Hello, I have /var/cache as a symlink (to some other filesystem). This breaks revdep-rebuild for some reason: # revdep-rebuild -pv * Configuring search environment for revdep-rebuild * Working directory expected to be /var/cache/revdep-rebuild, but it is /mnt/evms/xxx/003/varia/var/cache/revdep-rebuild Could we do something to remove the check or make it less strict? _Everything_ else just works with this setup and it's not insane to move /var/cache from root filesystem. Reproducible: Always Steps to Reproduce: # eix gentoolkit [I] app-portage/gentoolkit Available versions: 0.2.3-r1 ~*0.2.4_pre8 ~0.2.4 ~0.2.4.1 0.2.4.2 0.2.4.2-r1 {userland_GNU} Installed versions: 0.2.4.2-r1(22:06:01 02/05/09)(userland_GNU) Homepage: http://www.gentoo.org/proj/en/portage/tools/index.xml Description: Collection of administration scripts for Gentoo
Could you not loopmount the directory instead of using a symlink?
(In reply to comment #1) > Could you not loopmount the directory instead of using a symlink? You mean bind-mount? I don't remember why now but for some reason I couldn't or didn't want to. But still that check looks way too much restrictive, no? Why should hammer decide what nails I am allowed to use it with??
The reason the check is restrictive is when you use symlimks your system is vulnerable to a symlink attack. See Bug #203414
Security, The reporter of this bug feels that the symlink checks in revdep-rebuild are too strict. Since the current code originated out of the discussions on bug #203414, can someone on the security team comment on if the current behavior should or should not be changed.
Let's resume discussion on bug #203414.
Reopening based on Bug 203414, Comment #35
Patch submitted in bug 203414 -- can we close this one and track the discussion over there?
*** Bug 427968 has been marked as a duplicate of this bug. ***
*** Bug 408357 has been marked as a duplicate of this bug. ***