From: David Laight <david.laight.linux@gmail.com>
To: Jann Horn <jannh@google.com>
Cc: Christian Brauner <brauner@kernel.org>,
John Ericson <mail@johnericson.me>,
Farid Zakaria <farid.m.zakaria@gmail.com>,
Jan Kara <jack@suse.cz>, Kees Cook <kees@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
shuah@kernel.org, linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
linux-kselftest <linux-kselftest@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 0/2] fs: support $ORIGIN in ELF interpreter paths
Date: Fri, 26 Jun 2026 17:28:32 +0100 [thread overview]
Message-ID: <20260626172832.366deaac@pumpkin> (raw)
In-Reply-To: <CAG48ez3o1Mt59dWdyknh_SEaoi-cHv6pdmix+aOdBy3C0-LkYQ@mail.gmail.com>
On Fri, 26 Jun 2026 15:34:12 +0200
Jann Horn <jannh@google.com> wrote:
> On Fri, Jun 26, 2026 at 3:26 PM David Laight
> <david.laight.linux@gmail.com> wrote:
> > On Fri, 26 Jun 2026 14:39:22 +0200
> > Jann Horn <jannh@google.com> wrote:
> >
> > > On Thu, Jun 25, 2026 at 10:50 AM Christian Brauner <brauner@kernel.org> wrote:
> > > > The arguments I have heard from various people so far are:
> > > >
> > > > (1) Userspace would be able to clone a random chroot to /woot and run a
> > > > binary from it without having to set up a complicated sandbox
> > > > effectively making dynamically linked binaries more like static
> > > > binaries in a sense.
> > > >
> > > > (2) Quote:
> > > > "If you debootstrap/dnf a chroot to some location in your
> > > > home dir and try to run a binary from it, that it tries to load the
> > > > libraries from your /usr is a pretty unintuitive and not at all
> > > > useful behavior."
> > > >
> > > > (3) Quote:
> > > > "[Various remote execution things run in locked down containers that
> > > > disable userns, which makes the sandbox impossible and hence our
> > > > builds wouldn't work there."
> > >
> > > FWIW I think someone also mentioned to me that it would make things
> > > easier for them if they could build a piece of software in one
> > > environment and then bundle it up with all required libraries and such
> > > and run it in a very different environment, without
> > > container/sandboxing stuff and without static linking. But I guess
> > > that's kinda niche.
> >
> > The problem with 'ship the shared libraries with the application' is
> > that you get all the problems of static linking.
> > If there is a bug in the library code you can't fix it without getting the
> > 3rd party to rebuild their application package.
>
> Yes, it's appropriate for weird use cases like "I want to run this
> historical version of the software and its dependencies", it's not
> necessarily a good idea for normal application use.
That's what LD_LIBRARY_PATH is for ...
And if you want to use a different elf interpreter just run it and pass the
program name and arguments to it. eg:
/lib64/ld-linux-x64-64.so.2 /bin/echo fubar
Last time I did that I was trying to run non-linux ppc elf program.
I got part way there, but needed to build a lot more of libc.
David
prev parent reply other threads:[~2026-06-26 16:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-22 4:39 [PATCH 0/2] fs: support $ORIGIN in ELF interpreter paths Farid Zakaria
2026-06-22 4:39 ` [PATCH 1/2] " Farid Zakaria
2026-06-22 9:53 ` Jori Koolstra
2026-06-23 20:14 ` Kees Cook
2026-06-23 20:35 ` Farid Zakaria
2026-06-22 4:39 ` [PATCH 2/2] selftests/exec: add test suites for $ORIGIN interpreter resolution Farid Zakaria
2026-06-22 10:39 ` [PATCH 0/2] fs: support $ORIGIN in ELF interpreter paths Jan Kara
2026-06-22 17:15 ` Farid Zakaria
2026-06-22 21:08 ` John Ericson
2026-06-25 8:50 ` Christian Brauner
2026-06-25 19:34 ` John Ericson
2026-06-26 12:39 ` Jann Horn
2026-06-26 13:26 ` David Laight
2026-06-26 13:34 ` Jann Horn
2026-06-26 13:40 ` Farid Zakaria
2026-06-26 16:28 ` David Laight [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260626172832.366deaac@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=brauner@kernel.org \
--cc=farid.m.zakaria@gmail.com \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=kees@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mail@johnericson.me \
--cc=shuah@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox