file: Use -S option with -z

The file(1) manual suggests using -S (disable seccomp) with -z since the set of system calls provided by the seccomp policy does not allow the subprocess to run. This is obvious when you use file -z on a compressed file on a Linux distro that enables file's seccomp policy (Arch does this, Fedora does not): $ file -zbsL lib-i586.so.zst Bad system call I also fixed some incorrect text in the manual. Thanks: Toolybird for pointing to this fix Reported-by: David Runge Fixes: https://github.com/libguestfs/libguestfs/issues/100
2026-03-21 22:53:37 +00:00 · 2022-11-28 10:21:00 +00:00
parent e657e45b43
commit 23986d3c4f
3 changed files with 5 additions and 6 deletions
--- a/daemon/filearch.ml
+++ b/daemon/filearch.ml
@@ -128,7 +128,7 @@ and cpio_arch magic orig_path path =
        | bin :: bins ->
           let bin_path = tmpdir // bin in
           if is_regular_file bin_path then (
-             let out = command "file" ["-zb"; bin_path] in
+             let out = command "file" ["-zSb"; bin_path] in
             file_architecture_of_magic out orig_path bin_path
           )
           else