From mboxrd@z Thu Jan 1 00:00:00 1970 From: "pelzflorian (Florian Pelz)" Subject: bug#35662: Really relocatable binaries crash with Permission denied Date: Sat, 11 May 2019 07:05:18 +0200 Message-ID: <20190511050518.ozmvhsov6meg6g5f@pelzflorian.localdomain> References: <20190509220136.tli7um2heocifrpq@pelzflorian.localdomain> <87o94ax9lw.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([209.51.188.92]:51201) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hPKMM-0004iC-4a for bug-guix@gnu.org; Sat, 11 May 2019 01:15:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hPKCw-00015t-Cd for bug-guix@gnu.org; Sat, 11 May 2019 01:06:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54377) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hPKCw-00015c-7b for bug-guix@gnu.org; Sat, 11 May 2019 01:06:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hPKCw-0000H0-1l for bug-guix@gnu.org; Sat, 11 May 2019 01:06:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87o94ax9lw.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 35662@debbugs.gnu.org On Fri, May 10, 2019 at 11:50:19PM +0200, Ludovic Courtès wrote: > That suggests the wrapper chose the user namespace method (not PRoot), > but that didn’t quite work. > > Could you post the output of: > > strace ./mybin/sh > > ? > [f_pelz12@tux6 ~]$ strace ./mybin/sh execve("./mybin/sh", ["./mybin/sh"], 0x7fffcdf87290 /* 39 vars */) = 0 brk(NULL) = 0x2301000 brk(0x23021c0) = 0x23021c0 arch_prctl(ARCH_SET_FS, 0x2301880) = 0 uname({sysname="Linux", nodename="tux6", ...}) = 0 readlink("/proc/self/exe", "/home/f_pelz12/gnu/store/wl2l59l"..., 4096) = 77 brk(0x23231c0) = 0x23231c0 brk(0x2324000) = 0x2324000 readlink("/proc/self/exe", "/home/f_pelz12/gnu/store/wl2l59l"..., 4095) = 77 lstat("/gnu/store/qn1ax1fkj16x280m1rv7mcimfmn9l2pf-bash-4.4.23/bin/sh", 0x7ffd9741c980) = -1 ENOENT (No such file or directory) gettimeofday({tv_sec=1557550876, tv_usec=116037}, NULL) = 0 getpid() = 28923 mkdir("/tmp/guix-exec-ABt7cT", 0700) = 0 stat(".", {st_mode=S_IFDIR|0700, st_size=113, ...}) = 0 stat("/home/f_pelz12", {st_mode=S_IFDIR|0700, st_size=113, ...}) = 0 clone(child_stack=NULL, flags=CLONE_NEWNS|CLONE_NEWUSER|SIGCHLD) = 28924 openat(AT_FDCWD, "/proc/28924/setgroups", O_WRONLY) = 3 write(3, "deny\0", 5) = 5 close(3) = 0 getuid() = 24038 openat(AT_FDCWD, "/proc/28924/uid_map", O_WRONLY) = 3 write(3, "24038 24038 1\n", 14) = 14 close(3) = 0 getgid() = 10004 openat(AT_FDCWD, "/proc/28924/gid_map", O_WRONLY) = 3 write(3, "10004 10004 1\n", 14) = 14 close(3) = 0 wait4(28924, sh: run.c:162: bind_mount: Unexpected error: Permission denied. [{WIFSIGNALED(s) && WTERMSIG(s) == SIGABRT}], 0, NULL) = 28924 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=28924, si_uid=24038, si_status=SIGABRT, si_utime=0, si_stime=0} --- chdir("/") = 0 openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=25, ...}) = 0 getdents64(3, /* 25 entries */, 131072) = 632 unlink("/tmp/guix-exec-ABt7cT/home") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/home", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 mmap(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e71c68000 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 munmap(0x7f4e71c68000, 135168) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/home") = 0 unlink("/tmp/guix-exec-ABt7cT/tmp") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 brk(0x2363000) = 0x2363000 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/tmp") = 0 unlink("/tmp/guix-exec-ABt7cT/mnt") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/mnt", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/mnt") = 0 unlink("/tmp/guix-exec-ABt7cT/sys") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/sys", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/sys") = 0 unlink("/tmp/guix-exec-ABt7cT/libx32") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/libx32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/libx32") = 0 unlink("/tmp/guix-exec-ABt7cT/opt") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/opt", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/opt") = 0 unlink("/tmp/guix-exec-ABt7cT/srv") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/srv", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/srv") = 0 unlink("/tmp/guix-exec-ABt7cT/dev") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/dev", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/dev") = 0 unlink("/tmp/guix-exec-ABt7cT/var") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/var", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/var") = 0 unlink("/tmp/guix-exec-ABt7cT/sbin") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/sbin", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/sbin") = 0 unlink("/tmp/guix-exec-ABt7cT/lib64") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/lib64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/lib64") = 0 unlink("/tmp/guix-exec-ABt7cT/lib32") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/lib32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/lib32") = 0 unlink("/tmp/guix-exec-ABt7cT/media") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/media", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/media") = 0 unlink("/tmp/guix-exec-ABt7cT/usr") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/usr", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/usr") = 0 unlink("/tmp/guix-exec-ABt7cT/bin") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/bin", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/bin") = 0 unlink("/tmp/guix-exec-ABt7cT/boot") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/boot", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/boot") = 0 unlink("/tmp/guix-exec-ABt7cT/etc") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/etc", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/etc") = 0 unlink("/tmp/guix-exec-ABt7cT/run") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/run", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/run") = 0 unlink("/tmp/guix-exec-ABt7cT/core") = 0 unlink("/tmp/guix-exec-ABt7cT/snap") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/snap", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/snap") = 0 unlink("/tmp/guix-exec-ABt7cT/lib") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/lib", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/lib") = 0 unlink("/tmp/guix-exec-ABt7cT/proc") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/proc", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/proc") = 0 unlink("/tmp/guix-exec-ABt7cT/root") = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/tmp/guix-exec-ABt7cT/root", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=2, ...}) = 0 getdents64(4, /* 2 entries */, 131072) = 48 getdents64(4, /* 0 entries */, 131072) = 0 close(4) = 0 rmdir("/tmp/guix-exec-ABt7cT/root") = 0 getdents64(3, /* 0 entries */, 131072) = 0 close(3) = 0 rmdir("/tmp/guix-exec-ABt7cT") = 0 exit_group(6) = ? +++ exited with 6 +++ Thank you for looking into it! Regards, Florian