With file system check and our subdirectory multisite configuration, the check keeps running until it runs out of memory (even if we give it >1G of RAM). For our multisite config to work we must have symlinks in the root directory for the multisite's site name. The symlink points to the root directory itself. So something like:
drupal_root/sites/my.domain.mysite
drupal_root/mysite -> drupal_root
This creates an infinite loop which apparently the file system check in security_review isn't smart enough to detect. I don't know if it's a matter of not following symlinks or just not looping through the same directory structure more than once, but one or the other should be possible.
If we remove the multisite symlink, the security_review module runs fine (of course then our multisite configuration no longer works). With the multisite config (using the symlinks) we can't run the file system check of security_review. It runs fine if we skip that one check though.
The subdirectory multisite configuration we use is documented here: http://drupal.org/documentation/install/multi-site#symlink
| Comment | File | Size | Author |
|---|---|---|---|
| #8 | 1946106-security-review.patch | 2.8 KB | coltrane |
| #7 | 1946106-security-review.patch | 3.46 KB | coltrane |
| #6 | 1946106-security-review.patch | 1.92 KB | coltrane |
| #4 | 1946106-security-review.patch | 1.92 KB | coltrane |
Comments
Comment #0.0
ksclarke commentedclarified what the dot mean in my example
Comment #1
coltraneThe short answer here is to ignore this check so that it won't run and the rest of the checklist will continue.
Security Review should attempt to detect this case or else if there's too many directories in the scan it should halt.
Comment #2
coltraneChanging to a feature request to support this.
Comment #3
coltrane@ksclarke note that 7.x-1.x-dev (and soon new stable release) supports ignoring specific directories via a hook_security_review_file_ignore_alter() implementation. So you could explicitly ignore the 'mysite' directory from being scanned.
I'm investigating how it could (and if it should) not follow symlink paths.
Comment #4
coltraneTry this out.
Comment #6
coltraneTrying again against 7.x-1.x branch
Comment #7
coltraneA bit cleaner.
Comment #8
coltraneThis time without changes to IGNOREME.txt
Comment #9
coltraneCommitted to 7.x-1.x http://drupalcode.org/project/security_review.git/commit/3fbfde3
Comment #9.0
coltraneTried to clarify descriptive text
Comment #11
smustgrave commentedAs Drupal6 has been EOL https://www.drupal.org/about/drupal6-eol closing as outdated