statx: fallback to lstat if ENOSYS is returned in errno.

spevans · spevans · commit c223d3c14bdb · 2019-10-20T12:35:16.000+01:00
- Security mechanisms used in Linux VMs, eg libseccomp and
  Docker's security policy may block certain system calls if they
  are new and unknown to the library and ENOSYS may be returned
  instead of EPERM.

- Update the use of statx() to disable future calls and fallback to
  lstat() if ENOSYS is returned.
diff --git a/Foundation/FileManager+POSIX.swift b/Foundation/FileManager+POSIX.swift
@@ -915,10 +915,14 @@ extension FileManager {
                 let statxErrno = _stat_with_btime(fsRep, &statInfo, &btime)
                 guard statxErrno == 0 else {
                     switch statxErrno {
-                    case EPERM:
-                      return try _statxFallback(atPath: path, withFileSystemRepresentation: fsRep)
+                    case EPERM, ENOSYS:
+                        // statx() may be blocked by a security mechanism (eg libseccomp or Docker) even if the kernel verison is new enough. EPERM or ENONSYS may be reported.
+                        // Dont try to use it in future and fallthough to a normal lstat() call.
+                        supportsStatx = false
+                        return try _statxFallback(atPath: path, withFileSystemRepresentation: fsRep)
+
                     default:
-                      throw _NSErrorWithErrno(statxErrno, reading: true, path: path)
+                        throw _NSErrorWithErrno(statxErrno, reading: true, path: path)
                     }
                 }
 
