Age | Commit message (Collapse) | Author |
|
* src/tee.c (main): Don't continue reading if we can't
output anywhere.
* tests/misc/tee.sh: Ensure we exit when no more outputs.
* NEWS: Mention the change in behavior.
|
|
* tests/init.sh (returns_): Disable tracing for this wrapper
function, so that stderr of the wrapped command is unchanged,
allowing for verification of the contents.
|
|
Each user has a maximum number of inotify watches,
so handle the cases where we exhaust these resources.
* src/tail.c (tail_forever_inotify): Ensure we inotify_rm_watch()
the watch for an inode, when replacing with a new watch for a name.
Return all used inotify resources when reverting to polling.
Revert to polling upon first indication of inotify resource exhaustion.
Revert to polling on any inotify resource exhaustion.
Diagnose resource exhaustion correctly in all cases.
Avoid redundant reinsertion in the hash for unchanged watches
(where only attributes of the file are changed).
* tests/tail-2/retry.sh: Avoid false failure when reverting to polling.
* tests/tail-2/inotify-rotate.sh: Likewise.
* tests/tail-2/symlink.sh: Likewise.
* tests/tail-2/inotify-rotate-resources.sh: New test to check
that we're calling inotify_rm_watch() for replaced files.
* tests/local.mk: Reference the new test.
* NEWS: Mention the bug fix.
* THANKS.in: Thanks for reporting and problem identification.
|
|
* tests/tail-2/inotify-rotate.sh (cleanup_fail_): Set fail=1
so that failures are identified. Regression in v8.23-63-g111a2b9
Also use print_ver_ rather than open coding --verbose support.
Also check for more than a single 'b' which seems brittle.
|
|
The following test fails on aarch64 on openSUSE's OpenBuildService
due to glibc's execvp reversing the pointers of 'environ', i.e.,
the output of "env|tac" equals "env env" on that platform.
* tests/misc/printenv.sh: Use 'env env' to work around the behavior
on that platform.
While at it, fix the grep pattern which suppressed all environment
variables starting with an underscore "_" instead of "$_" (and
"$LD_PRELOAD") only.
|
|
To align with all other places (and correct grammar), change all
upper-case "I.E." to "I.e.". Furthermore, ensure that "i.e." is
followed by a comma. Finally, ensure to use a double-space before
"I.e.," at the beginning of a sentence.
The following was used to change all offending uses (apart from
old ChangeLog files):
$ git grep -liF 'i.e.' \
| xargs sed -i \
-e 's/I\.E\./I.e./g' \
-e 's/\. \(I\.e\.\)/. \1/g' \
-e 's/\([Ii]\.e\.\)\( \)/\1,\2/g' \
-e 's/\([Ii]\.e\.\)$/\1,/g'
* cfg.mk (sc_prohibit_uppercase_id_est): Add new rule.
(sc_ensure_double_space_after_dot_before_id_est): Likewise.
(sc_ensure_comma_after_id_est): Likewise.
(old_NEWS_hash): Refresh hash via "make update-NEWS-hash".
* NEWS: Change use of "id est" abbreviation via the above command.
* README: Likewise.
* README-prereq: Likewise.
* doc/coreutils.texi: Likewise.
* gl/lib/rand-isaac.c: Likewise.
* gl/lib/tempname.c.diff: Likewise.
* man/stdbuf.x: Likewise.
* src/cat.c: Likewise.
* src/copy.c: Likewise.
* src/copy.h: Likewise.
* src/cp.c: Likewise.
* src/cut.c: Likewise.
* src/dd.c: Likewise.
* src/df.c: Likewise.
* src/fiemap.h: Likewise.
* src/longlong.h: Likewise.
* src/ls.c: Likewise.
* src/numfmt.c: Likewise.
* src/pr.c: Likewise.
* src/shred.c: Likewise.
* src/shuf.c: Likewise.
* src/split.c: Likewise.
* tests/Coreutils.pm: Likewise.
* tests/df/df-symlink.sh: Likewise.
* tests/df/skip-rootfs.sh: Likewise.
