Dealing with glibc faccessat2 breakage under systemd-nspawn
Backstory
The gist of it is that glibc began to make use of the new faccessat2
syscall,
which when running under older systemd-nspawn is filtered to return EPERM
.
This misdirects glibc into assuming a file or folder cannot be accessed,
when in reality nspawn just doesn't know the syscall.
A fix was submitted to systemd [1] but it turned out this didn't only affect nspawn, but also needed to be fixed in various container runtimes and related software [2] [3] [4] [5]. Hacking around it in glibc [6] or the kernel [7] was proposed, with both (rightfully) rejected immediately.
I pondered what an awful bug that was and was glad I didn't have to deal with this mess.