ping rise libcap.so.2: Permission denied

roginovicci · July 27, 2022, 5:57pm

Hi,
I have a very strange problem. when I try to ping something I get the following error:

ping: error while loading shared libraries: libcap.so.2: cannot open shared object file: Permission denied

$ sudo strace ping google.com

openat(AT_FDCWD, "/usr/lib64/x86_64/libcap.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)stat("/usr/lib64/x86_64", 0x7ffe79552480) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/libcap.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
stat("/usr/lib64", {st_mode=S_IFDIR|0755, st_size=96592, ...}) = 0
writev(2, {iov_base="ping", iov_len=4}, {iov_base=": ", iov_len=2}, {iov_base="error while loading shared libra"..., iov_len=36}, {iov_base=": ", iov_len=2}, {iov_base="libcap.so.2", iov_len=11}, {iov_base=": ", iov_len=2}, {iov_base="cannot open shared object file", iov_len=30}, {iov_base=": ", iov_len=2}, {iov_base="Permission denied", iov_len=17}, {iov_base="
", iov_len=1}], 10ping: error while loading shared libraries: libcap.so.2: cannot open shared object file: Permission denied
) = 107
exit_group(127)                         = ?
byte 0/0 (END)+++ exited with 127 +++

The library is exist and readable:


sudo ls -l /usr/lib64/libcap.so*
lrwxrwxrwx 1 root root     11 Jul 21 17:34 /usr/lib64/libcap.so -> libcap.so.2
lrwxrwxrwx 1 root root     14 Jul 21 17:34 /usr/lib64/libcap.so.2 -> libcap.so.2.63
-rwxr-xr-x 1 root root 151552 Jul 21 17:34 /usr/lib64/libcap.so.2.63

The most strange thing is if I copy the ping binary file from /usr/bin it works!

sudo bash
cp /usr/bin/ping /root
/root/ping google.com
PING google.com (74.125.131.138) 56(84) bytes of data.

And if I write some simple application which use libcap.so library it works just fine. This means I have a problem with ping and only when binary ping file is placed in /usr/bin or /sbin directory.

When I set runlevel 1 (systemctl set-default rescue.target) and reboot ping is working. Runlevel 3 and 5 multi-user and graphical.target. Ping is not working.
This is first time a run with such a wierd problem. What program can hold ping?
My firewall is down

 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Thank you in advance,
Eugene

roginovicci · July 27, 2022, 5:57pm

I have the following running units:

