We received a bug report about broken symlinks being generated from a cpio archive unpacked using the "dracut-initramfs-restore" utility.
https://bugs.gentoo.org/700020 https://github.com/dracutdevs/dracut/blob/ff2043fb4244b0ba740724921e9667aad19f262a/dracut-initramfs-restore.sh#L28 This shell script unpacks an initramfs image to /run/initramfs to be used when shutting down a Linux system. If the initramfs image contains any symlinks that refer to a parent directory (..), cpio --no-absolute-filenames strips the leading ".." and generates a symlink that points to the wrong place. For example, say we have the following structure in a cpio archive: ./bin/systemctl (regular file) ./sbin/reboot -> ../bin/systemctl (symlink) cpio-2.12 extracts this correctly. With cpio-2.13, we end up with this: ./bin/systemctl ./sbin/reboot -> bin/systemctl (broken symlink) As well, with cpio-2.13, the following message is output: "Removing leading `../' from hard link targets" We think this may be an unintended consequence of a patch that was applied to address CVE-2015-1197. Was this change in behavior for relative symlinks intended, or is this a bug? -- Mike Gilbert