* tests/init.sh: Likewise.
* tests/ls/color-norm.sh: Likewise.
* tests/misc/basename.pl: Likewise.
* tests/misc/ls-misc.pl: Likewise.
* tests/misc/md5sum-bsd.sh: Likewise.
* tests/misc/shred-exact.sh: Likewise.
* tests/misc/sort.pl: Likewise.
* tests/misc/stdbuf.sh: Likewise.
* tests/misc/tac-continue.sh: Likewise.
* tests/rm/r-root.sh: Likewise.
* tests/tail-2/symlink.sh: Likewise.
|
|
* m4/jm-macros.m4 (coreutils_MACROS): Check for syncfs().
* man/sync.x: Add references to syncfs, fsync and fdatasync.
* doc/coreutils.texi (sync invocation): Document the new feature.
* src/sync.c: Include "quote.h".
(AUTHORS): Include myself.
(MODE_FILE, MODE_DATA, MODE_FILE_SYSTEM, MODE_SYNC): New enum values.
(long_options): Define.
(sync_arg): New function.
(usage): Describe that arguments are now accepted.
(main): Add arguments parsing and add support for fsync(2),
fdatasync(2) and syncfs(2).
* tests/misc/sync.sh: New (and only) test for sync.
* tests/local.mk: Reference the new test.
* AUTHORS: Add myself to sync's authors.
* NEWS: Mention the new feature.
|
|
* tests/split/record-sep.sh: Use the recently added returns_ function
to simplify the shell syntax in this test. Also remove the redirection
of stdout/stderr to /dev/null as this eases analyzing errors.
|
|
* src/split.c (eolchar): A new variable to hold
the separator character (unibyte for now).
This is reference throughout rather than hardcoding '\n'.
(usage): Describe the new --separator option, and
mention records along with lines so there is no ambiguity
that all options treat lines and records equivalently.
(main): Have -t update eolchar, or default to '\n'.
* tests/split/record-sep.sh: New test case.
* tests/local.mk: Reference the new test.
* doc/coreutils.texi (split invocation): Document the new option.
Adjust --lines, --line-bytes, --number=[lr]/... to mention
they pertain to records if --separator is specified.
* NEWS: Mention the new feature.
|
|
When some program produces unexpected output, that use of
compare-vs-/dev/null will ensure that the surprising output is
printed in the test's output. With "test -s err" only, one
would have to instrument and rerun in order to see the offending
output.
* cfg.mk (sc_prohibit_and_fail_1): Exempt 'compare' from this check.
* tests/dd/misc.sh: Change "tests -s ... || fail=1" to
"compare /dev/null ... && fail=1".
* tests/misc/nice.sh: Likewise.
* tests/rm/read-only.sh: Likewise.
* tests/tail-2/inotify-race.sh: Likewise.
* tests/touch/no-dereference.sh: Likewise.
Suggested by Jim Meyering in
http://lists.gnu.org/archive/html/coreutils/2015-01/msg00042.html
|
|
Many tests use `program ... && fail=1` to ensure expected
error situations are indicated. However that would mask
an unexpected exit (like a crash). Therefore explicitly
check the expected exit code.
Note where error messages are also verified, the extra
protection is not added.
* tests/init.sh (returns_): A new helper function to
check the return code of a command, and used
throughout the tests.
* cfg.mk (sc_prohibit_and_fail_1): Add a syntax check
to avoid new instances of this issue.
|
|
* tests/df/no-mtab-status.sh: Provide libmount placeholders,
to avoid skipping the test when libmount is in use.
* tests/df/skip-duplicates.sh: Likewise.
* tests/df/skip-rootfs.sh: Comment that the test is moot
when libmount (/proc/self/mountinfo) is being used.
|
|
* tests/cp/cp-a-selinux.sh: Comment why unused variables are assigned.
Fix misspellings noticed while adjusting.
* tests/cp/fiemap-perf.sh: Fix quoting.
* tests/misc/shuf.sh: Avoid useless use of cat.
* tests/misc/printf-surprise.sh: Likewise.
|
|
* tests/misc/shuf.sh: Improve the test so it detects
crashes in more cases.
