From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63F813FA5E5 for ; Fri, 26 Jun 2026 16:28:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.42 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782491317; cv=none; b=IcGD3tN2seDjs1VnTlYzbM58/0jZu9UhUAY6doHrw5p4FoP8wXMxoEXbLwDR6AeU1W/avG3dbFY59x2KgzdtsBo7doqI7dG3HCR4MbuyaHA0vAhlz50ZhbmkTaP86ALat333AxkQXFuNA2FUl94lZ5qQAJIWVNSYYvE//m/+Erc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782491317; c=relaxed/simple; bh=KS9JDiMhOnF4fRXZe5BIB4cOnctYse4A9043O0yGgoA=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EU+C4NBe1FBkl9cfENoSSyK66E0+PTRxCEV1GnDQvEYOya/CKvRvvU1iUZGuCPtwJyPVXUTz+4ET5gR2Sw+g8FUPlQae80jksl+ghdmdEv+ZNqwoabHPjP9aZgmLdfWgj6vofr2P0h3GnQUji6WmAoJ5Lee+OxR7jpnWXFyBA60= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ip3Nd0kf; arc=none smtp.client-ip=209.85.128.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ip3Nd0kf" Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4926d6b177eso4108325e9.1 for ; Fri, 26 Jun 2026 09:28:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782491315; x=1783096115; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=7yRRCllVxAYk/OchgnjQ6W/17oLwF8I+OCpCxDAKNow=; b=ip3Nd0kfsDq88G0BrlUATAD3LgdXdfcLXNH1lnnEGb2ROx4WmGKwSPowstFc3MGqNS M64Tblsr1zllJ+ZF7rCimeybRazS9WNlo35q+15klX76gXnVwX4sRYDRU5uVRTKXrpyV uadbijvckMan9BbGlG/uUV5/+pegASl2FsVvAQbDHXOR1OTPKKfFhPXSOP0/xbxyoDNp QDw9bUAI5yjOcXKEIX85Xkev3ED21tVbNJETxKSqN3X84yWwTvyZu9Q41pdt3N8kS0bG WAY1GHgzceboJNdlq3HcGw7/fA1csz8ab1WDQMg8RfP5aJUuEBNzBzijVJciXq9HfG/G qGUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782491315; x=1783096115; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=7yRRCllVxAYk/OchgnjQ6W/17oLwF8I+OCpCxDAKNow=; b=atdjc6wpBGezv2wTHfl3pMwKs2derxgl3JHmY/SF/S6/VBjANotlsi2h10Rg2CzA1p mnHT5J9hUvAUElDZv72GNVvsitaKgPrvlWSXGWOmz7zlyaAiYMgRBdAhTHgh789nolYO hlAQzMURd3b2XrZcuqrkcxiSXAPdLHzsXiidgwF4Luf5KtY/WlqCEfFCEKX1/FAYzhAM fj0qIfn7z6QZ6JLgWcMAIszqWW9wAbpHjOp18UZyJ0htRljqh0e1Z802W0C3DaOHndxS /QHXHNY+ahncoVSbJK75KgIsut+i52Pc0EGZa1P3zHwWBb+Xr6PyuvUCMOmTlkn8biOz 54AQ== X-Forwarded-Encrypted: i=1; AFNElJ9ZlYOdMNA64iLjNNqfrxhPjagmRM2Rj8CIuWz4MyNqEdgaNxIlDeYINHK8scYIWiPj3xI7Y+P17jDkw4o=@vger.kernel.org X-Gm-Message-State: AOJu0YzSvJr455DfnLk8vyHGiNOIHsb1yFZihJiZw7L2IDXv9CK3DW03 vuLvW3XXEAvafUvWD1WkINDbEiLPDmd9xmTdcn3OPSivKGZLiA3B9NJeyEHOth6H X-Gm-Gg: AfdE7clEc6XpWg+mDvaANV02eecFha8p+OI6CRWS42NaY7F7z3a2zcz67WSvMq9WXbB u40tevo0WwxDMcEssAHTfS0OUG+2EEFpZoGNvZh977ua2Ll72QrJWxr981duvuDXBFvOr4fVnHi /D83a8idCr8xiBfnkNKiQYABynSD9dqFJzVtKIgZMeeHnQ9pKgqQCFKhJ027Z+azErJrwtCvAs7 xUibTRaj4V2wuwnKNnDFoVZN3ee1AqtLN136xc+VLyGircINXJnOs0Z3SE7pRj43Tx2nPoF/1e+ 0evXjZ4vb3rfJ/9NhJS73RZHItlVM9mguOQ01SM046vlyy9AbrWUE3aveUpkOaPElnOTp3Yr8jb 7S4CfeR8ZJmEcmdm1oIM8itYXjjyMNdPuGWST0GIgm4rod9GDpkVgkhOo1vXRojziyJrw0A+gLq PAVUGRfsSSj8AhPzCvUd0yrIl/EVeb7iJFqWgRKzVZ2tzSeCnLRg== X-Received: by 2002:a05:600c:8518:b0:492:62d8:2da8 with SMTP id 5b1f17b1804b1-49266884adfmr116414295e9.29.1782491314555; Fri, 26 Jun 2026 09:28:34 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-49271465f35sm952455e9.9.2026.06.26.09.28.