On 3/9/22 12:25 PM, Andreas Schwab wrote:
> On Mär 09 2022, Chet Ramey wrote:
>
>> Basically, musl libc enabled the faccessat2(2) system call and started
>> using it in faccessat(2). access(2) ends up calling faccessat, which now
>> uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned
>> EPERM for unknown system calls instead of ENOSYS when running under the
>> faulty Docker version, which didn't know about faccessat2. EPERM has the
>> obvious meaning when access(2) returns it; the caller can't just assume
>> that EPERM means "system call blocked by security policy." And so bash
>> assumed that access returning EPERM meant that the binary wasn't
>> executable.
>
> This is a recurring problem with docker, and all comes down to the
> syscall filter returning a bogus errno. It happens every time a new
> syscall is introduced.
Yes, that's why it required the exact conditions to reproduce.
Ultimately, this comes down to gaps in the release engineering.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