* NEWS: Mention the previous fix.
|
|
Problem reported by Daiki Ueno in: http://bugs.gnu.org/19520
* src/shuf.c (main): Avoid core dump if !input_range.
* tests/misc/shuf.sh: Test for this bug.
|
|
* bootstrap: Update copyright year manually (missing in previous
gnulib update).
* tests/init.sh: Likewise.
The entries in the exemption list are processed by
"grep -vEf ./.x-update-copyright", and therefore evaluated as an
extended regular expression (ERE). Thus, the "bootstrap" entry
also matched for bootstrap.conf which we want to be updated.
* .x-update-copyright: Change all entries to EREs, i.e. including
the caret ^ and dollar sign $ meta-characters matching the beginning
and the end of a line.
* bootstrap.conf: Update copyright year by "make update-copyright".
Finally, the only one showing up with the following command should
be the COPYING file:
$ git grep 'Copyright .* Free Software' | grep -v '2015 Free Software'
|
|
Run "make update-copyright" and then...
* tests/sample-test: Adjust to use the single most recent year.
* tests/du/bind-mount-dir-cycle-v2.sh: Fix case in copyright message,
so that year is updated automatically in future.
|
|
Commit v8.23-63-g111a2b9 removed the expensive tag on this test,
as it runs quickly on systems with inotify. However without that
it would take about 8 minutes for the test to complete all iterations.
* tests/tail-2/inotify-rotate.sh: Tag as expensive without inotify.
Also adjust the polling parameters used on systems without inotify
so that the test completes within about 15 seconds.
|
|
Included in this are gnulib changes 3ea43e02 2768ceb7
which make the device IDs from /proc/self/mountinfo
available to df. This can be leveraged by a subsequent
change to df to present a more accurate list of file systems.
* bootstrap: Merge from gnulib.
* src/ls.c (dev_ino_pop): s/obstack_blank/obstack_blank_fast/
as this API/ABI has changed, giving memory exhausted errors
if negative (large positive) numbers are passed to obstack_blank().
* tests/df/skip-duplicates.sh: Adjust as the new gnulib code
requires a non NULL mnt_opts even when mnt_type is not "none".
|
|
http://hydra.nixos.org/build/18129583 identified (on OS X)
an incorrect test assumption in the previous commit.
* gl/lib/xdectoint.c (__xnumtoint): Suppress the EINVAL
error message as it's redundant in this context.
* tests/misc/tail.pl: Suppress _optionally_ appended
strerror messages.
* tests/fmt/base.pl: Likewise.
* tests/pr/pr-tests.pl: Likewise.
* tests/split/l-chunk.sh: Likewise.
|
|
Following on from commit v8.23-82-gaddae94, consistently diagnose
numbers that are too large, so as to distinguish from other errors,
and make the limits obvious.
* gl/modules/xdectoint: A new module implementing xdecto[iu]max(),
which handles the common case of parsing a bounded integer and
exiting with a diagnostic on error.
* gl/lib/xdectoimax.c: The signed variant.
* gl/lib/xdectoint.c: The parameterized implementation.
* gl/lib/xdectoint.h: The interface.
* gl/lib/xdectoumax.c: The unsigned variant.
* bootstrap.conf: Reference the new module.
* cfg.mk (exclude_file_name_regexp--sc_require_config_h_first):
Exclude the parameterized templates.
* src/csplit.c: Output EOVERFLOW or ERANGE errors if appropriate.
* src/fmt.c: Likewise.
* src/fold.c: Likewise.
* src/head.c: Likewise.
* src/ls.c: Likewise.
* src/nl.c: Likewise.
* src/nproc.c: Likewise.
* src/shred.c: Likewise.
* src/shuf.c: Likewise.
* src/stdbuf.c: Likewise.
* src/stty.c: Likewise.
* src/tail.c: Likewise.
* src/truncate.c: Likewise.
* src/split.c: Likewise.
* src/pr.c: Likewise.
* tests/pr/pr-tests.pl: Adjust to avoid matching errno diagnostic.
