[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 'hash foo' may fail, and would require something like 'hash /usr/bin
Re: 'hash foo' may fail, and would require something like 'hash /usr/bin/foo'
Wed, 09 Mar 2022 18:25:11 +0100
Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux)
On Mär 09 2022, Chet Ramey wrote:
> Basically, musl libc enabled the faccessat2(2) system call and started
> using it in faccessat(2). access(2) ends up calling faccessat, which now
> uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned
> EPERM for unknown system calls instead of ENOSYS when running under the
> faulty Docker version, which didn't know about faccessat2. EPERM has the
> obvious meaning when access(2) returns it; the caller can't just assume
> that EPERM means "system call blocked by security policy." And so bash
> assumed that access returning EPERM meant that the binary wasn't
This is a recurring problem with docker, and all comes down to the
syscall filter returning a bogus errno. It happens every time a new
syscall is introduced.
Andreas Schwab, firstname.lastname@example.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."