gnuilb was introduced to sandbox in: commit 105b7e047e98e8f9211a30133d0cc1cb97aef9b0 Author: Mike Frysinger <vapier@gentoo.org> Date: Sun Sep 20 03:03:30 2015 -0400 libsbutil: gnulib: import modules for canonicalize_filename_mode This lays the groundwork for fixing handling of broken symlinks. The gnulib code is hand imported because using the gnulib tool imports a ton of code we do not want. Only the bare minimum is imported so we can use the canonicalize_filename_mode function. This function is needed to canonicalize symlinks that are ultimately broken. The current sandbox/C library code only supports two modes: (1) dereference a single symlink (2) dereference *all* symlinks, but only if all links are valid For sandbox, we need to know the final path a symlink points to even if that path doesn't (yet) exist. Note: This commit doesn't actually fix the bug, just brings in the functions we need to do so. URL: https://bugs.gentoo.org/540828 Reported-by: Rick Farina <zerochaos@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Unfortunately, the gnulib modules in there haven't been updated since then (2015). I'd noticed this a while ago but it came up again when looking at bug 925031. Please sync with gnulib.
(In reply to Sam James from comment #0) > Please sync with gnulib. I should note: this is challenging because we're not using the gnulib machinery...