chewi / cross-boss Goto Github PK

When binding a file from the host file system into the chroot, bubblewrap helpfully creates all intermediate directories that don't exist in the target. However, cross-boss uses a restrictive umask. As a result, those dirs get created with permission 700, owned by root:root.

Since the binds are typically executables, this causes them to only be executable by root – other users won't be able to read them even though the permissions of the file itself are fine. If the executable in question is an ELF interpreter such as qemu-user, it causes any execve of a target-arch ELF to fail with EACCES, with no other explanation, resulting in an issue that's difficult to diagnose. :-)

Is it possible to

1. disallow creating intermediate directories and failing, forcing the user to create them manually with correct permissions, or
2. change the umask to 755 or similar, or
3. document the issue and add a record to the FAQ?

I'm using cross-boss to cross-compile a rootfs for a PowerPC platform in conjunction with QEMU-user. My platform requires me to specify the -cpu to qemu-ppc when chrooting, otherwise I get illegal instruction errors. To do that, I use a wrapper program that execves QEMU with the -cpu parameter added.

What is the best way of binding both the wrapper and QEMU binaries to the target? cb-bwrap automatically parses the binfmt_misc registry and binds the interpreter it finds there. In my case, it therefore binds the wrapper, but not the actual QEMU executable. As a hack, I added a dummy and otherwise unused entry to binfmt_misc containing qemu-ppc as the target.

Reading the source code, I see that passing --ro-bind "${qemu_path}" "${qemu_path}" as extra arguments to cb-bwrap would perhaps also work, but it's not documented. Is that a supported way, or just an implementation detail?