does it have the same issue?
same issue
Any further step depends on knowing what you did exactly. You did not show us this information.
I did exactly what you asked - downloaded and tried to install it locally with rpm. What any further steps can be here? Same issue, means same issue. Same error.
viktor-pc:~ # rpm -Uvh wireshark-4.0.0-394.1.x86_64.rpm
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:wireshark-4.0.0-394.1 ################################# [100%]
error: unpacking of archive failed on file /usr/bin/dumpcap;63431a3a: cpio: cap_set_file failed - Operation not permitted
error: wireshark-4.0.0-394.1.x86_64: install failed
viktor-pc:~ #
I hope no one need wget command output here?
Output of “type -a rpm” would be interesting.
viktor-pc:~ # type -a rpm
rpm is /usr/bin/rpm
rpm is /bin/rpm
viktor-pc:~ #
And to avoid next obvious questions:
viktor-pc:~ # ll -i /bin/rpm
3412659 -rwxr-xr-x 1 root root 19128 Sep 16 14:36 /bin/rpm
viktor-pc:~ # ll -i /usr/bin/rpm
3412659 -rwxr-xr-x 1 root root 19128 Sep 16 14:36 /usr/bin/rpm
viktor-pc:~ # rpm -qf /bin/rpm
rpm-4.17.1.1-1.1.x86_64
viktor-pc:~ # rpm -qf /usr/bin/rpm
rpm-4.17.1.1-1.1.x86_64
viktor-pc:~ #
Hi
I would suggest getting the rebuilt version (.395) and try that, or wait for 4.0 to appear in the actual Tumbleweed released snapshot.
https://build.opensuse.org/package/binaries/network:utilities/wireshark/openSUSE_Factory
Actually the next obvious question in this context would be “getcap /usr/bin/rpm” but somehow I do not think this is the reason.
Could you run “strace -f -o /tmp/strace.out rpm -U wireshark-4.0.0-394.1.x86_64.rpm” and make strace.out available (upload to https://susepaste.org)?
viktor-pc:~ # getcap /usr/bin/rpm
viktor-pc:~ #
After got previous message - tried one thing:
viktor-pc:~ # touch test.bin
viktor-pc:~ # chmod +x test.bin
viktor-pc:~ # setcap cap_net_raw,cap_net_admin+ep test.bin
Failed to set capabilities on file 'test.bin': Operation not permitted
viktor-pc:~ # pwd
/root
viktor-pc:~ #
Same on all physicall mounted file systems, except on efi. On efi i don’t tried. all rest are ext4:
viktor-pc:~ # mount | grep \/dev\/ | grep noatime
/dev/nvme0n1p2 on / type ext4 (rw,noatime)
/dev/sdb1 on /mnt/Data type ext4 (rw,noatime)
/dev/nvme0n1p1 on /boot/efi type vfat (rw,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/dev/sdc1 on /mnt/VMs type ext4 (rw,noatime)
/dev/sda1 on /home type ext4 (rw,noatime)
strace outpute here: https://susepaste.org/42444060
That is not what you have shown before:
viktor-pc:~ # touch /tmp/foo
viktor-pc:~ # setcap cap_net_raw,cap_net_admin+ep /tmp/foo
viktor-pc:~ # getcap /tmp/foo
/tmp/foo cap_net_admin,cap_net_raw=ep
Does it still work for /tmp/foo now?
strace outpute here: https://susepaste.org/42444060
Well, that is nothing new unfortunately:
11601 setxattr("/usr/bin/dumpcap;6345296e", "security.capability", "\1\0\0\2\0000\0\0\0\0\0\0\0\0\0\0\0\0\0", 20, 0) = -1 EPERM (Operation not permitted)
Shot in the dark - try to deactivate AppArmor with “aa-teardown”?
setcap for /tmp/foo is still works. I can copy output here, but is totally same as in you quote. But i have /tmp with tmpfs in memory, not on disk.
aa-teardown command doesn’t exist in my system. I have been deleted everything related with AppArmor and selinux, except shared libraries related with other apps.
Well, full proc/self/mountinfo content may be helpful too.
Anyway, to be sure it is really filesystem type and not path:
tw:~ # mkdir testdir
tw:~ # touch ./testdir/foo
tw:~ # setcap cap_net_raw,cap_net_admin+ep ./testdir/foo
tw:~ # getcap ./testdir/foo
./testdir/foo cap_net_admin,cap_net_raw=ep
tw:~ # mount -t tmpfs none ./testdir/
tw:~ # touch ./testdir/bar
tw:~ # setcap cap_net_raw,cap_net_admin+ep ./testdir/bar
tw:~ # getcap ./testdir/bar
./testdir/bar cap_net_admin,cap_net_raw=ep
tw:~ #