Home > Net >  /bin/bash failing "-r" operator, but it works in /bin/sh
/bin/bash failing "-r" operator, but it works in /bin/sh

Time:03-27

A bash script that has always been running as a container entry point. I just upgraded from Alpine3.13 to Alpine3.15.0 and the script started failing the "-r" checks on mounted AND unmounted files.
Docker version 18.06.1-ce, build e68fc7a
libseccomp version libseccomp2/now 2.4.1-0ubuntu0.18.04.2

Minimum example

bash-5.1# ls -lt try
-rw-r--r-- 1 root root 0 Mar 24 08:47 try

bash-5.1# cat test.sh
#!/bin/bash

if [ ! -r /tmp/try ] ; then
    echo "fail -r"
fi

if [ ! -f /tmp/try ] ; then
    echo "fail -f"
fi

bash-5.1# bash test.sh
fail -r
bash-5.1# sh test.sh
bash-5.1#

CodePudding user response:

The issue has been documented here: https://github.com/alpinelinux/docker-alpine/issues/156

The suggested solutions are listed here: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2

As I am unable to update docker and libseccomp version, I've tried the 3rd option and worked alright

  1. As a workaround, in order to run under old Docker or libseccomp versions, the moby default seccomp profile should be downloaded and on line 2, defaultAction changed to SCMP_ACT_TRACE, then --seccomp-profile=default.json can be passed to dockerd, or --security-opt=seccomp=default.json passed to docker create or docker run. This will cause the system calls to return ENOSYS instead of EPERM, allowing the container to fall back to faccessat.

Page link:https//www.codepudding.com/net/350310.html

Prev:Bash function: Is there a way to check if a variable was defined locally?
Next:How to attach a token with blazor frontend http request
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding