While updating keycluster to RHEL5 I stumbled upon some strange behavior.
A service didn’t start due a failure to mount a dummy filesystem. Browsing the code I found that the error was raised by a
system(“/bin/mount”) call.
To avoid issues with the shell environment, I re-implemented with fork()+execv(“/bin/mount”, …).
Still errors, this time it was a execv(): Permission Denied.
Again I read # man execv; without finding any particular issues …
First step: reproduce
wraping the execv() in a standalone executables, like the following, gave no issues
main:
execv(“/bin/mount”, …)
Second Step: suid-bit
as the error happened only with /bin/mount which has the suid-bit set, I tried
#chmod u-s /bin/mount
and BINGO: it worked. This lead me to think to…
Third step: selinux
I thought that it could be a selinux issue: tried
- checking selinux logs (audit)
- tuning selinux (I learned something about context – this was good!)
- disabling selinux
no way
The old good times: Recursive RTFM
I was bored, and started to play seriously: I did what I should have done since the first time.
1. man execv() referred to man execve()
All of these functions may fail and set errno for any of the errors specified for the library function execve(2).
2. man execve() has EPERM error
EPERM The file system is mounted nosuid, the user is not the superuser, and the file has an SUID or SGID bit set.
EPERM The process is being traced, the user is not the superuser and the file has an SUID or SGID bit set.
3. and suddenly I remember: the guilty program was running under valgrind (I’m in test environment!). Well, even Valgrind was running as root, but I don’t effectively know what happens into valgrind