* tests/fmt/base.pl: Likewise.
* tests/split/l-chunk.sh: Likewise.
* tests/misc/shred-negative.sh: Likewise.
* tests/misc/tail.pl: Likewise. Also remove the redundant
existing ERR_SUBST from test err-6.
* tests/ls/hex-option.sh: Check HEX/OCT options.
* tests/misc/shred-size.sh: Likewise.
* tests/misc/stty-row-col.sh: Likewise.
|
|
glibc <= 2.5 would crash when passed invalid long double values,
therefore internal gnulib routines were used, essentially only by od,
to output such invalid values. Later glibc versions don't crash,
as per https://sourceware.org/bugzilla/show_bug.cgi?id=4586
and subsequently od was adjusted to use the system printf routines
through the use of the ftoastr module with commit v8.7-22-ga71c22f.
Consequently our testing of this feature was moot, and use of
the gnulib printf replacement for printf(1), od(1) and error(3) etc.
was redundant.
* configure.ac (gl_printf_safe): Unset so that we don't check that
"nan" is output for these long double values.
* tests/misc/od-float.sh: Adjust all existing checks to fail if od
exits with failure status (like crashing for example). Add a new case
for one of the problematic invalid long double values for x86_64.
We only check that od exits successfully at present, which may change
if https://sourceware.org/bugzilla/show_bug.cgi?id=17661 is resolved.
|
|
This patch fixes the handling of sub-bind-mount cycles which are
incorrectly detected as the file system errors. If you bind mount the
directory 'a' to its subdirectory 'a/b/c' and then run 'du a/b' you
will get the circular dependency warning even though nothing is wrong
with the file system. This happens because the first directory that is
traversed twice in this case is not a bind mount but a child of bind
mount. The solution is to traverse all the directories in the cycle
that fts detected and check whether they are not a (bind) mount.
* src/du.c (mount_point_in_fts_cycle): New function that checks whether
any of the directories in the cycle that fts detected is a mount point.
* src/du.c (process_file): Update the function to use the new function
that looks up all the directories in the fts cycle instead of only the
last one.
* tests/du/bind-mount-dir-cycle-v2.sh: New test case that exhibits the
described behavior.
* tests/local.mk: Reference the new root test.
* NEWS: Mention the bug fix.
|
|
These checks weren't correctly avoided in commit v8.23-66-g222d7ac
* tests/cp/same-file.sh: Avoid all hardlink to symlink tests
on platforms where that's not supported.
Identified by http://hydra.nixos.org/build/17636446
|
|
Solaris 8 was seen to issue this error:
"printf: `&': illegal format character"
* test/dd/ascii.sh: Use the coreutils printf in this test
rather than the system one, to avoid portability issues.
|
|
* src/df.c (filter_mount_list): Separate remote locations are
generally explicitly mounted, so list each even if they share
the same remote device and thus storage. However with --total
keep the suppression to give a more accurate value for the
total storage available.
(usage): Expand on the new implications of --total and move
it in the options list according to alphabetic order.
doc/coreutils.texi (df invocation): Mention that --total impacts
on deduplication of remote file systems and also move location
according to alphabetic order.
* tests/df/skip-duplicates.sh: Add remote test cases.
* NEWS: Mention the change in behavior.
Reported in http://bugs.debian.org/737399
Reported in http://bugzilla.redhat.com/920806
Reported in http://bugzilla.opensuse.org/866010
Reported in http://bugzilla.opensuse.org/901905
|
|
* NEWS: Update the recent entry to also mention the avoidance
of incorrectly unlinking a multi-hardlinked "source" file when
presented with source and dest that only differ in case.
* src/copy.c (same_file_ok): Mention the case issue with same_name().
* tests/mv/hardlink-case.sh: Test the issue on HFS+.
* tests/local.mk: Reference the new test case.
* tests/mv/vfat: Remove an old related but unused test case.
|
|
file_t is now mapped to unlabeled_t as per:
http://danwalsh.livejournal.com/68189.html
Therefore use the latter to ensure we match correctly.
