1

I've created a bind mount in /tmp/test which I then use to establish a chroot jail. For example:

mount --bind -o ro /usr/bin/ /tmp/test

chroot /tmp/test /some_executable

This seems to work fine - most of the executables within that folder are accessible and I can interact with them normally from within the jail. However, there are at least a few files within the mount that show up as empty executables. Specifically, a class of nvidia executables used for interacting with a GPU device attached to my system:

-rwxr-xr-x 1 root root         0 Feb 13 15:16 nvidia-cuda-mps-control*
-rwxr-xr-x 1 root root         0 Feb 13 15:16 nvidia-cuda-mps-server*
-rwxr-xr-x 1 root root         0 Feb 13 15:16 nvidia-debugdump*
-rwxr-xr-x 1 root root         0 Feb 13 15:16 nvidia-persistenced*
-rwxr-xr-x 1 root root         0 Feb 13 15:16 nvidia-smi*

If I try to mount one of those files directly, everything works as normal:

touch /tmp/test/nvidia-smi && mount --bind -o ro /usr/bin/nvidia-smi /tmp/test/nvidia-smi

ll /tmp/test/nvidia-smi
-rwxr-xr-x 1 root root 678392 Jul 13  2021 /tmp/test/nvidia-smi*

Any ideas on why this is happening?

Edit: This is what the nvidia files look like on the filesystem before the mount:

/tmp# ls -l /usr/bin/nvidia-*
-rwxr-xr-x 1 root root  45824 Jul 13  2021 /usr/bin/nvidia-cuda-mps-control
-rwxr-xr-x 1 root root  14488 Jul 13  2021 /usr/bin/nvidia-cuda-mps-server
-rwxr-xr-x 1 root root 252720 Jul 13  2021 /usr/bin/nvidia-debugdump
-rwxr-xr-x 1 root root  61976 Jul 13  2021 /usr/bin/nvidia-persistenced
-rwxr-xr-x 1 root root 678392 Jul 13  2021 /usr/bin/nvidia-smi

Filesystem information:

df -T

Filesystem      Type    1K-blocks     Used Available Use% Mounted on
overlay         overlay  31444972 14551624  16893348  47% /
tmpfs           tmpfs       65536        0     65536   0% /dev
tmpfs           tmpfs    16176692        0  16176692   0% /sys/fs/cgroup
tmpfs           tmpfs    16176692        4  16176688   1% /etc/config
/dev/nvme0n1p1  xfs      31444972 14551624  16893348  47% /etc/hosts
shm             tmpfs       65536        0     65536   0% /dev/shm
tmpfs           tmpfs    16176692       12  16176680   1% /run/secrets/kubernetes.io/serviceaccount
Improve this question
3
  • Thanks for the quick response - edited the original question to include that. Commented Feb 13, 2022 at 15:57
  • 1
    Thanks for your help anyway! Commented Feb 13, 2022 at 16:27
  • Oh! It's an overlay filesystem. Maybe those don't chroot? (This is a docker container, isn't it? That's usually really important information.) Commented Feb 13, 2022 at 17:05

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.