From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: permission denied: /gnu/store/...guile... Date: Fri, 22 May 2015 15:33:10 +0200 Message-ID: <87vbfkka95.fsf@gnu.org> References: <14d7811908c.f06290cb71568.256566750208527927@elephly.net> <87wq01y4uo.fsf@gnu.org> <14d7ac1498c.12ad9f4e8144025.5836079713405423473@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43883) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yvn4f-0002lG-J7 for guix-devel@gnu.org; Fri, 22 May 2015 09:33:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yvn4a-00045z-Q5 for guix-devel@gnu.org; Fri, 22 May 2015 09:33:17 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:44020) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yvn4a-00045v-NB for guix-devel@gnu.org; Fri, 22 May 2015 09:33:12 -0400 In-Reply-To: <14d7ac1498c.12ad9f4e8144025.5836079713405423473@elephly.net> (rekado@elephly.net's message of "Fri, 22 May 2015 16:33:17 +0800") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: rekado Cc: guix-devel@gnu.org rekado skribis: > ---- On Fri, 22 May 2015 05:53:51 +0800 Ludovic Court=C3=A8s wrote ----=20 > > Could you try this:=20 > >=20=20 > > --8<---------------cut here---------------start------------->8---=20 > > (chdir "/tmp")=20 > > (setgroups #())=20 > > (setgid 30000)=20 > > (setuid 30001)=20 > > (pk 'uid/gid (getuid) (getgid))=20 > > (pk 'euid/egid (geteuid) (getegid))=20 > > (let loop ((i 3))=20 > > (when (< i 1024)=20 > > (false-if-exception (close-fdes i))=20 > > (loop (+ 1 i))))=20 > > (execl "/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/g= uile" "guile"=20 > > "-c" "(pk 'running (getuid) (geteuid))")=20 > > --8<---------------cut here---------------end--------------->8---=20 > >=20=20 > > and then as root run:=20 > >=20=20 > > # guile the-above-file.scm=20 > >=20=20 > > It should return zero and print:=20 > >=20=20 > > --8<---------------cut here---------------start------------->8---=20 > > ;;; (uid/gid 30001 30000)=20 > >=20=20 > > ;;; (euid/egid 30001 30000)=20 > >=20=20 > > ;;; (running 30001 30001)=20 > > --8<---------------cut here---------------end--------------->8---=20 > > I ran it in a guile REPL (as root) and I got the first two outputs, but a= n error on (execl ...). It's an unhelpful message: > > ERROR: In procedure execl: > ERROR: In procedure execl: Permission denied Great, that means that we have a reduced test case now! Now, could you try to comment out some of the lines before the =E2=80=98exe= cl=E2=80=99 until you find which one is responsible for that? IIRC you said that "/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile" is 555, so normally every user on the machine can run it. It can only imagine an obscure kernel or file system setting that would somehow prevent execution, but we=E2=80=99ll see. Thank you, Ludo=E2=80=99.