This is needed on >= Fedora 21 for example,
while it also works on earlier releases.
|
|
We may run into a race condition if we treat hard links to the same file
as distinct files. If we do 'mv a b' and 'mv b a' in parallel, both a
and b can disappear from the file system. The reason is that in this
case the unlink on src is called and the system calls can end up being
run in the order where unlink(a) and unlink(b) are the last two system
calls. Therefore exit with an error code so that we avoid the potential
data loss.
* src/copy.c (same_file_ok): Don't set unlink_src that was used by mv,
and return false for two hardlinks to a file in move_mode.
*src/copy.c (copy_internal): No longer honor the unlink_src option,
used only by mv.
NEWS: Mention the change in behavior.
* tests/cp/same-file.sh: Augment to cover the `cp -a hlsl1 sl1` case.
* tests/mv/hard-verbose.sh: Remove no longer needed test.
* tests/local.mk: Remove the reference to hard-verbose.sh.
* tests/mv/hard-4.sh: Adjust so we fail in this case.
* tests/mv/i-4.sh: Likewise.
* tests/mv/symlink-onto-hardlink-to-self.sh: Likewise.
|
|
* tests/tail-2/F-vs-missing.sh: Comment with the correct total delay.
* tests/tail-2/F-vs-rename.shi: Likewise.
* tests/tail-2/flush-initial.sh: Likewise.
* tests/tail-2/inotify-hash-abuse.sh: Likewise.
* tests/tail-2/pipe-f2.sh: Likewise.
* tests/misc/chroot-fail.sh: Initialize can_chroot_root in all cases.
|
|
* tests/tail-2/inotify-rotate.sh: Use retry_delay_
to employ an exponential backoff with a total delay of
up to 25.5s. The 15s delay was seen to trigger a false
failure in http://hydra.nixos.org/build/16546517
Also remove the .1s sleep in each of the 50 iterations
to reduce the running time of the test and thus the
expensive_ tag on this test was removed.
Also ensure that we use the standard exit procedure
upon failure to avoid any erroneous diagnostics due
to persistent files on NFS.
|
|
* tests/du/move-dir-while-traversing.sh: Catch failure of retry_delay_
when waiting for the watcher to get ready.
|
|
* tests/d_type-check: The hardcoded name doesn't hold true for all
Linux/glibc platforms, let alone Linux/non-glibc.
Use ctypes.util.find_library() instead to search for the library.
|
|
At least the MHz number in /proc/cpuinfo may change, thus leading to
a false positive failure when comparing the expected against the
actual output file. Use an invariant file instead: /proc/version.
* tests/misc/head-c.sh: s/cpuinfo/version/
|
|
* cp/proc-zero-len.sh: Search the 'err' file
for the error to ignore, not stdin.
|
|
* src/chroot.c (is_root): Adjust to compare canonicalized paths
rather than inodes, to handle (return false in) the case where
we have a tree that is constructed by first bind mounting "/"
(thus having the same inode).
(main): Unconditionally call chroot() because it's safer
and of minimal performance benefit to avoid in this case.
This will cause inconsistency with some platforms
not allowing `chroot / true` for non root users.
* tests/misc/chroot-fail.sh: Adjust appropriately.
* NEWS: Mention the bug fixes.
Fixes http://bugs.gnu.org/18736
|
|
Previously cp would not detect runs of NULs that were
smaller than the buffer size used for I/O (currently 128KiB).
* src/copy.c (copy_reg): Use an independent hole_size, set to
st_blksize, to increase the chances of detecting a representable hole,
in a run of NULs read from the input.
(create_hole): A new function refactored from sparse_copy() and
extent_copy() so we have a single place to handle holes.
(sparse_copy): Adjust to loop over the larger input buffer
in chunks of the passed hole size. Also adjust to only call
lseek once per hole, rather than at least once per input buffer.
* tests/cp/sparse.sh: Add test cases for various sparse chunk sizes.
* NEWS: Mention the improvement.
|
|
* tests/split/b-chunk.sh: Skip each file that does not exist.
