On Wed, 2009-02-04 at 17:37 +1300, Michael Kerrisk wrote: > > The test program in my previous mail did the chrooting. Just compile it, > > mkdir -p /tmp/foo/proc, mount --bind /proc /tmp/foo/proc and run it. > > So, I did some experimenting. It looks like the title of your report > has things wrong: fexecve() can be used to exec a binary outside the > chroot, but this won't work if, for example, the executable as dynamic > dependencies that can't be satisfied within the chroot. To see this, > open() a path that is a statically linked executable (so it doesn't > have dynamic dependencies). I tested this: it works.
Oh, interesting. I hadn't thought of that. So I guess the ENOENT error then means it couldn't satisfy all dynamic dependencies.
signature.asc
Description: This is a digitally signed message part