From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68E193F54BF for ; Fri, 26 Jun 2026 13:26:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782480386; cv=none; b=XNup/YhIWUODn6QqmNiApV1xk182u19yii85C11QXMxcMmHm5mh43MJ07l8/w2r7C3tbB6m+G3KViSr0dWqeF63p2oQvweE/iowin0fByA2gbBvk8QhLzTyO267jNs6t6zA/PJzYZyni03IA76k9bUnDHMH0suwr43d7f1qdRh4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782480386; c=relaxed/simple; bh=FSRpAu+WACFb8hxEvRIm00KNoLoh5efbcy2RSnsDEb8=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=e58+W8dksTYurdNrgzpjxBx50Z3gZPG0qPLaidKQOxFs+Qbu4MLYpGJjJHo7zKzC44zl7AUj8oG31o2J+0tq/NL0OpYFqViJsBX65g+2HpymQf9O46XT3PSvwhMG1fkf3stN8i+kU5xsynzEGi/PoPuL3Wd4nVrbca7JvAGQZ/o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OL4LeivT; arc=none smtp.client-ip=209.85.128.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OL4LeivT" Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4926f8e02e8so2096755e9.0 for ; Fri, 26 Jun 2026 06:26:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782480380; x=1783085180; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=Voq7hjuwUidlNWLMzAJPrs1yx3BiWD0UlJWeQWkFWrE=; b=OL4LeivTsp/+BLlVzZuZeZDu2iIrgW15xyb6Td3B+r3PqGKesVCZvYI8I33xLwDkBo fdWtTNI5kwAr37fPPt+AJQ4eP6RSFi9UF87GKHbZK00n9QZ+SQ9YEHE07JpPAFUmKaQY ZSxEEqIf+fLuuBJwKFLMjiftLrBLiqdLnv+mPGB0GMCsvpB3fl2QzwCn5DGDQ0apYjdO TnD2dRtGJl+fv9++XaonuT/IYvGkr+sUo+DKGcShWzlGb3VaeQX+x0Vh4cXBZ5o+I/wT ZlXpKOk2KdwUNDwdiPn85ztDQLhz1TsNnXozesW/0Ydgky1yZ18hzigEk7+M2qJ2CYDD wSyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782480380; x=1783085180; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Voq7hjuwUidlNWLMzAJPrs1yx3BiWD0UlJWeQWkFWrE=; b=Z8NSY+cAIvz+ZPhzifDGioeWB21Vt08fumvSZ9qaDs5e7smBpZX9LoX4FdJfcYhVNq g0ioImXlRMV8e7pxEy2LXIk31hUx6d6Zjj4vD2aSVIRroZDkMzEvC7IUdCp9v2nEGWV7 iv6x/f3ILe9jVqboGxKK90TYuJtkXGoVNtfCQGAlzIs8pFHdC75wWuRTR5g9Mp+Joq5l Tv2BEPzH9cKORO6xPbmuEekmJB5a7FTbruARYkRh9JZs+9v29Pz8rzE8+NIcQfBKzlsw jw0MC+Li8hIdhh2bxTM5MEQsEW5ZBTSoKJd7uAqdVdP5hcOZz8NRl7f/U+k3R4F+GuH7 ofFQ== X-Forwarded-Encrypted: i=1; AFNElJ/I005/aBscqkCSP+hQKAa9cK9bIELnDUHKLw9ciZXaIGagHLFAsZt2QBajYQ/TCLuxkOhr9bNnzl5Yh0Y=@vger.kernel.org X-Gm-Message-State: AOJu0Yw9bGmXLULu5Ap2ThC9F5Ozusos3IO/7PS0EZCf3+fkm47Zaw5f wyCy7H9E2afe3sGwpgu/ko/3+cl1KzLgGVHF/RG1yAKY1n9yvLzyPsz+ X-Gm-Gg: AfdE7clHOh7PBICq9vFmEiPqphDzXWjFMAKL5bXzwqWZy9IuC7ESwSXu4oKmrM1xlte cNzclpherLNTMEJ9HaoxvRpwkp0se5+Rmh1DzrDPe+e+mevalhUNVhfYAzEZ7o94z9yclV3NEdG KkyOmjWxqEgNHeO2xg8TV5xfTHsKLdYLVaAlDgTuSYjSP8lXWUgvkjDiZTLiPUaSdGB/E75T3z/ vMWv5poLN39nPYVEO8/JHWOGNP5suKs+AUIF12l7oHN9wglrQy+olv/waaEf5m5PP8R9ETv9/W5 qTUqNRB6LwLwEiC1PH1GcTrDZmY7Z2GfUtUn59AHe8AqJmVuwSf4PZkZCIMZffYgTrYK/7busMY KwYFVEOewPzVSE1MwCURRn4R5hqW8it+AMi88l3slAVmRdImr6yis5xZ2w7s5EkLU1YwK5lxDWI Jn1AFkJOPIO82F32hRLo6dczayLnVpxgxI8/4IPY5aHvMPKH6TLg== X-Received: by 2002:a05:600c:8a0a:20b0:492:4c2e:9610 with SMTP id 5b1f17b1804b1-4926684a979mr76376465e9.11.1782480380120; Fri, 26 Jun 2026 06:26:20 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-49268f700c0sm85859525e9.0.2026.06.26.06.26.