------- Comment From s...@de.ibm.com 2021-04-22 07:23 EDT------- Hi, I've also run some tests on s390x:
On Ubuntu 18.04 (bionic) with libseccomp2 2.5.1-1ubuntu1~18.04.1 and linux 4.15.0.142.129: In a systemd-nspawn hirsute container: bash -c "test -x /bin/bash" returns 1 and strace shows: faccessat2(AT_FDCWD, "/bin/bash", X_OK, AT_EACCESS) = -1 EPERM (Operation not permitted) and seccomp-tools dump showed that the seccomp-filter allows faccessat2(=0x1b7) syscall! After upgrading to 4.15.0-143-generic #147+hf1916485v20210421b1 from your PPA, the command works fine: faccessat2(AT_FDCWD, "/bin/bash", X_OK, AT_EACCESS) = -1 ENOSYS (Function not implemented) faccessat(AT_FDCWD, "/bin/bash", X_OK) = 0 In a "docker run -it ubuntu:hirsute /bin/bash" container (runc-1.0.0~rc93-0ubuntu1~18.04.1), the command also works fine and the seccomp-filter applied by docker also allows faccessat2. On Ubuntu 20.10 (groovy) with libseccomp2 2.5.1-1ubuntu1~20.10.1 and linux 5.8.0.51.56, both the tests in systemd-nspawn and in docker container are working fine and the dump of the seccomp-filter shows that faccessat2 is allowed. (On the same system before updating libseccomp2 to the mentioned version, libseccomp2 2.4.3-1ubuntu4 was used. There the dump of the seccomp-filter showed that the faccessat2 syscall was not allowed and thus the test command failed.) Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1916485 Title: test -x fails inside shell scripts in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1916485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs