[tomoyo-users-en 768] TOMOYO rejects execveat in chroot without /proc, even if not configured

Alfred Agrell Tue, 24 Sep 2024 08:14:25 -0700

Konnichiwa minna-sama

On a system with TOMOYO enabled, trying to run execveat(not AT_FDCWD) ina chroot without /proc fails with ENOENT. A similar openat() succeeds.

This happens even if TOMOYO isn't configured, for example in a freshDebian install. Is TOMOYO supposed to do anything if not configured?


Test program:


#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>

int main(int argc, char** argv)
{
    chdir("/lib/");
    if (chroot("/lib/") != 0) perror("chroot (needs root)");
    int fd1 = open("x86_64-linux-gnu/", O_RDONLY);
    if (fd1 < 0) perror("open");
    int fd2 = openat(fd1, "ld-linux-x86-64.so.2", O_RDONLY);
    if (fd2 < 0) perror("openat");
    execveat(fd1, "ld-linux-x86-64.so.2", NULL, NULL, 0);
    perror("execveat");
}

Originally reported as a Debian bug, but I was redirected here.https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082001


-- Alfred Agrell

_______________________________________________
tomoyo-users-en mailing list
tomoyo-users-en@lists.osdn.me
https://lists.osdn.me/mailman/listinfo/tomoyo-users-en

[tomoyo-users-en 768] TOMOYO rejects execveat in chroot without /proc, even if not configured

Reply via email to