Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210724055625.GN13220@brightrain.aerifal.cx>
Date: Sat, 24 Jul 2021 01:56:25 -0400
From: Rich Felker <dalias@...c.org>
To: Yuri Kanivetsky <yuri.kanivetsky@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: faccessat() always return EPERM

On Fri, Jul 23, 2021 at 09:40:22PM -0400, Rich Felker wrote:
> On Sat, Jul 24, 2021 at 04:16:25AM +0300, Yuri Kanivetsky wrote:
> > Hi,
> > 
> > I'm not sure that it has something to do with musl. But experienced in
> > a Alpine Linux docker container (ruby:2.6-alpine3.14) on Debian 9 or
> > 10. I can't reproduce it with Alpine Linux 3.13 (container) or Debian
> > 8 (host).
> > 
> > For example, the following program outputs -1:
> > 
> > #include <stdio.h>
> > #include <fcntl.h>
> > #include <unistd.h>
> > 
> > int main()
> > {
> >     int r;
> >     r = faccessat(AT_FDCWD, "/", R_OK, AT_EACCESS);
> >     printf("%i", r);
> >     return 0;
> > }
> > 
> > I believe whatever is passed as the second parameter, it would return -1.
> > 
> > As a result at least irb and bundler doesn't work. Is this some sort
> > of binary incompatibility with Linux kernel?
> 
> No, it's almost surely Docker blocking the operation with the wrong
> error code (EPERM):
> 
> https://github.com/opencontainers/runc/issues/2151
> 
> I'm not sure what the status on getting fix deployed is. It might go
> away if the host running Docker can upgrade.

I forgot to mention: if you can disable seccomp in Docker, that's a
workaround that doesn't require upgrading.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.