Some systems lack /proc/version or /sys/kernel/profiling
|
|
* tests/misc/od-j.sh: Non standard comparison order.
* tests/split/b-chunk.sh: Confusing input file name.
* tests/tail-2/tail-c.sh: Redundant require ulimit.
|
|
Fix similar problems in head, od, split, tac, and tail.
Reported by George Shuklin in: http://bugs.gnu.org/18621
* NEWS: Document this.
* src/head.c (elseek): Move up.
(elide_tail_bytes_pipe, elide_tail_lines_pipe): New arg
CURRENT_POS. All uses changed.
(elide_tail_bytes_file, elide_tail_lines_file):
New arg ST and remove arg SIZE. All uses changed.
* src/head.c (elide_tail_bytes_file):
* src/od.c (skip): Avoid optimization for /sys files, where
st_size is bogus and st_size == st_blksize.
Don't report error at EOF when not optimizing.
* src/head.c, src/od.c, src/tail.c: Include "stat-size.h".
* src/split.c (input_file_size): New function.
(bytes_split, lines_chunk_split, bytes_chunk_extract): New arg
INITIAL_READ. All uses changed. Use it to double-check st_size.
* src/tac.c (tac_seekable): New arg FILE_POS. All uses changed.
(copy_to_temp): Return size of temp file. All uses changed.
* src/tac.c (tac_seekable):
* src/tail.c (tail_bytes):
* src/wc.c (wc):
Don't trust st_size; double-check by reading.
* src/wc.c (wc): New arg CURRENT_POS. All uses changed.
* tests/local.mk (all_tests): Add tests/misc/wc-proc.sh,
tests/misc/od-j.sh, tests/tail-2/tail-c.sh.
* tests/misc/head-c.sh:
* tests/misc/tac-2-nonseekable.sh:
* tests/split/b-chunk.sh:
Add tests for problems with /proc and /sys files.
* tests/misc/od-j.sh, tests/misc/wc-proc.sh, tests/tail-2/tail-c.sh:
New files.
|
|
* src/dd.c: Report the transfer progress every second when the
new status=progress level is used. Adjust the handling and
description of the status= option so that they're treated as
mutually exclusive levels, rather than flags with implicit precedence.
* doc/coreutils.texi (dd invocation): Document the new progress
status level. Reference the new level in the description of SIGUSR1.
* tests/dd/stats.sh: Add new test for status=progress.
* tests/dd/misc.sh: Change so status=none only takes precedence
if it's the last level specified.
* NEWS: Mention the feature.
|
|
* src/dd.c (ifd_reopen): A new wrapper to ensure we
don't exit upon receiving a SIGUSR1 in a blocking open()
on a fifo for example.
(iftruncate): Likewise for ftruncate().
(iread): Process signals also after a short read.
(install_signal_handlers): Install SIGINFO/SIGUSR1 handler
even if set to SIG_IGN, as this is what the parent can easily
set from a shell script that can send SIGUSR1 without the
possiblity of inadvertently killing the dd process.
* doc/coreutils.texi (dd invocation): Improve the example to
show robust usage wrt signal races and short reads.
* tests/dd/stats.sh: A new test for various signal races.
* tests/local.mk: Reference the new test.
* NEWS: Mention the fix.
|
|
Problem reported by Göran Uddeborg in: http://bugs.gnu.org/18540
* tests/misc/sort.pl: New test 23.
|
|
Following on from commit v5.92-729-g130dd06, also avoid
the erroneous directory hardlink warning with -H.
* src/copy.c (copy_internal): Also handle the -H case
for command line arguments.
* tests/cp/duplicate-sources.sh: Augment the test case.
* NEWS: Augment the news entry.
|
|
* src/copy.c (copy_internal): Handle the case where we have the
same destination directory as already encountered, which can only
be due to the corresponding source directory being specified multiple
times.
* tests/cp/duplicate-sources.sh: Add a test for the new multiply
specified directory case, and the existing multiply specified file case.
* tests/local.mk: Reference the new test.
