mailing list of musl libc
 help / color / mirror / code / Atom feed
* [musl] faccessat() always return EPERM
@ 2021-07-24  1:16 Yuri Kanivetsky
  2021-07-24  1:40 ` Rich Felker
  2021-07-24  1:56 ` Wolf
  0 siblings, 2 replies; 6+ messages in thread
From: Yuri Kanivetsky @ 2021-07-24  1:16 UTC (permalink / raw)
  To: musl

Hi,

I'm not sure that it has something to do with musl. But experienced in
a Alpine Linux docker container (ruby:2.6-alpine3.14) on Debian 9 or
10. I can't reproduce it with Alpine Linux 3.13 (container) or Debian
8 (host).

For example, the following program outputs -1:

#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>

int main()
{
    int r;
    r = faccessat(AT_FDCWD, "/", R_OK, AT_EACCESS);
    printf("%i", r);
    return 0;
}

I believe whatever is passed as the second parameter, it would return -1.

As a result at least irb and bundler doesn't work. Is this some sort
of binary incompatibility with Linux kernel?

Regards,
Yuri

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] faccessat() always return EPERM
  2021-07-24  1:16 [musl] faccessat() always return EPERM Yuri Kanivetsky
@ 2021-07-24  1:40 ` Rich Felker
  2021-07-24  5:56   ` Rich Felker
  2021-07-24 23:36   ` Alex Xu (Hello71)
  2021-07-24  1:56 ` Wolf
  1 sibling, 2 replies; 6+ messages in thread
From: Rich Felker @ 2021-07-24  1:40 UTC (permalink / raw)
  To: Yuri Kanivetsky; +Cc: musl

On Sat, Jul 24, 2021 at 04:16:25AM +0300, Yuri Kanivetsky wrote:
> Hi,
> 
> I'm not sure that it has something to do with musl. But experienced in
> a Alpine Linux docker container (ruby:2.6-alpine3.14) on Debian 9 or
> 10. I can't reproduce it with Alpine Linux 3.13 (container) or Debian
> 8 (host).
> 
> For example, the following program outputs -1:
> 
> #include <stdio.h>
> #include <fcntl.h>
> #include <unistd.h>
> 
> int main()
> {
>     int r;
>     r = faccessat(AT_FDCWD, "/", R_OK, AT_EACCESS);
>     printf("%i", r);
>     return 0;
> }
> 
> I believe whatever is passed as the second parameter, it would return -1.
> 
> As a result at least irb and bundler doesn't work. Is this some sort
> of binary incompatibility with Linux kernel?

No, it's almost surely Docker blocking the operation with the wrong
error code (EPERM):

https://github.com/opencontainers/runc/issues/2151

I'm not sure what the status on getting fix deployed is. It might go
away if the host running Docker can upgrade.

Rich

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] faccessat() always return EPERM
  2021-07-24  1:16 [musl] faccessat() always return EPERM Yuri Kanivetsky
  2021-07-24  1:40 ` Rich Felker
@ 2021-07-24  1:56 ` Wolf
  1 sibling, 0 replies; 6+ messages in thread
From: Wolf @ 2021-07-24  1:56 UTC (permalink / raw)
  To: musl

[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]

Hello,

On 2021-07-24 04:16:25 +0300, Yuri Kanivetsky wrote:
> I'm not sure that it has something to do with musl. But experienced in
> a Alpine Linux docker container (ruby:2.6-alpine3.14) on Debian 9 or
> 10. I can't reproduce it with Alpine Linux 3.13 (container) or Debian
> 8 (host).

Cannot reproduce over here, your sample program works for me in
alpine 3.14 container running under podman.

> For example, the following program outputs -1:

Not here:

/ # ./main
0
/ # strace -f ./main
execve("./main", ["./main"], 0x7ffdaab97618 /* 8 vars */) = 0
arch_prctl(ARCH_SET_FS, 0x7f2305385b48) = 0
set_tid_address(0x7f2305385f90)         = 19
brk(NULL)                               = 0x562e4bf54000
brk(0x562e4bf56000)                     = 0x562e4bf56000
mmap(0x562e4bf54000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x562e4bf54000
mprotect(0x7f2305382000, 4096, PROT_READ) = 0
mprotect(0x562e4b3a9000, 4096, PROT_READ) = 0
faccessat2(AT_FDCWD, "/", R_OK, AT_EACCESS) = 0
ioctl(1, TIOCGWINSZ, {ws_row=53, ws_col=95, ws_xpixel=21852, ws_ypixel=0}) = 0
writev(1, [{iov_base="0", iov_len=1}, {iov_base="\n", iov_len=1}], 20
) = 2
exit_group(0)                           = ?
+++ exited with 0 +++

Maybe you can try to strace the 3.14 and 3.13 versions to see if there
is any difference.

W.

