gnuilb was introduced to sandbox in: commit 105b7e047e98e8f9211a30133d0cc1cb97aef9b0 Author: Mike Frysinger <vapier@gentoo.org> Date: Sun Sep 20 03:03:30 2015 -0400 libsbutil: gnulib: import modules for canonicalize_filename_mode This lays the groundwork for fixing handling of broken symlinks. The gnulib code is hand imported because using the gnulib tool imports a ton of code we do not want. Only the bare minimum is imported so we can use the canonicalize_filename_mode function. This function is needed to canonicalize symlinks that are ultimately broken. The current sandbox/C library code only supports two modes: (1) dereference a single symlink (2) dereference *all* symlinks, but only if all links are valid For sandbox, we need to know the final path a symlink points to even if that path doesn't (yet) exist. Note: This commit doesn't actually fix the bug, just brings in the functions we need to do so. URL: https://bugs.gentoo.org/540828 Reported-by: Rick Farina <zerochaos@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Unfortunately, the gnulib modules in there haven't been updated since then (2015). I'd noticed this a while ago but it came up again when looking at bug 925031. Please sync with gnulib.
(In reply to Sam James from comment #0) > Please sync with gnulib. I should note: this is challenging because we're not using the gnulib machinery...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=266b8c563c13dff8b12496178eda0043bc90466d commit 266b8c563c13dff8b12496178eda0043bc90466d Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2025-01-19 21:15:50 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2025-01-21 19:57:29 +0000 libsbutil: update gnulib code Bug: https://bugs.gentoo.org/925032 Signed-off-by: Mike Gilbert <floppym@gentoo.org> configure.ac | 3 +- headers.h | 2 + libsbutil/gnulib/areadlink-with-size.c | 104 --- libsbutil/gnulib/areadlink.h | 33 - libsbutil/gnulib/attribute.h | 320 +++++++++ libsbutil/gnulib/bitrotate.c | 18 + libsbutil/gnulib/bitrotate.h | 46 +- libsbutil/gnulib/canonicalize.c | 430 ++++++++----- libsbutil/gnulib/canonicalize.h | 25 +- libsbutil/gnulib/careadlinkat.h | 67 -- libsbutil/gnulib/cdefs.h | 715 +++++++++++++++++++++ libsbutil/gnulib/dosname.h | 53 -- libsbutil/gnulib/file-set.c | 8 +- libsbutil/gnulib/file-set.h | 33 +- libsbutil/gnulib/filename.h | 112 ++++ libsbutil/gnulib/gl-inline.h | 40 +- libsbutil/gnulib/glue.h | 63 ++ libsbutil/gnulib/hash-pjw.c | 20 +- libsbutil/gnulib/hash-pjw.h | 33 +- .../gnulib/{hash-triple.c => hash-triple-simple.c} | 19 +- libsbutil/gnulib/hash-triple.h | 44 +- libsbutil/gnulib/hash.c | 179 ++---- libsbutil/gnulib/hash.h | 294 +++++++-- libsbutil/gnulib/idx.h | 144 +++++ libsbutil/gnulib/intprops-internal.h | 400 ++++++++++++ libsbutil/gnulib/intprops.h | 335 ++++++++++ libsbutil/gnulib/libc-config.h | 209 ++++++ libsbutil/gnulib/malloc/scratch_buffer.gl.h | 133 ++++ libsbutil/gnulib/malloc/scratch_buffer_grow.c | 56 ++ .../gnulib/malloc/scratch_buffer_grow_preserve.c | 67 ++ libsbutil/gnulib/pathmax.h | 83 --- libsbutil/gnulib/rawmemchr.c | 135 ++++ libsbutil/gnulib/same-inode.h | 104 ++- libsbutil/gnulib/scratch_buffer.h | 117 ++++ libsbutil/gnulib/xalloc-oversized.h | 79 ++- libsbutil/gnulib/xalloc.h | 4 +- libsbutil/gnulib/xgetcwd.h | 17 - libsbutil/local.mk | 55 +- 38 files changed, 3734 insertions(+), 865 deletions(-)
This series drops the use of gnulib: ``` $ git shortlog 33c21848e7b54232982a233663463bc670ad9617..HEAD | tee Mike Gilbert (17): localdecls.h: update HAVE_DLVSYM check libsbutil: avoid unnecessary use of libtool libsbutil: update gnulib code libsbutil: intercept getcwd() calls in gnulib Reorder arguments in before_syscall() Add overflow checking in malloc, cmalloc Use mremap in realloc Rework path manipulation code Skip access checks when opening a directory for writing Drop open prechecks Simplify utime wrappers Improve SANDBOX_TESTING overrides malloc: round size up to the nearest page Optimize prefix loading Remove extraneous backslash from grep expression Skip access checks for open(O_PATH) v2.44 ```
