https://bugzilla.kernel.org/show_bug.cgi?id=214705 Bug ID: 214705 Summary: execve(2) omits EACCES due to capabilities Product: Documentation Version: unspecified Hardware: All OS: Linux Status: NEW Severity: normal Priority: P1 Component: man-pages Assignee: documentation_man-pages@xxxxxxxxxxxxxxxxxxxx Reporter: dspeyer@xxxxxxxxx Regression: No The man page for execve lists only 4 reasons the syscall can fail with errno==EACCES. In fact, there is at least one more. If the binary being executed has a setfattr'ed capability such as CAP_IPC_LOCK which is not supported in the caller's kernel namespace (docker container), execve will fail with this error. I just spent a great deal of frustrating effort searching for a non-existent elf interpreter or mount-noexec issue because I trusted this man page. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
