ARMv7lプラットフォーム、つまりBusyBoxには、いくつかの静的バイナリ(Kobo eReader、InkBox OSプロジェクトを参照)を含むchrootがあります。ルートとしてのchrootはうまく動作します。
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# env PATH=/system-bin /tmp/chroot /data/onboard/.apps/Sanki/ /app-temp/busybox sh
kobo:/# whoami
whoami: unknown uid 0 #### I am root
kobo:/#
その後、次のオプションを使用して、権限のないユーザーとしてchrootにログインしようとしました--userspec
。
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# env PATH=/system-bin /tmp/chroot --userspec=user:user /data/onboard/.apps/Sanki/ /app-temp/busybox sh
chroot: failed to run command ‘/app-temp/busybox’: Permission denied
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki#
スタックトレース:
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# strace env PATH=/system-bin /tmp/chroot --userspec=user:user /data/onboard/.apps/Sanki/ /system-bin/busybox sh
execve("/usr/bin/env", ["env", "PATH=/system-bin", "/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/system-bin/busybox", "sh"], 0x7e8f5cf8 /* 17 vars */) = 0
set_tls(0x2ad13388) = 0
set_tid_address(0x2ad13f3c) = 3925
brk(NULL) = 0x2abcd000
brk(0x2abcf000) = 0x2abcf000
mmap2(0x2abcd000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2abcd000
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eafe5f8) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2abcf000
mmap2(0x2abe2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2abe2000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eafe5f8) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2abe4000
mmap2(0x2abf6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2abf6000
close(3) = 0
mprotect(0x2abe2000, 4096, PROT_READ) = 0
mprotect(0x2abf6000, 4096, PROT_READ) = 0
mprotect(0x2abb5000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "env") = 0
prctl(PR_SET_KEEPCAPS, 2125458926) = -1 EINVAL (Invalid argument)
execve("/tmp/chroot", ["/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/system-bin/busybox", "sh"], 0x7eafecf4 /* 17 vars */) = 0
set_tls(0x2acff388) = 0
set_tid_address(0x2acfff3c) = 3925
brk(NULL) = 0x2ac75000
brk(0x2ac77000) = 0x2ac75000
mmap2(NULL, 8192, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab4b000
mprotect(0x2ab4c000, 4096, PROT_READ|PROT_WRITE) = 0
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7e811648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2ad00000
mmap2(0x2ad13000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2ad13000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7e811648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2aaf1000
mmap2(0x2ab03000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2ab03000
close(3) = 0
mprotect(0x2ad13000, 4096, PROT_READ) = 0
mprotect(0x2ab03000, 4096, PROT_READ) = 0
mprotect(0x2ac5d000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "/tmp/chroot") = 0
prctl(PR_SET_KEEPCAPS, 2122391093) = -1 EINVAL (Invalid argument)
mmap2(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaec000
statx(AT_FDCWD, "/data", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
statx(AT_FDCWD, "/data/onboard", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard", {st_mode=S_IFDIR|0755, st_size=6656, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps", {st_mode=S_IFDIR|0755, st_size=512, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps/Sanki", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps/Sanki", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
munmap(0x2aaec000, 16384) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac0000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2aac0000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac4d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
close(3) = 0
munmap(0x2ac4d000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2ab7d000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac7000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2aac7000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aacc000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2aacc000, 4096) = 0
chroot("/data/onboard/.apps/Sanki/") = 0
chdir("/") = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aacd000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2aacd000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7e000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
close(3) = 0
munmap(0x2ab7e000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac4d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2ac4d000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac4d000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2ac4d000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab0b000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2ab0b000, 4096) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgroups32(1, [1000]) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setuid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
execve("/system-bin/busybox", ["/system-bin/busybox", "sh"], 0x7e811d3c /* 17 vars */) = -1 EACCES (Permission denied)
fcntl64(1, F_GETFL) = 0x20002 (flags O_RDWR|O_LARGEFILE)
writev(2, [{iov_base="chroot: ", iov_len=8}, {iov_base=NULL, iov_len=0}], 2chroot: ) = 8
writev(2, [{iov_base="failed to run command \342\200\230/system"..., iov_len=47}, {iov_base=NULL, iov_len=0}], 2failed to run command ‘/system-bin/busybox’) = 47
writev(2, [{iov_base=": Permission denied", iov_len=19}, {iov_base=NULL, iov_len=0}], 2: Permission denied) = 19
writev(2, [{iov_base="", iov_len=0}, {iov_base="\n", iov_len=1}], 2
) = 1
close(1) = 0
close(2) = 0
exit_group(126) = ?
