From a78aa33d5662ed9a2652e2c1b918416f4c290c58 Mon Sep 17 00:00:00 2001 From: "R. Boujbel" Date: Fri, 17 Dec 2021 15:55:09 +0100 Subject: [PATCH] Merge pull request #4971 from kit-ty-kate/cmd-not-found Print user-friendly error messages when a command is not found, before calling the sandbox --- master_changes.md | 4 ++++ src/state/shellscripts/bwrap.sh | 5 +++++ src/state/shellscripts/sandbox_exec.sh | 5 +++++ 3 files changed, 14 insertions(+) diff --git a/master_changes.md b/master_changes.md index c68d0b6a970..2d6f9ca24e7 100644 --- a/master_changes.md +++ b/master_changes.md @@ -81,6 +81,10 @@ New option/command/subcommand are prefixed with ◈. ## Sandbox * + * Sync the behaviour of the macOS sandbox script with Linux's: /tmp is now ready-only [#4719 @kit-ty-kate] + * Always mount every directories under / on Linux [#4795 @kit-ty-kate] + * Get rid of OPAM_USER_PATH_RO (never used on macOS and no longer needed on Linux) [#4795 @kit-ty-kate] + * Print error message if command doesn't exist [#4971 @kit-ty-kat - fix #4112] ## Repository management * diff --git a/src/state/shellscripts/bwrap.sh b/src/state/shellscripts/bwrap.sh index 9b8044f7285..483d307d46c 100644 --- a/src/state/shellscripts/bwrap.sh +++ b/src/state/shellscripts/bwrap.sh @@ -121,6 +121,11 @@ case "$COMMAND" in exit 2 esac +if ! command -v "$1" >/dev/null; then + echo "[ERROR] Command not found: $1" >&2 + exit 10 +fi + # Note: we assume $1 can be trusted, see https://github.com/projectatomic/bubblewrap/issues/259 # As of now we are compatible up to 0.1.8, '--' can be added here when we require >= 0.3.0 exec bwrap "${ARGS[@]}" "$@" diff --git a/src/state/shellscripts/sandbox_exec.sh b/src/state/shellscripts/sandbox_exec.sh index 370bb58167a..16c2ae5580d 100644 --- a/src/state/shellscripts/sandbox_exec.sh +++ b/src/state/shellscripts/sandbox_exec.sh @@ -89,4 +89,9 @@ case "$COMMAND" in exit 2 esac +if ! command -v "$1" >/dev/null; then + echo "[ERROR] Command not found: $1" >&2 + exit 10 +fi + exec sandbox-exec -p "$POL" "$@"