-
-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
glob expansion should ignore files that cannot be stat()'ed #1674
Comments
I've got a tentative fix for the glob expansion problem involving files that are protected by macOS SIP. With my change I can execute With my fix this now works: ~> put /var/db/*
▶ /var/db/Accessibility
▶ /var/db/BootCache.data
▶ /var/db/BootCaches
▶ /var/db/CVMS
▶ /var/db/ConfigurationProfiles
▶ /var/db/CoreDuet
▶ /var/db/DiagnosticPipeline
▶ /var/db/DiagnosticsReporter
▶ /var/db/DifferentialPrivacy
▶ /var/db/DuetActivityScheduler
...
▶ /var/db/vmware
▶ /var/db/volinfo.database |
I'll also note that by "pretty big change" I do not mean the number of lines changed by my fix. That is actually quite small. It's a big change in the sense that glob expansion now ignores EPERM errors (on Unix) from |
On Windows TBD is how to augment the existing glob unit tests to verify the new handling of a "permission denied" error returned by |
I'm glad I slept on my solution and tried to find ways to break it. I expected So fixing this is going to be slightly more complicated than I had expected. |
Specifically, ignore EPERM errors returned by os.Lstat() since a) that is not documented as a valid error on any system I currently have access to (which includes macOS, Linux, and FreeBSD), and b) on macOS EPERM is only returned due to security restrictions on gathering information about the path and which should otherwise not short-circuit glob expansion by treating it as a fatal error. We only care about EPERM if there is explicit filtering of the glob expansion; e.g., `put **[type:regular]`. Otherwise we should include the path name in the results and not prematurely terminate inclusion of glob matches. Fixes elves#1674
While working on the fix for issue elves#1674 I noticed that most, but not all, uses of testutil.Set() explicitly modified a pointer to a function being mocked. However, there are a few cases that use a different pattern. This changes those cases so future readers of the code aren't wondering why there are two patterns for using testutil.Set(). As a bonus this allows removing one source file that exists only to enable the alternative pattern being eliminated. This change also includes a few renaming changes that aren't strictly speaking necessary (e.g., `osExit` => `OSExit`) but are included for consistency with similar cases.
@hanche noticed that
stat /var/db/DifferentialPrivacy
fails with error "operation not permitted". This is because of a macOS security mechanism known as SIP. This causes Elvish glob expansion to short-circuit when it is unable to stat() the file:~> cd /var/db > put * ▶ Accessibility ▶ BootCache.data ▶ BootCache.playlist ▶ BootCaches ▶ CVMS ▶ ConfigurationProfiles ▶ CoreDuet ▶ DetachedSignatures ▶ DiagnosticPipeline
This is related to issue #1240 that I fixed almost a year ago. It didn't occur to me at the time that there could be scenarios, short of a broken filesystem, that stat() could fail. The simplest solution is to silently ignore any file that cannot be stat()'ed. However, in the context of a simple glob expansion we should still be able to include the problematic path name in the generated output.
The text was updated successfully, but these errors were encountered: