From 24e93e8911dcc34bdea3d58a8bc4d1acaa3fb152 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Jul 19 2021 22:58:49 +0000
Subject: ruby.rpmlintrc: Ignore a false positive missing-call-to-chdir-with-chroot error.


The `chroot` in the `dir.c` is just used as a Ruby binding `Dir.chroot`
for the function.

Ignore the following error.

```
ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
```

---

diff --git a/ruby.rpmlintrc b/ruby.rpmlintrc
index e39116f..1a67b89 100644
--- a/ruby.rpmlintrc
+++ b/ruby.rpmlintrc
@@ -39,3 +39,14 @@ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/
 addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
 # test-unit
 addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
+
+# The function `chroot` without using `chdir` is detected by rpmlint with the
+# following message. However it looks a false positive as the `chroot` in the
+# `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
+#
+# ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
+# This executable appears to call chroot without using chdir to change the
+# current directory. This is likely an error and permits an attacker to break
+# out of the chroot by using fchdir. While that's not always a security issue,
+# this has to be checked.
+addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')