On Mär 09 2022, Chet Ramey wrote: > Basically, musl libc enabled the faccessat2(2) system call and started > using it in faccessat(2). access(2) ends up calling faccessat, which now > uses faccessat2 if it's available. Alpine Linux 3.14 incorrectly returned > EPERM for unknown system calls instead of ENOSYS when running under the > faulty Docker version, which didn't know about faccessat2. EPERM has the > obvious meaning when access(2) returns it; the caller can't just assume > that EPERM means "system call blocked by security policy." And so bash > assumed that access returning EPERM meant that the binary wasn't > executable.
This is a recurring problem with docker, and all comes down to the syscall filter returning a bogus errno. It happens every time a new syscall is introduced. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."
