ruby.rpmlintrc: Ignore a false positive missing-call-to-chdir-with-chroot error.

The `chroot` in the `dir.c` is just used as a Ruby binding `Dir.chroot` for the function. Ignore the following error. ``` ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1 ```
2021-04-28 20:53:04 +02:00 · 2021-04-28 20:53:04 +02:00 · 882d68b75c
commit 882d68b75c
parent 26bc979446
1 changed files with 11 additions and 0 deletions
--- a/ruby.rpmlintrc
+++ b/ruby.rpmlintrc
@ -39,3 +39,14 @@ addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/
 addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
 # test-unit
 addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
+
+# The function `chroot` without using `chdir` is detected by rpmlint with the
+# following message. However it looks a false positive as the `chroot` in the
+# `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
+#
+# ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
+# This executable appears to call chroot without using chdir to change the
+# current directory. This is likely an error and permits an attacker to break
+# out of the chroot by using fchdir. While that's not always a security issue,
+# this has to be checked.
+addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')