1 |
Files being installed by Portage are generally trusted but also the |
2 |
syscalls allowed by file are quite broad anyway. |
3 |
|
4 |
With e.g. new libc or sandbox version (or any number of things...), the |
5 |
syscalls used by file can change which leads to its seccomp filter killing |
6 |
the process. This is an acceptable tradeoff when users are calling file(1), |
7 |
but it makes less sense with trusted input within Portage, especially |
8 |
where it may lead to confusing errors (swallowed within pipes, subshells, |
9 |
etc). |
10 |
|
11 |
Indeed, it might even be the case that file(1) is broken, but the user |
12 |
needs to complete a world upgrade to get a newer file/portage/???, but |
13 |
can't because of various ebuilds (like ones using this eclass) failing. |
14 |
|
15 |
Disable seccomp for these calls to keep working. |
16 |
|
17 |
Bug: https://bugs.gentoo.org/811462 |
18 |
Bug: https://bugs.gentoo.org/815877 |
19 |
Bug: https://bugs.gentoo.org/889046 |
20 |
Signed-off-by: Sam James <sam@g.o> |
21 |
--- |
22 |
eclass/mono.eclass | 4 ++-- |
23 |
1 file changed, 2 insertions(+), 2 deletions(-) |
24 |
|
25 |
diff --git a/eclass/mono.eclass b/eclass/mono.eclass |
26 |
index ddea2d4b9c641..c096acc8c40ee 100644 |
27 |
--- a/eclass/mono.eclass |
28 |
+++ b/eclass/mono.eclass |
29 |
@@ -1,4 +1,4 @@ |
30 |
-# Copyright 1999-2022 Gentoo Authors |
31 |
+# Copyright 1999-2023 Gentoo Authors |
32 |
# Distributed under the terms of the GNU General Public License v2 |
33 |
|
34 |
# @ECLASS: mono.eclass |
35 |
@@ -76,7 +76,7 @@ mono_multilib_comply() { |
36 |
then |
37 |
for exe in "${ED}/usr/bin"/* |
38 |
do |
39 |
- if [[ "$(file "${exe}")" == *"shell script text"* ]] |
40 |
+ if [[ "$(file -S "${exe}")" == *"shell script text"* ]] |
41 |
then |
42 |
sed -r -i -e ":/lib(/|$): s:/lib(/|$):/$(get_libdir)\1:" \ |
43 |
"${exe}" || die "Sedding some sense into ${exe} failed" |
44 |
-- |
45 |
2.39.0 |