  UNIT                                                                                      LOAD   ACTIVE SUB     DESCRIPTION                                  >
  accounts-daemon.service                                                                   loaded active running Accounts Service
  alsa-restore.service                                                                      loaded active exited  Save/Restore Sound Card State
  auditd.service                                                                            loaded active running Security Auditing Service
  augenrules.service                                                                        loaded active exited  auditd rules generation
  avahi-daemon.service                                                                      loaded active running Avahi mDNS/DNS-SD Stack
  boot-sysctl.service                                                                       loaded active exited  Apply Kernel Variables for 5.14.21-150400.22->
  cron.service                                                                              loaded active running Command Scheduler
  cups.service                                                                              loaded active running CUPS Scheduler
  dbus.service                                                                              loaded active running D-Bus System Message Bus
  detect-part-label-duplicates.service                                                      loaded active exited  Detect if the system suffers from bsc#1089761
  display-manager.service                                                                   loaded active running X Display Manager
  dracut-shutdown.service                                                                   loaded active exited  Restore /run/initramfs on shutdown
  getty@tty1.service                                                                        loaded active running Getty on tty1
  haveged.service                                                                           loaded active running Entropy Daemon based on the HAVEGE algorithm
  irqbalance.service                                                                        loaded active running irqbalance daemon
  kbdsettings.service                                                                       loaded active exited  Apply settings from /etc/sysconfig/keyboard
  klog.service                                                                              loaded active exited  Early Kernel Boot Messages
  kmod-static-nodes.service                                                                 loaded active exited  Create List of Static Device Nodes
  lvm2-monitor.service                                                                      loaded active exited  Monitoring of LVM2 mirrors, snapshots etc. us>
  mcelog.service                                                                            loaded active running Machine Check Exception Logging Daemon
  ModemManager.service                                                                      loaded active running Modem Manager
  NetworkManager-wait-online.service                                                        loaded active exited  Network Manager Wait Online
  NetworkManager.service                                                                    loaded active running Network Manager
  nscd.service                                                                              loaded active running Name Service Cache Daemon
  plymouth-quit-wait.service                                                                loaded active exited  Hold until boot process finishes up
  plymouth-read-write.service                                                               loaded active exited  Tell Plymouth To Write Out Runtime Data
  plymouth-start.service                                                                    loaded active exited  Show Plymouth Boot Screen
  polkit.service                                                                            loaded active running Authorization Manager
  postfix.service                                                                           loaded active running Postfix Mail Transport Agent
  rsyslog.service                                                                           loaded active running System Logging Service
  smartd.service                                                                            loaded active running Self Monitoring and Reporting Technology (SMA>
  sshd.service                                                                              loaded active running OpenSSH Daemon
  systemd-binfmt.service                                                                    loaded active exited  Set Up Additional Binary Formats
  systemd-fsck@dev-disk-by\x2duuid-0ca8e426\x2dcefb\x2d4827\x2db784\x2daee0341a6c9b.service loaded active exited  File System Check on /dev/disk/by-uuid/0ca8e4>
  systemd-journal-flush.service                                                             loaded active exited  Flush Journal to Persistent Storage
  systemd-journald.service                                                                  loaded active running Journal Service
  systemd-logind.service                                                                    loaded active running User Login Management
  systemd-modules-load.service                                                              loaded active exited  Load Kernel Modules
  systemd-random-seed.service                                                               loaded active exited  Load/Save Random Seed
  systemd-remount-fs.service                                                                loaded active exited  Remount Root and Kernel File Systems
  systemd-sysctl.service                                                                    loaded active exited  Apply Kernel Variables
  systemd-tmpfiles-setup-dev.service                                                        loaded active exited  Create Static Device Nodes in /dev
  systemd-tmpfiles-setup.service                                                            loaded active exited  Create Volatile Files and Directories
  systemd-udev-trigger.service                                                              loaded active exited  Coldplug All udev Devices
  systemd-udevd.service                                                                     loaded active running Rule-based Manager for Device Events and Files
  systemd-update-utmp.service                                                               loaded active exited  Record System Boot/Shutdown in UTMP
  systemd-user-sessions.service                                                             loaded active exited  Permit User Sessions
  systemd-vconsole-setup.service                                                            loaded active exited  Setup Virtual Console
  user-runtime-dir@1000.service                                                             loaded active exited  User Runtime Directory /run/user/1000
  user-runtime-dir@466.service                                                              loaded active exited  User Runtime Directory /run/user/466
  user@1000.service                                                                         loaded active running User Manager for UID 1000
  user@466.service                                                                          loaded active running User Manager for UID 466

When running in runlevel 1 I have the following units running:

