| Summary: | unshare doesn't work with busybox binaries | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Alex <acornejo> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | busybox-cvs |
| Priority: | P1 | ||
| Version: | 1.26.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
Fixed in git. |
Can't use busybox unshare without root: $ ./busybox unshare -r ./busybox sh -c "echo hi" unshare: unshare(0x4000000): Operation not permitted If I use the non busybox binary versions things work as expected: $ unshare -r sh -c "echo hi" hi If I run as root things work as expected. Here is the strace output: # strace ./busybox unshare -r ./busybox sh -c "echo hi" execve("./busybox", ["./busybox", "unshare", "-r", "./busybox", "sh", "-c", "echo hi"], [/* 73 vars */]) = 0 arch_prctl(ARCH_SET_FS, 0x6f0f30) = 0 set_tid_address(0x6f0f68) = 26481 getuid() = 1000 stat("/etc/busybox.conf", 0x7ffc27391b70) = -1 ENOENT (No such file or directory) getgid() = 1000 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0 rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0 setgid(1000) = 0 futex(0x6f1360, FUTEX_WAKE_PRIVATE, 2147483647) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0 rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0 setuid(1000) = 0 futex(0x6f1360, FUTEX_WAKE_PRIVATE, 2147483647) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 geteuid() = 1000 getegid() = 1000 unshare(CLONE_NEWUTS) = -1 EPERM (Operation not permitted) write(2, "unshare: unshare(0x4000000): Ope"..., 53unshare: unshare(0x4000000): Operation not permitted ) = 53 exit_group(1) = ? So it fails on the call to unshare Given that this works fine with the non-busybox version of unshare, its clearly not a problem of my system, but with busybox. I suspect it has to do with the calls to setgid + setuid before calling unshare (these do not appear on the strace of the regular unshare binary).