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jun 2026 09:28:34 -0700 (PDT) Date: Fri, 26 Jun 2026 17:28:32 +0100 From: David Laight To: Jann Horn Cc: Christian Brauner , John Ericson , Farid Zakaria , Jan Kara , Kees Cook , Al Viro , shuah@kernel.org, linux-fsdevel , linux-mm , linux-kselftest , LKML Subject: Re: [PATCH 0/2] fs: support $ORIGIN in ELF interpreter paths Message-ID: <20260626172832.366deaac@pumpkin> In-Reply-To: References: <20260622043934.179879-1-farid.m.zakaria@gmail.com> <24420045-a6eb-4999-ab19-1e344eaba8a4@app.fastmail.com> <20260625-atomkraftgegner-hunger-kursbuch-b452ff2becab@brauner> <20260626142616.5232c61e@pumpkin> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 26 Jun 2026 15:34:12 +0200 Jann Horn wrote: > On Fri, Jun 26, 2026 at 3:26=E2=80=AFPM David Laight > wrote: > > On Fri, 26 Jun 2026 14:39:22 +0200 > > Jann Horn wrote: > > =20 > > > On Thu, Jun 25, 2026 at 10:50=E2=80=AFAM Christian Brauner wrote: =20 > > > > The arguments I have heard from various people so far are: > > > > > > > > (1) Userspace would be able to clone a random chroot to /woot and r= un a > > > > binary from it without having to set up a complicated sandbox > > > > effectively making dynamically linked binaries more like static > > > > binaries in a sense. > > > > > > > > (2) Quote: > > > > "If you debootstrap/dnf a chroot to some location in your > > > > home dir and try to run a binary from it, that it tries to load= the > > > > libraries from your /usr is a pretty unintuitive and not at all > > > > useful behavior." > > > > > > > > (3) Quote: > > > > "[Various remote execution things run in locked down containers= that > > > > disable userns, which makes the sandbox impossible and hence our > > > > builds wouldn't work there." =20 > > > > > > FWIW I think someone also mentioned to me that it would make things > > > easier for them if they could build a piece of software in one > > > environment and then bundle it up with all required libraries and such > > > and run it in a very different environment, without > > > container/sandboxing stuff and without static linking. But I guess > > > that's kinda niche. =20 > > > > The problem with 'ship the shared libraries with the application' is > > that you get all the problems of static linking. > > If there is a bug in the library code you can't fix it without getting = the > > 3rd party to rebuild their application package. =20 >=20 > Yes, it's appropriate for weird use cases like "I want to run this > historical version of the software and its dependencies", it's not > necessarily a good idea for normal application use. That's what LD_LIBRARY_PATH is for ... And if you want to use a different elf interpreter just run it and pass the program name and arguments to it. eg: /lib64/ld-linux-x64-64.so.2 /bin/echo fubar Last time I did that I was trying to run non-linux ppc elf program. I got part way there, but needed to build a lot more of libc. David