UNIT                                                                                      LOAD   ACTIVE SUB     DESCRIPTION                                  >
  accounts-daemon.service                                                                   loaded active running Accounts Service
  alsa-restore.service                                                                      loaded active exited  Save/Restore Sound Card State
  boot-sysctl.service                                                                       loaded active exited  Apply Kernel Variables for 5.14.21-150400.22->
  dbus.service                                                                              loaded active running D-Bus System Message Bus
  detect-part-label-duplicates.service                                                      loaded active exited  Detect if the system suffers from bsc#1089761
  dracut-shutdown.service                                                                   loaded active exited  Restore /run/initramfs on shutdown
  getty@tty2.service                                                                        loaded active running Getty on tty2
  haveged.service                                                                           loaded active running Entropy Daemon based on the HAVEGE algorithm
  kmod-static-nodes.service                                                                 loaded active exited  Create List of Static Device Nodes
  lvm2-monitor.service                                                                      loaded active exited  Monitoring of LVM2 mirrors, snapshots etc. us>
  NetworkManager.service                                                                    loaded active running Network Manager
  plymouth-read-write.service                                                               loaded active exited  Tell Plymouth To Write Out Runtime Data
  plymouth-start.service                                                                    loaded active exited  Show Plymouth Boot Screen
  polkit.service                                                                            loaded active running Authorization Manager
  sshd.service                                                                              loaded active running OpenSSH Daemon
  systemd-binfmt.service                                                                    loaded active exited  Set Up Additional Binary Formats
  systemd-fsck@dev-disk-by\x2duuid-0ca8e426\x2dcefb\x2d4827\x2db784\x2daee0341a6c9b.service loaded active exited  File System Check on /dev/disk/by-uuid/0ca8e4>
  systemd-journal-flush.service                                                             loaded active exited  Flush Journal to Persistent Storage
  systemd-journald.service                                                                  loaded active running Journal Service
  systemd-logind.service                                                                    loaded active running User Login Management
  systemd-modules-load.service                                                              loaded active exited  Load Kernel Modules
  systemd-random-seed.service                                                               loaded active exited  Load/Save Random Seed
  systemd-remount-fs.service                                                                loaded active exited  Remount Root and Kernel File Systems
  systemd-sysctl.service                                                                    loaded active exited  Apply Kernel Variables
  systemd-tmpfiles-setup-dev.service                                                        loaded active exited  Create Static Device Nodes in /dev
  systemd-tmpfiles-setup.service                                                            loaded active exited  Create Volatile Files and Directories
  systemd-udev-trigger.service                                                              loaded active exited  Coldplug All udev Devices
  systemd-udevd.service                                                                     loaded active running Rule-based Manager for Device Events and Files
  systemd-update-utmp.service                                                               loaded active exited  Record System Boot/Shutdown in UTMP
  systemd-user-sessions.service                                                             loaded active exited  Permit User Sessions
  systemd-vconsole-setup.service                                                            loaded active exited  Setup Virtual Console
  user-runtime-dir@1000.service                                                             loaded active exited  User Runtime Directory /run/user/1000
  user-runtime-dir@466.service                                                              loaded active exited  User Runtime Directory /run/user/466
  user@1000.service                                                                         loaded active running User Manager for UID 1000
  user@466.service                                                                          loaded active running User Manager for UID 466

Of cource I cant try to stop services one by one but maybe someone faced with the same problem?

arvidjaar · July 27, 2022, 6:05pm

AppArmor profile is corrupted. Show output of

grep -rw ping /etc/apparmor.d

Sauerland · July 27, 2022, 6:42pm

My:

ls -l /usr/lib64/libcap.so*
lrwxrwxrwx 1 root root    14  7. Mai 23:18 /usr/lib64/libcap.so.2 -> libcap.so.2.63
-rwxr-xr-x 1 root root 39680  7. Mai 23:18 /usr/lib64/libcap.so.2.63

different filesize:
yours:

sudo ls -l /usr/lib64/libcap.so*
lrwxrwxrwx 1 root root     11 Jul 21 17:34 /usr/lib64/libcap.so -> libcap.so.2
lrwxrwxrwx 1 root root     14 Jul 21 17:34 /usr/lib64/libcap.so.2 -> libcap.so.2.63
-rwxr-xr-x 1 root root 151552 Jul 21 17:34 /usr/lib64/libcap.so.2.63

My package:

rpm -q --whatprovides /usr/lib64/libcap.so.2.63
libcap2-2.63-150400.1.7.x86_64

Also post:

zypper lr -d

roginovicci · July 29, 2022, 5:30pm

Thanx for reply that was probably due to I made a dig and compile the library myself. Reinstalled package and no difference. But the issue is finally solved see below.

roginovicci · July 29, 2022, 5:35pm

Sorry for delay I don’t have each day access to this working station.
Exactly! You were right. AppArmor parser filed to load profiles. I reinstalled AppArmor and now everything is fine. Thank you for kind help!