Devuan bug report logs - #498
libc6: Permission denied, intermittent in execve

version graph

Package: libc6; Maintainer for libc6 is (unknown);

Reported by: Alessandro Vesely <vesely@tana.it>

Date: Mon, 27 Jul 2020 08:48:01 UTC

Severity: normal

Tags: debian

Merged with 497

Found in version 2.28-10

Forwarded to https://bugs.debian.org/966343

Full log


Message #21 received at 498@bugs.devuan.org (full text, mbox, reply):

Received: (at 498) by bugs.devuan.org; 27 Jul 2020 09:50:23 +0000
Return-Path: <vesely@tana.it>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Mon, 27 Jul 2020 09:50:23 +0000 (UTC)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with UTF8SMTPS id D6C5AF60C32
	for <498@bugs.devuan.org>; Mon, 27 Jul 2020 11:47:35 +0200 (CEST)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (1152-bit key; secure) header.d=tana.it header.i=@tana.it header.b="A6kMLst2";
	dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
	t=1595843255; bh=M1w3YBJGQluH11gn/N+C1Zi8PYChlxHGILJQ3x5KySM=;
	l=1391; h=To:References:From:Date:In-Reply-To;
	b=A6kMLst2zCCIa7U8NxwBLcfKFUIML9u5lPUS9uIjHwhXb7SjFwz3w8kWNrHyYeLOQ
	 B19W5bX9UFXIycht3ajcO8Qt7OctMUVgWViAvTvdlpSi0t3k+tN24xDZAZHPRdB5n1
	 OAWAsQa9OEg6IWTkLnPqGsyHCRgupXkxTH5R1xkVfyOTh+OlNQkG1CAsFwJ2E
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111])
  (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3,128bits,ECDHE_RSA_AES_128_GCM_SHA256)
  by wmail.tana.it with ESMTPSA
  id 00000000005DC056.000000005F1EA2B7.00007DA7; Mon, 27 Jul 2020 11:47:35 +0200
Subject: Re: bug#498: libc6: Permission denied, intermittent in execve
To: Mark Hindley <mark@hindley.org.uk>, 498@bugs.devuan.org,
  966343@bugs.debian.org
References: <159583832778.5523.4267786497736057480.reportbug@pcale.tana>
 <4c3f732a-b026-a7a6-bea5-c49fff74267a@tana.it>
 <20200727091401.GQ3011@hindley.org.uk>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <1a948266-b3c2-e3c6-6f91-fda019203850@tana.it>
Date: Mon, 27 Jul 2020 11:47:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200727091401.GQ3011@hindley.org.uk>
Content-Type: text/plain; charset=us-ascii
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
Hi Mark,

On Mon 27/Jul/2020 11:14:01 +0200 Mark Hindley wrote:
> On Mon, Jul 27, 2020 at 10:32:15AM +0200, Alessandro Vesely wrote:
>> Package: libc6
>> Version: GNU C Library (Debian GLIBC 2.28-10) stable release version 2.28.
>> Severity: normal
>> 
>> in certain situations, execve fails setting errno to EACCESS.  The same
>> program, launched by the same user in different ways, succeeds or fails
>> according to preceding actions.
> 
> Thanks for this. As you have realised, libc6 is a Debian package that Devuan
> uses directly without recompilation so this issue is correctly dealt with in
> Debian's BTS.
> 
> However, one thought that occurs to me is whether apparmor is causing this? Does
> disabling it[1] restore predictable behaviour?


Bingo!

Jul 27 09:47:25 pcale kernel: [ 1569.887279] audit: type=1400 audit(1595836045.642:33): apparmor="DENIED" operation="exec" profile="thunderbird" name="/opt/lib
reoffice6.4/program/soffice" pid=5402 comm="gio-launch-desk" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

I dunno how come apparmor got installed.  Probably it happened when I upgraded to Beowulf.

After aa-teardown and purging apparmor, execve works as expected.

So this turns out to be a documentation bug.  The execve man page should mention that EACCESS can result as an (unforeseen) apparmor impediment.


Thank you so much
Ale


Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Wed Apr 21 02:09:14 2021;