+++ exited with 126 +++
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# strace env PATH=/system-bin /tmp/chroot --userspec=user:user /data/onboard/.apps/Sanki/ /app-temp/busybox sh
execve("/usr/bin/env", ["env", "PATH=/system-bin", "/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/app-temp/busybox", "sh"], 0x7ec2bcf8 /* 17 vars */) = 0
set_tls(0x2ad36388) = 0
set_tid_address(0x2ad36f3c) = 3929
brk(NULL) = 0x2abef000
brk(0x2abf1000) = 0x2abf1000
mmap2(0x2abef000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2abef000
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7ebfe608) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2abf1000
mmap2(0x2ac04000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2ac04000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7ebfe608) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2ac06000
mmap2(0x2ac18000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2ac18000
close(3) = 0
mprotect(0x2ac04000, 4096, PROT_READ) = 0
mprotect(0x2ac18000, 4096, PROT_READ) = 0
mprotect(0x2abd7000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "env") = 0
prctl(PR_SET_KEEPCAPS, 2126507504) = -1 EINVAL (Invalid argument)
execve("/tmp/chroot", ["/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/app-temp/busybox", "sh"], 0x7ebfed04 /* 17 vars */) = 0
set_tls(0x2ad7d388) = 0
set_tid_address(0x2ad7df3c) = 3929
brk(NULL) = 0x2ac45000
brk(0x2ac47000) = 0x2ac47000
mmap2(0x2ac45000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ac45000
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eab9648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2ab0a000
mmap2(0x2ab1d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2ab1d000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eab9648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2aab3000
mmap2(0x2aac5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2aac5000
close(3) = 0
mprotect(0x2ab1d000, 4096, PROT_READ) = 0
mprotect(0x2aac5000, 4096, PROT_READ) = 0
mprotect(0x2ac2d000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "/tmp/chroot") = 0
prctl(PR_SET_KEEPCAPS, 2125176375) = -1 EINVAL (Invalid argument)
mmap2(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab1f000
statx(AT_FDCWD, "/data", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
statx(AT_FDCWD, "/data/onboard", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard", {st_mode=S_IFDIR|0755, st_size=6656, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps", {st_mode=S_IFDIR|0755, st_size=512, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps/Sanki", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps/Sanki", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
munmap(0x2ab1f000, 16384) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aad1000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2aad1000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aad2000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
close(3) = 0
munmap(0x2aad2000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aad4000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2aad4000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac1d000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2ac1d000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab47000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2ab47000, 4096) = 0
chroot("/data/onboard/.apps/Sanki/") = 0
chdir("/") = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac8000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2aac8000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac1d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
close(3) = 0
munmap(0x2ac1d000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab3c000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2ab3c000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac1d000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2ac1d000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaf2000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2aaf2000, 4096) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgroups32(1, [1000]) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setuid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
execve("/app-temp/busybox", ["/app-temp/busybox", "sh"], 0x7eab9d3c /* 17 vars */) = -1 EACCES (Permission denied)
fcntl64(1, F_GETFL) = 0x20002 (flags O_RDWR|O_LARGEFILE)
writev(2, [{iov_base="chroot: ", iov_len=8}, {iov_base=NULL, iov_len=0}], 2chroot: ) = 8
writev(2, [{iov_base="failed to run command \342\200\230/app-te"..., iov_len=45}, {iov_base=NULL, iov_len=0}], 2failed to run command ‘/app-temp/busybox’) = 45
writev(2, [{iov_base=": Permission denied", iov_len=19}, {iov_base=NULL, iov_len=0}], 2: Permission denied) = 19
writev(2, [{iov_base="", iov_len=0}, {iov_base="\n", iov_len=1}], 2
) = 1
close(1) = 0
close(2) = 0
exit_group(126) = ?
+++ exited with 126 +++
[chroot]/etc/passwd
:
user::1000:1000:user:/root:/system-bin/sh
[chroot]/etc/group
:
user:x:1000:
権限:
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# ls -ld app-temp
drwxrwxrwt 2 user user 80 Jun 11 19:26 app-temp
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# ls -l app-temp/
total 2660
-rwxr-xr-x 1 user user 1509048 Jun 11 18:52 busybox
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki#
su user -s /system-bin/sh
chrootでrootで作業しようとすると、同じ「許可拒否」エラーが発生します。
何が問題なのかご存知ですか?ありがとうございます!
答え1
問題の原因を見つけました。私が持っているいくつかのデバイスのカーネルがXZ圧縮をサポートするには古すぎるので、Squashfuseを使ってSquashFSファイルをマウントしていました。allow_other
他のユーザーがマウントされたアーカイブ(chrootがある場所)のファイルにアクセスできるように、このオプションを指定することを忘れました。
マウントオプションをsquashfuseに渡すことで問題が解決しました。