Re: TOMOYO and runc containers dislike one another.

Linux Security Modules development
 help / color / mirror / Atom feed

From: "Dr. Greg" <greg@enjellic.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: linux-security-module@vger.kernel.org
Subject: Re: TOMOYO and runc containers dislike one another.
Date: Thu, 21 Nov 2024 22:12:34 -0600	[thread overview]
Message-ID: <20241122041234.GA14684@wind.enjellic.com> (raw)
In-Reply-To: <ad1b3db0-b5b5-40c4-9a44-ce11195cd1b5@I-love.SAKURA.ne.jp>

On Fri, Nov 22, 2024 at 08:22:07AM +0900, Tetsuo Handa wrote:

> Hello.

Hi Tetsuo, I hope this note finds the week ending well for you.

> On 2024/11/22 3:42, Dr. Greg wrote:
> > Kernel version is 6.10 something.
> > 
> > The path causing the issue is as follows:
> > 
> > /dev/fd/7
> > 
> > Here are the warning messages that runc spits out:
> > 
> > FATA[0000] nsexec[1291]: could not ensure we are a cloned binary: No
> > such file or directory
> > 
> > ERRO[0000] runc run failed: unable to start container process: waiting
> > for init preliminary setup: read init-p: connection reset by peer

> Please try applying commit ada1986d0797 ("tomoyo: fallback to realpath
> if symlink's pathname does not exist").

Yes, that did it, thanks for the pointer to the patch.

We now have multiple containers running, each with their own Tomoyo
implementation.... :-)

> Regards.

Have a good weekend.

As always,
Dr. Greg

The Quixote Project - Flailing at the Travails of Cybersecurity
              https://github.com/Quixote-Project

     prev parent reply	other threads:[~2024-11-22  4:13 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-21 18:42 TOMOYO and runc containers dislike one another Dr. Greg
2024-11-21 23:22 ` Tetsuo Handa
2024-11-22  4:12   ` Dr. Greg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241122041234.GA14684@wind.enjellic.com \
    --to=greg@enjellic.com \
    --cc=linux-security-module@vger.kernel.org \
    --cc=penguin-kernel@I-love.SAKURA.ne.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox