I've been scratching my head over this regression [1] for a while now, in the context of running a hirsute container on a 20.04 host (in particular, a GitHub workflow machine) In my case, the symptom is that after upgrading glibc, `which` is broken; that of course also uses faccessat(), similar to test -x.
I tried all sorts of the "usual" workarounds, as seccomp has been giving trouble for a while now [2]. But this failure is robust against fuse- overlayfs vs. vfs (inefficient full copies of the file system), root vs. user podman, podman vs. docker, and, relevant for this bug, it *also happens* with --security-opt=seccomp=unconfined and/org --privileged, both of which should disable seccomp. Hence I believe this bug can't at least only be in libseccomp. [1] https://github.com/martinpitt/umockdev/runs/1984769591?check_suite_focus=true#step:3:1019 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1900021 ** Bug watch added: Red Hat Bugzilla #1900021 https://bugzilla.redhat.com/show_bug.cgi?id=1900021 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1916485 Title: test -x fails inside shell scripts in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1916485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
