On Wed, 2009-02-04 at 09:17 +1300, Michael Kerrisk wrote: > >> > And for ERRORS: > >> > > >> > ENOENT: /proc filesystem not available. > >> > > >> > ref: http://lkml.org/lkml/2006/12/27/140 > >> > >> surely the error is ENOSYS (see the glibc source), which is already > >> documented in the man page? > > > > Well, what I did was: > > > > 1. open() an executable > > 2. chroot() to empty directory > > 3. drop root privileges > > 4. fexecve() > > > > And fexecve() return ENOENT. So I was assuming it's because there was > > no /proc in the empty dir.. > > Can you provide a very simple test program? In my tests, I am seeing > ENOSYS, as I would expect from reading the source.`
Weird. I'm also getting ENOSYS now in my test program. In my real
program I got ENOENT for some reason. Anyway ENOENT still happens
if /proc is mounted but the executed file is outside the chroot. Test
program:
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
int main(void)
{
extern char **environ;
char *argv[] = { "ls", NULL };
int fd = open("/bin/ls", O_RDONLY);
if (fd == -1) perror("open()");
chdir("/tmp/foo");
if (chroot("/tmp/foo") < 0)
perror("chroot()");
fexecve(fd, argv, environ);
perror("fexecve()");
return 0;
}
signature.asc
Description: This is a digitally signed message part