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jun 2026 06:26:19 -0700 (PDT) Date: Fri, 26 Jun 2026 14:26:16 +0100 From: David Laight To: Jann Horn Cc: Christian Brauner , John Ericson , Farid Zakaria , Jan Kara , Kees Cook , Al Viro , shuah@kernel.org, linux-fsdevel , linux-mm , linux-kselftest , LKML Subject: Re: [PATCH 0/2] fs: support $ORIGIN in ELF interpreter paths Message-ID: <20260626142616.5232c61e@pumpkin> In-Reply-To: References: <20260622043934.179879-1-farid.m.zakaria@gmail.com> <24420045-a6eb-4999-ab19-1e344eaba8a4@app.fastmail.com> <20260625-atomkraftgegner-hunger-kursbuch-b452ff2becab@brauner> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 26 Jun 2026 14:39:22 +0200 Jann Horn wrote: > On Thu, Jun 25, 2026 at 10:50=E2=80=AFAM Christian Brauner wrote: > > The arguments I have heard from various people so far are: > > > > (1) Userspace would be able to clone a random chroot to /woot and run a > > binary from it without having to set up a complicated sandbox > > effectively making dynamically linked binaries more like static > > binaries in a sense. > > > > (2) Quote: > > "If you debootstrap/dnf a chroot to some location in your > > home dir and try to run a binary from it, that it tries to load the > > libraries from your /usr is a pretty unintuitive and not at all > > useful behavior." > > > > (3) Quote: > > "[Various remote execution things run in locked down containers that > > disable userns, which makes the sandbox impossible and hence our > > builds wouldn't work there." =20 >=20 > FWIW I think someone also mentioned to me that it would make things > easier for them if they could build a piece of software in one > environment and then bundle it up with all required libraries and such > and run it in a very different environment, without > container/sandboxing stuff and without static linking. But I guess > that's kinda niche. The problem with 'ship the shared libraries with the application' is that you get all the problems of static linking. If there is a bug in the library code you can't fix it without getting the 3rd party to rebuild their application package. If the bug is in a system shared library updating the system libraries fixes the bug. Now this does require that the writers of shared libraries maintain backwards compatibility and that the 'system' provides the required updates. I remember a long time ago the company I worked for shipped a system where the libc.so the linker found was actually an archive library one of whose members was a shared library. So some functions were dynamically loaded and others static. There was a bug in one of the static functions (IIRC it corrupted the utmp file), once located and fixed the 3rd party had to be persuaded to rebuild and re-release their product. (It has to be said that anyone with half a brain would have realised that because libc was split for compatibility reasons, statically linking this particular function was actually stupid.) David