On Wed, 2009-02-04 at 09:17 +1300, Michael Kerrisk wrote: > >> > And for ERRORS: > >> > > >> > ENOENT: /proc filesystem not available. > >> > > >> > ref: http://lkml.org/lkml/2006/12/27/140 > >> > >> surely the error is ENOSYS (see the glibc source), which is already > >> documented in the man page? > > > > Well, what I did was: > > > > 1. open() an executable > > 2. chroot() to empty directory > > 3. drop root privileges > > 4. fexecve() > > > > And fexecve() return ENOENT. So I was assuming it's because there was > > no /proc in the empty dir.. > > Can you provide a very simple test program? In my tests, I am seeing > ENOSYS, as I would expect from reading the source.`
Weird. I'm also getting ENOSYS now in my test program. In my real program I got ENOENT for some reason. Anyway ENOENT still happens if /proc is mounted but the executed file is outside the chroot. Test program: #define _GNU_SOURCE #include <stdio.h> #include <string.h> #include <errno.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> int main(void) { extern char **environ; char *argv[] = { "ls", NULL }; int fd = open("/bin/ls", O_RDONLY); if (fd == -1) perror("open()"); chdir("/tmp/foo"); if (chroot("/tmp/foo") < 0) perror("chroot()"); fexecve(fd, argv, environ); perror("fexecve()"); return 0; }
signature.asc
Description: This is a digitally signed message part