[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 'hash foo' may fail, and would require something like 'hash /usr/bin

From: Andreas Schwab
Subject: Re: 'hash foo' may fail, and would require something like 'hash /usr/bin/foo'
Date: Wed, 09 Mar 2022 18:25:11 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux)

On Mär 09 2022, Chet Ramey wrote:

> Basically, musl libc enabled the faccessat2(2) system call and started
> using it in faccessat(2). access(2) ends up calling faccessat, which now
> uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned
> EPERM for unknown system calls instead of ENOSYS when running under the
> faulty Docker version, which didn't know about faccessat2. EPERM has the
> obvious meaning when access(2) returns it; the caller can't just assume
> that EPERM means "system call blocked by security policy." And so bash
> assumed that access returning EPERM meant that the binary wasn't
> executable.

This is a recurring problem with docker, and all comes down to the
syscall filter returning a bogus errno.  It happens every time a new
syscall is introduced.

Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

reply via email to

[Prev in Thread] Current Thread [Next in Thread]