Defer sidecar walks to the sysroot host fallback#118
Merged
Conversation
proc_resolve_sysroot_path_flags resolves an absolute guest path inside
the sysroot when it exists there and otherwise falls back to the
literal host path, so guests can reach host resources such as mktemp
directories or /etc/resolv.conf. On a case-insensitive sysroot the
sidecar case-folding walk vetoed that fallback: it anchored every
absolute path at the sysroot root and failed with ENOENT as soon as a
component was missing there, and when only the final component was
missing it still rewrote the path to ${sysroot}${path}, overriding the
resolver either way. Mutating syscalls hit the same wall through
sidecar_walk_parent_at, which hard-anchored the parent directory at
the sysroot.
This broke every file-touching coreutils invocation against a host
path in the test-matrix "musl dyn" suite (27 failures: cat/ls/stat/
cp/touch/... on the mktemp TEST_TMPDIR, plus env/nice/nohup/timeout
returning 127 because execve could not reach the host binary), since
dynamic binaries run under --sysroot and macOS mktemp lives in
/var/folders while the sysroot only contains /var.
Track whether the walk consulted an index mapping. A walk that leaves
the sysroot tree without one returns "no translation" so the
resolver's decision stands; beneath a mapped prefix the sysroot view
stays authoritative and missing suffixes surface as ENOENT against
the translated path. sidecar_walk_parent_at now reports a parent that
resolves outside the sysroot as a distinct verdict, and the mutation
entry points (openat, mkdirat, unlinkat, linkat, renameat) hand such
paths back as SIDECAR_NOT_HANDLED to the regular translation flow.
Add test-sysroot-host-fallback covering reads through missing
intermediates, creates/renames/mkdir/unlink on host paths, the
missing-final-component fallback, and sysroot-over-host precedence;
wire it into make check. Without the fix six of its seven cases fail
with ENOENT.
60f6165 to
1304c68
Compare
Contributor
|
Thank @Max042004 for contributing! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
On a case-insensitive sysroot (macOS default APFS, where the sidecar
case-folding layer is active), absolute guest paths that live outside the
sysroot became unreachable.
proc_resolve_sysroot_path_flagsdocuments thecontract: resolve inside the sysroot when the path exists there, otherwise
fall back to the literal host path so guests can still reach host resources
such as mktemp directories or
/etc/resolv.conf. The sidecar walk vetoedthat fallback in two ways:
sidecar_translate_lookup_atanchored every absolute path at the sysrootroot and returned ENOENT as soon as an intermediate component was missing
there; when only the final component was missing it still rewrote the path
to
${sysroot}${path}. Either way the resolver's host-literal decision wasoverridden.
openatwithO_CREAT,mkdirat,unlinkat,linkat,renameat) hit the same wall throughsidecar_walk_parent_at,which hard-anchored the parent directory at the sysroot.
Symptom
All 27 failures in the test-matrix "musl dyn" coreutils suite on the
self-hosted runtime job (PR #91) and on any local run where the fixtures
live on a case-insensitive volume:
Dynamic binaries run under
--sysroot; macOSmktemp -dlives in/var/folders/...and the sysroot only contains/var, so the walkdescended into
${sysroot}/var, failed atfolders, and turned thedocumented fallback into ENOENT. Static coreutils run without
--sysrootand passed, which is why only the dynamic suite failed.
Fix
Track whether the walk consulted an index mapping:
"no translation" (0), so the resolver's fallback decision stands.
suffixes append literally and surface as ENOENT against the translated
path (no index can exist under a missing directory).
sysroot, restoring the fallback for paths like
/etc/resolv.confwhoseparent exists in the sysroot but whose leaf does not.
sidecar_walk_parent_atnow reports a parent that resolves outside thesysroot as a distinct verdict, and all mutation entry points hand such paths
back as
SIDECAR_NOT_HANDLEDto the regular translation flow.Validation
tests/test-matrix.sh elfuse-aarch64: 168 passed, 0 failed (was141/27); the remaining 4 skips are missing optional fixtures
(base32/b2sum/numfmt applets, glibc dyn suite), unrelated to this bug.
test-sysroot-host-fallback(wired intomake check): 7 cases covering reads through missing intermediates,create/write/unlink, mkdir/rmdir, rename on host paths, the
missing-final-component fallback, and sysroot-over-host precedence.
Without the fix six of the seven cases fail with ENOENT.
make check: all green (104 driver tests + host unit tests, 0 failed).test-case-collisionandtest-case-collision-fallback(12/12 both):the sidecar's collision compensation is unaffected.
Summary by cubic
Defers sidecar path walks to the resolver’s host-literal fallback on case-insensitive sysroots so absolute guest paths outside the sysroot remain reachable. Restores access to host resources (e.g., mktemp dirs,
/etc/resolv.conf) and fixes the “musl dyn” coreutils failures.sidecar_walk_parent_atreports parents outside the sysroot; mutation syscalls (openat,mkdirat,unlinkat,linkat,renameat) returnSIDECAR_NOT_HANDLEDfor the regular resolver.test-sysroot-host-fallbackand wires it intomake check; matrix now 168 passed, 0 failed (was 141/27).Written for commit 1304c68. Summary will update on new commits.