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] faccessat() always return EPERM
  2021-07-24  1:40 ` Rich Felker
@ 2021-07-24  5:56   ` Rich Felker
  2021-07-24 23:36   ` Alex Xu (Hello71)
  1 sibling, 0 replies; 6+ messages in thread
From: Rich Felker @ 2021-07-24  5:56 UTC (permalink / raw)
  To: Yuri Kanivetsky; +Cc: musl

On Fri, Jul 23, 2021 at 09:40:22PM -0400, Rich Felker wrote:
> On Sat, Jul 24, 2021 at 04:16:25AM +0300, Yuri Kanivetsky wrote:
> > Hi,
> > 
> > I'm not sure that it has something to do with musl. But experienced in
> > a Alpine Linux docker container (ruby:2.6-alpine3.14) on Debian 9 or
> > 10. I can't reproduce it with Alpine Linux 3.13 (container) or Debian
> > 8 (host).
> > 
> > For example, the following program outputs -1:
> > 
> > #include <stdio.h>
> > #include <fcntl.h>
> > #include <unistd.h>
> > 
> > int main()
> > {
> >     int r;
> >     r = faccessat(AT_FDCWD, "/", R_OK, AT_EACCESS);
> >     printf("%i", r);
> >     return 0;
> > }
> > 
> > I believe whatever is passed as the second parameter, it would return -1.
> > 
> > As a result at least irb and bundler doesn't work. Is this some sort
> > of binary incompatibility with Linux kernel?
> 
> No, it's almost surely Docker blocking the operation with the wrong
> error code (EPERM):
> 
> https://github.com/opencontainers/runc/issues/2151
> 
> I'm not sure what the status on getting fix deployed is. It might go
> away if the host running Docker can upgrade.

I forgot to mention: if you can disable seccomp in Docker, that's a
workaround that doesn't require upgrading.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] faccessat() always return EPERM
  2021-07-24  1:40 ` Rich Felker
  2021-07-24  5:56   ` Rich Felker
@ 2021-07-24 23:36   ` Alex Xu (Hello71)
  2021-07-27  4:34     ` Yuri Kanivetsky
  1 sibling, 1 reply; 6+ messages in thread
From: Alex Xu (Hello71) @ 2021-07-24 23:36 UTC (permalink / raw)
  To: musl, Yuri Kanivetsky

Excerpts from Rich Felker's message of July 23, 2021 9:40 pm:
> On Sat, Jul 24, 2021 at 04:16:25AM +0300, Yuri Kanivetsky wrote:
>> Hi,
>> 
>> I'm not sure that it has something to do with musl. But experienced in
>> a Alpine Linux docker container (ruby:2.6-alpine3.14) on Debian 9 or
>> 10. I can't reproduce it with Alpine Linux 3.13 (container) or Debian
>> 8 (host).
>> 
>> For example, the following program outputs -1:
>> 
>> #include <stdio.h>
>> #include <fcntl.h>
>> #include <unistd.h>
>> 
>> int main()
>> {
>>     int r;
>>     r = faccessat(AT_FDCWD, "/", R_OK, AT_EACCESS);
>>     printf("%i", r);
>>     return 0;
>> }
>> 
>> I believe whatever is passed as the second parameter, it would return -1.
>> 
>> As a result at least irb and bundler doesn't work. Is this some sort
>> of binary incompatibility with Linux kernel?
> 
> No, it's almost surely Docker blocking the operation with the wrong
> error code (EPERM):
> 
> https://github.com/opencontainers/runc/issues/2151
> 
> I'm not sure what the status on getting fix deployed is. It might go
> away if the host running Docker can upgrade.
> 
> Rich
> 

https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [musl] faccessat() always return EPERM
  2021-07-24 23:36   ` Alex Xu (Hello71)
@ 2021-07-27  4:34     ` Yuri Kanivetsky
  0 siblings, 0 replies; 6+ messages in thread
From: Yuri Kanivetsky @ 2021-07-27  4:34 UTC (permalink / raw)
  To: Alex Xu (Hello71); +Cc: musl

Hi

On Sat, Jul 24, 2021 at 4:40 AM Rich Felker <dalias@libc.org> wrote:
>
> No, it's almost surely Docker blocking the operation with the wrong
> error code (EPERM):
>
> https://github.com/opencontainers/runc/issues/2151
>
> I'm not sure what the status on getting fix deployed is. It might go
> away if the host running Docker can upgrade.

Indeed. It seems to depend on docker version:

Debian 8        18.06.3-ce  0
Debian 8        18.06.3-ce  0
Debian 8        18.06.3-ce  0
Debian 8        18.06.3-ce  0

Debian 9        19.03.6    -1
Debian 9        19.03.13   -1
Debian 9        19.03.13   -1
Debian 9        19.03.14   -1
Debian 10       19.03.13   -1
Debian 10       19.03.13   -1

Debian 10       20.10.5     0

On Sat, Jul 24, 2021 at 4:57 AM Wolf <wolf@wolfsden.cz> wrote:
>
> Cannot reproduce over here, your sample program works for me in
> alpine 3.14 container running under podman.

What OS and docker version are you using?

On Sat, Jul 24, 2021 at 8:56 AM Rich Felker <dalias@libc.org> wrote:
>
> I forgot to mention: if you can disable seccomp in Docker, that's a
> workaround that doesn't require upgrading.

Indeed, `--security-opt seccomp=unconfined` or `security_opt:
[seccomp=unconfined]` (docker-compose) kind of resolve it.

On Sun, Jul 25, 2021 at 2:36 AM Alex Xu (Hello71) <alex_y_xu@yahoo.ca> wrote:
>
> https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

Good point.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-07-27  4:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-24  1:16 [musl] faccessat() always return EPERM Yuri Kanivetsky
2021-07-24  1:40 ` Rich Felker
2021-07-24  5:56   ` Rich Felker
2021-07-24 23:36   ` Alex Xu (Hello71)
2021-07-27  4:34     ` Yuri Kanivetsky
2021-07-24  1:56 ` Wolf

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).