dimanche 1 mai 2016

systemd-nspawn and noexec flag

Trying to create customized archlinux iso (archiso, releng) I hit a lot of issues, most of them 'execv? failed, permission denied'.

Later on, just trying to run a systemd-nspawn container, again, execv permission. Boot fails.

Googling didn't get me very far, except to broaden the scope from systemd-nspawn to something more general. I try to run a binary (ls) from the container subtree. Permission denied. I md5sum container/.../ls and get the same md5 as the main linux install I'm running. I thought it could be the wrong architecture or a different binary. So if two binaries refuse to run .. maybe they're treated differently from the host OS. I then realize that my container and custom archiso were on a mounted drive.

mount | grep <mountpoint> -&gt; mount .... (...,noexec, ...)

EUREKA.

udevil mounts this drive with a lot of protective flags. udevil unmount <mountpoint>; sudo mount <device> /mnt; <container>/ ... /ls works.

systemd-nspawn -b -D <container> works.

Thanks to #archlinux for nothing (beside rubber ducking ;)</container></container></device></mountpoint></mountpoint>

Aucun commentaire:

Enregistrer un commentaire