Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 27 Jul 2021 07:34:38 +0300
From: Yuri Kanivetsky <yuri.kanivetsky@...il.com>
To: "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>
Cc: musl@...ts.openwall.com
Subject: Re: faccessat() always return EPERM

Hi

On Sat, Jul 24, 2021 at 4:40 AM Rich Felker <dalias@...c.org> wrote:
>
> No, it's almost surely Docker blocking the operation with the wrong
> error code (EPERM):
>
> https://github.com/opencontainers/runc/issues/2151
>
> I'm not sure what the status on getting fix deployed is. It might go
> away if the host running Docker can upgrade.

Indeed. It seems to depend on docker version:

Debian 8        18.06.3-ce  0
Debian 8        18.06.3-ce  0
Debian 8        18.06.3-ce  0
Debian 8        18.06.3-ce  0

Debian 9        19.03.6    -1
Debian 9        19.03.13   -1
Debian 9        19.03.13   -1
Debian 9        19.03.14   -1
Debian 10       19.03.13   -1
Debian 10       19.03.13   -1

Debian 10       20.10.5     0

On Sat, Jul 24, 2021 at 4:57 AM Wolf <wolf@...fsden.cz> wrote:
>
> Cannot reproduce over here, your sample program works for me in
> alpine 3.14 container running under podman.

What OS and docker version are you using?

On Sat, Jul 24, 2021 at 8:56 AM Rich Felker <dalias@...c.org> wrote:
>
> I forgot to mention: if you can disable seccomp in Docker, that's a
> workaround that doesn't require upgrading.

Indeed, `--security-opt seccomp=unconfined` or `security_opt:
[seccomp=unconfined]` (docker-compose) kind of resolve it.

On Sun, Jul 25, 2021 at 2:36 AM Alex Xu (Hello71) <alex_y_xu@...oo.ca> wrote:
>
> https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

Good point.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.