| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
POSIX doesn't specify EBADFD, and EBADF should cover us, and we
don't really need it, so disable for now.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Some gcc versions don't like the construct here where we modified a
variable in the middle of multiple checks.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/374059
Reported-by: Nick Bowler <nbowler@draconx.ca>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
The open test got this fix a while ago, but open64 was missed.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Instead of testing manually for libdl and then libc for dlopen, just use
AC_SEARCH_LIBS (and then AC_CHECK_FUNCS to check for dlvsym). The code
is much nicer now.
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Since we're already depending on a not-yet-released automake version, we
may as well depend on the already-released libtool 2.2. This way we can
avoid the dirty trick of undefining the macros to check for CXX and F77.
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
We need to special case a NULL filename with futimesat just like we
already do with utimensat.
URL: http://bugs.gentoo.org/348640
Reported-by: Jeremy Olexa <darkside@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Let the default mode for files be 0777 rather than 0 so that the default
creation of files actually works.
Also make the flags part of a dirfd filename actually optional.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Only strip quotes from arguments which lack spaces in them.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The previous commit (libsandbox: handle dirfd in mkdir/open/unlink *at
prechecks) unified some path checks while unifying the dirfd code, but
prevented valid NULL paths from also being handled. Make sure we still
handle that behavior, and add a test for it to prevent future regressions.
URL: http://bugs.gentoo.org/346815
Reported-by: Jake Todd <jaketodd422@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous commit (libsandbox: handle dirfd in mkdir/open/unlink *at
prechecks) left a sizeof() in place but unfortunately no longer held the
same meaning. In previous code, the function had access to the buffer
decl and so could get the byte count. In the new code, the function has
access to the pointer only. So sizeof() now wrongly returns the size of
pointers rather than the length of the buffer.
Extend the new helper function to take the length of the buffer it is
given to fix this issue.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
If sigsuspend-zsh_tst fails, it isn't quite clear as to why. So make the
output a bit more clear as to what's going on.
URL: http://bugs.gentoo.org/339022
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
The previous change for hardened users (libsandbox: avoid passing same
buffer to erealpath) made a change canonicalize() to fix the buffer
usage, but missed updating the actual call to erealpath to use the new
buffer set up just for it.
URL: http://bugs.gentoo.org/339157
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Ignoring the dirfd hasn't been a problem in the past as people weren't
really using it, but now that core packages are (like tar), we need to
handle things properly.
URL: http://bugs.gentoo.org/342983
Reported-by: Xake <xake@rymdraket.net>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
When the local m4 code is a diff version of libtool, updating in place
likes to generate ugly harmless warnings. But I don't want to see them.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The arg is supposed to be "<path>:<flags>", but we were parsing it as
"<flags>:<path>". So unswap the logic.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
The previous commit to fix duplicate dist inclusion broke the install of
the generated file. So try again but hopefully this time get it right:
- include only 00default.in in the dist
- install only 00default
URL: http://bugs.gentoo.org/333131
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some gnulib tests that are bundled with multiple GNU packages stress the
POSIX correctness of mkdir behavior across broken symlinks. While this
specific behavior under ssandbox doesn't really matter (as packages don't
create broken symlinks and then need this errno value), it isn't really
feasible to patch all the random packages. So add a smallish hack for
now to keep them happy until something better can be formulated.
URL: http://bugs.gentoo.org/297026
Reported-by: Diego E. Pettenò <flameeyes@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Doing rmdir(symlink) does not remove the dir the symlink points to, but
will operate on the symlink itself. While it will always fail (since it
is a link and not a dir), that isn't something we need worry about. Just
need to avoid doing permission checking on the target of the symlink.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Portage by default will do `addpredict /` which can causes tests that
expect certain behavior to fail, but only when testing under portage.
So tweak the default environment to include this so that we are forced
to tweak the tests so that they pass in and out of the portage env.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Building out-of-tree and then running `make dist` would miss a lot of
important test files. Make sure globs are relative to the source tree
and not the build tree.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Make sure we only bundle 00default.in in the dist tarball rather than also
including the generated 00default.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Rather than having tests rely on implicit behavior (current dir is not
listed anywhere thus it is denied), force tests to declare explicit
deny paths when desired. This way `make check` works even when it is
run under a path that is granted write access by default (such as the
tempdirs).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The portage environment stuff is designed for interactive sessions and
makes no sense when automatically testing things locally.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Portage builds packages in $CAT/$PF now rather than $PF, so update the
local env search code to handle that.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The erealpath function modifies the storage buffer given to it in place
and can misbehave if both the source and destination buffers point to the
same storage in memory. So fix the one case where we were doing this in
the canonicalize() function and add some run time checks to make sure this
doesn't crop up again.
URL: http://bugs.gentoo.org/292050
Reported-by: Hongjiu Zhang <voidprayer@gmail.com>
Reported-by: Fredric Johansson <johansson_fredric@hotmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When tracing static processes, the original implementation included code
that would always swallow SIGCHLD. Much has changed since then, and it
doesn't seem to be needed anymore, and it is certainly breaking a few
packages. So drop it, add some tests, and if it causes a regression in
the future, we can look at it then (with an actual test case).
URL: http://bugs.gentoo.org/289963
Reported-by: Joeri Capens <joeri@capens.net>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/293632
Reported-by: Raúl Porcel <armin76@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
This should avoid unnecessary chmods when regenerating files other than
src/sandbox.sh which can sometimes lead to ugly warnings/errors when
mucking about the source tree after ./configure.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/291103
Reported-by: Franz Fellner <fellner@gmx.de>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|