在 2018年4月23日星期一 CST 下午11:54:26,Michael Biebl 写道:
> > I can use statx outside of the container, but always get EPERM in it.
> > I didn't set filters myself, just use the default ones.
> > The problem does not exsist with amd64 hosts.
>
> Please share more details about your setup:
> - What commands you use to create the chroot
`debootstrap sid /var/lib/machines/ci_buster`
Then chroot to it and install dbus and dev pkgs.
> - What exact command line you use to start the nspawn container
`systemctl start systemd-nspawn@ci_buster`
The nspawn file is:
```
[Exec]
Boot=yes
PrivateUsers=no
[Network]
VirtualEthernet=yes
```
> - What command exactly you run inside the container
Just compile and run this c file:
```
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <linux/stat.h>
#include <fcntl.h>
#include <sys/syscall.h>
#include <string.h>
#include <errno.h>
static inline ssize_t statx(int dirfd, const char *pathname, int flags,
unsigned int mask, struct statx *statxbuf)
{
return syscall(__NR_statx, dirfd, pathname, flags, mask, statxbuf);
}
int main(int argc, char *argv[])
{
struct statx sx;
int ret = statx(AT_FDCWD, "/tmp/aaa", AT_NO_AUTOMOUNT |
AT_SYMLINK_NOFOLLOW, STATX_SIZE, &sx);
fprintf(stdout, "ret: %d, error: %s, size: %lu\n",ret, strerror(errno),
sx.stx_size);
return 0;
}
```
Will get the 'Operation is not permited' message if run inside the container.
