inside the docker images the injectived binary is executable by any user as mode 0755, which is great to be able create/run as a non-root user (container runs as root by default).
however the shared libs in /usr/lib are readable only by root mode 0600, causing a library loading error when a non-root user runs injectived version
is it possible to give the wasm shared libs a mode of 0644 to allow a non-root user to load them?
$ ll /usr/local/bin
total 130596
drwxr-xr-x 1 root root 4096 Jan 22 07:37 ./
drwxr-xr-x 1 root root 4096 Jan 10 00:00 ../
-rwxr-xr-x 1 root root 8908604 Jan 22 07:37 gex*
-rwxr-xr-x 1 root root 124810736 Jan 22 07:36 injectived*
$ ll /usr/lib
total 22440
drwxr-xr-x 1 root root 4096 Jan 22 07:37 ./
drwxr-xr-x 1 root root 4096 Jan 10 00:00 ../
drwxr-xr-x 5 root root 4096 Jan 10 00:00 apt/
drwxr-xr-x 3 root root 4096 May 25 2023 dpkg/
drwxr-xr-x 2 root root 4096 Jan 10 00:00 init/
-rw------- 1 root root 11526856 Oct 31 2023 libwasmvm.aarch64.so
-rw------- 1 root root 11368968 Oct 31 2023 libwasmvm.x86_64.so
workaround:
for anyone hitting this, in my custom Dockerfile I add this RUN statement
RUN find /usr/lib -maxdepth 1 -type f -exec chmod 0644 {} \;
inside the docker images the
injectivedbinary is executable by any user as mode0755, which is great to be able create/run as a non-root user (container runs as root by default).however the shared libs in
/usr/libare readable only by root mode0600, causing a library loading error when a non-root user runsinjectived versionis it possible to give the wasm shared libs a mode of
0644to allow a non-root user to load them?workaround: for anyone hitting this, in my custom Dockerfile I add this
RUNstatement