5

When I bind filesystem root it works

~> bwrap --ro-bind / / -- which which
/usr/bin/which

however when I bind non-root it fails

~> bwrap --ro-bind /usr /usr -- which which
bwrap: execvp which: No such file or directory

even though /usr/bin/which is in /usr.

Why does it fail?

dirdi
  • 3,137
  • 14
  • 34
Nycta
  • 153
  • 1
  • 5

1 Answers1

4

You did not bind the interpreter for that binary – /lib/ld-linux.so.2 or /lib64/ld-linux-x86-64.so.2 or similar. (The kernel itself doesn't actually understand dynamically linked binaries, instead they specify a loader in their ELF header. It works very similar to the #! line for scripts.)

Even on systems with a merged /usr, this file is commonly still in /lib. (And on systems without a merged /usr, lots of other required libraries such as libc.so are in /lib as well.)

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • 1
    Thanks, now I get it. `bwrap --ro-bind /usr /usr --ro-bind /lib64 /lib64 -- which which` works – Nycta Aug 13 '20 at 11:15
  • The example given by @Rawieo does not work for me. Still getting the same error. – dirdi Nov 09 '20 at 21:00