The man page for execve lists only 4 reasons the syscall can fail with errno==EACCES. In fact, there is at least one more. If the binary being executed has a setfattr'ed capability such as CAP_IPC_LOCK which is not supported in the caller's kernel namespace (docker container), execve will fail with this error. I just spent a great deal of frustrating effort searching for a non-existent elf interpreter or mount-noexec issue because I trusted this man page.
Hello Daniel, Tracking the paths that can lead to an error is difficult. Could you share the results of your investigation? I'd like to check it in the source code. Thanks, Alex
Created attachment 299229 [details] attachment-26475-0.html dspeyer@dspeyerheim:~$ sudo docker run -it ubuntu /bin/bash root@8b839371814b:/# apt-get update > /dev/null root@8b839371814b:/# apt-get install libcap2-bin -y >/dev/null debconf: delaying package configuration, since apt-utils is not installed root@8b839371814b:/# setcap cap_ipc_lock=+eip /usr/bin/ls root@8b839371814b:/# ls bash: /usr/bin/ls: Operation not permitted I've confirmed with a small c program that bash is passing on execve's error message correctly, but copy pasting the c program would be inconvenient right now. On Fri, Oct 15, 2021 at 6:10 PM <bugzilla-daemon@bugzilla.kernel.org> wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=214705 > > Alejandro Colomar (man-pages) (alx.manpages@gmail.com) changed: > > What |Removed |Added > > ---------------------------------------------------------------------------- > CC| |alx.manpages@gmail.com > > --- Comment #1 from Alejandro Colomar (man-pages) (alx.manpages@gmail.com) > --- > Hello Daniel, > > Tracking the paths that can lead to an error is difficult. Could you > share the > results of your investigation? I'd like to check it in the source code. > > Thanks, > > Alex > > -- > You may reply to this email to add a comment. > > You are receiving this mail because: > You reported the bug.