file: Use -S option with -z

The file(1) manual suggests using -S (disable seccomp) with -z since the set of system calls provided by the seccomp policy does not allow the subprocess to run. This is obvious when you use file -z on a compressed file on a Linux distro that enables file's seccomp policy (Arch does this, Fedora does not): $ file -zbsL lib-i586.so.zst Bad system call I also fixed some incorrect text in the manual. Thanks: Toolybird for pointing to this fix Reported-by: David Runge Fixes: https://github.com/libguestfs/libguestfs/issues/100
2026-03-21 22:53:37 +00:00 · 2022-11-28 10:21:00 +00:00
parent e657e45b43
commit 23986d3c4f
3 changed files with 5 additions and 6 deletions
--- a/generator/actions_core.ml
+++ b/generator/actions_core.ml
@@ -2204,9 +2204,8 @@ the type or contents of the file.
 This call will also transparently look inside various types
 of compressed file.

-The exact command which runs is C<file -zb path>.  Note in
-particular that the filename is not prepended to the output
-(the I<-b> option).
+The filename is not prepended to the output
+(like the file command I<-b> option).

 The output depends on the output of the underlying L<file(1)>
 command and it can change in future in ways beyond our control.