[Bug 214705] New: execve(2) omits EACCES due to capabilities

From: <hidden>
Date: 2021-10-13 02:36:43

https://bugzilla.kernel.org/show_bug.cgi?id=214705

            Bug ID: 214705
           Summary: execve(2) omits EACCES due to capabilities
           Product: Documentation
           Version: unspecified
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: man-pages
          Assignee: documentation_man-pages@kernel-bugs.osdl.org
          Reporter: dspeyer@gmail.com
        Regression: No

The man page for execve lists only 4 reasons the syscall can fail with
errno==EACCES.  In fact, there is at least one more.  If the binary being
executed has a setfattr'ed capability such as CAP_IPC_LOCK which is not
supported in the caller's kernel namespace (docker container), execve will fail
with this error.

I just spent a great deal of frustrating effort searching for a non-existent
elf interpreter or mount-noexec issue because I trusted this man page.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help