[systemd-devel] Securing bind with systemd methods (was: bind-mount of /run/systemd for chrooted bind9/named)
Simon McVittie
smcv at collabora.com
Tue Jul 18 13:28:30 UTC 2023
On Tue, 18 Jul 2023 at 10:42:49 +0200, Marc Haber wrote:
> That would be /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 on my
> system (only output of find /lib /usr/lib -name 'ld-lin*'), and adding
> that to ExecPaths doesnt allow my Executable to run. So it must be
> something else (possibly in addition).
The interoperable interpreter hard-coded in the ELF header for x86_64
is /lib64/ld-linux-x86-64.so.2 (yes, even on Debian, which otherwise
doesn't generally use lib64). On Debian systems, that happens to be a
symlink to /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2, which resolves to
/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 as a result of the /usr
merge, but those paths are implementation details of Debian rather than
being part of the ABI. In container/namespace contexts you'll likely
need to allow access to this via all three paths.
smcv
More information about the systemd-devel
mailing list