* NEWS: Mention the bug fix.
|
|
On XFS, when creating the ~2G test file 'big' in a for-loop by
appending 20M each time, the file ends up using ~4G - visible in
'st_blocks'. The unused space would be reclaimed later.
This feature is called "speculative preallocation" which aims at
avoiding fragmentation.
According to the XFS FAQ [1], there are two particular aspects of
XFS speculative preallocation that are triggering this:
1. "Applications that repeatedly trigger preallocation and reclaim
cycles [after file close] can cause fragmentation.
Therefore, this pattern is detected and causes the preallocation
to persist beyond the lifecycle of the file descriptor."
2. "Preallocation sizes grow as files grow larger."
[1] http://xfs.org/index.php/XFS_FAQ
Avoid one of the above by only doing a single close (reclaim cycle).
* tests/du/2g.sh: Similar to the fix for a dd test (see commit
v8.22-65-g7c03fe2), avoid speculative preallocation by creating
the 'big' file in one go instead of appending to it in the loop.
Remove debugging statements as the output with 'set -x' is
sufficient nowadays.
|
|
Problem reported by Vincent Lefevre in: http://bugs.gnu.org/18449
* src/cat.c (main): Allow copying an empty file to itself.
* tests/misc/cat-self.sh: New test.
* tests/local.mk (all_tests): Add it.
|
|
Reported by Andreas Schwab in: http://bugs.gnu.org/18057
* tests/tail-2/inotify-race.sh (break_src):
Use abs_top_srcdir, not abs_top_builddir.
|
|
Since commit v8.22-94-g99960ee, chroot(1) skips the chroot(2) syscall
for "/" arguments (and synonyms). The problem is that it also skips
the following chdir("/") call in that case. The latter breaks existing
scripts which expect "/" to be the working directory inside the chroot.
While the first part of the change - i.e., skipping chroot("/") - is
okay for consistency with systems where it might succeed for a non-root
user, the second part might be malicious, e.g.
cd /home/user && chroot '/' bin/foo
In the "best" case, chroot(1) could not execute 'bin/foo' with ENOENT,
but in the worst case, chroot(1) would execute '/home/user/bin/foo' in
the case that exists - instead of '/bin/foo'.
Revert that second part of the patch, i.e., perform the chdir("/)
in the common case again - unless the new --skip-chdir option is
specified. Restrict this new option to the case of "/" arguments.
* src/chroot.c (SKIP_CHDIR): Add enum.
(long_opts): Add entry for the new --skip-chdir option.
(usage): Add --skip-chdir option, and while at it, move the other
to options into alphabetical order.
(main): Accept the above new option, allowing it only in the case
when NEWROOT is the old "/".
Move down the chdir() call after the if-clause to ensure it is
run in any case - unless --skip-chdir is specified.
Add a 'newroot' variable for the new root directory as it is used
in a couple of places now.
* tests/misc/chroot-fail.sh: Invert the last tests which check the
working directory of the execvp()ed program when a "/"-like
argument was passed: now expect it to be "/" - unless --skip-chdir
is given.
* doc/coreutils.texi (chroot invocation): Document the new option.
Document that chroot(1) usually calls chdir("/") unless the new
--skip-chdir option is specified. Sort options.
* NEWS (Changes in behavior): Mention the fix.
(New features): Mention the new option.
* init.cfg (nonroot_has_perm_): Add chroot's new --skip-chdir option.
* tests/cp/preserve-gid.sh (t1): Likewise.
* tests/cp/special-bits.sh: Likewise.
* tests/id/setgid.sh: Likewise.
* tests/misc/truncate-owned-by-other.sh: Likewise.
* tests/mv/sticky-to-xpart.sh: Likewise.
* tests/rm/fail-2eperm.sh: Likewise.
* tests/rm/no-give-up.sh: Likewise.
* tests/touch/now-owned-by-other.sh: Likewise.
Reported by Andreas Schwab in http://bugs.gnu.org/18062
|
|
* tests/misc/env.sh: Skip if we can't execute the generated shebang,
which would be the case if there are spaces in the directory hierarchy.
This is triggered by `make distcheck`
|