The child that is about to exec*() the user shell is supposed to pam_end()
with PAM_DATA_SILENT. This gives the modules a last chance to do a minor
cleanup of the module state before the user's shell is launched.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Masatake YAMATO [Sat, 27 Nov 2021 00:39:42 +0000 (09:39 +0900)]
tests: (lsfd) make DGRAM socketpair to mitigate the change of protoname
The protoname for a socket can be get from its xattr slot of
/proc/$PID/fd/$FD.
The protoname for (AF_UNIX, SOCK_STREAM) sockets was changed
from "UNIX" to "UNIX-STREAM" in
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=94531cfcbe79c3598acf96806627b2137ca32eb9
As the result, the test case, mkfds-socketpair doesn't work well on a
newer kernel.
To mitigate the impact of the change in the kernel, use (AF_UNIX, SOCK_DGRAM)
for making a socket pair.
In the commit, the protoname of (AF_UNIX, SOCK_DGRAM) sockets was also
changed to "UNIX-DGRAM". However, it was renamed back to "UNIX" in
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edf0824e0dc359ed76bf96af986e6570ca2c0b9
Paul Sarena [Fri, 26 Nov 2021 23:34:02 +0000 (15:34 -0800)]
Escape ((…)) in AsciiDoc to fix broken example
In AsciiDoc, double parentheses are used to mark flow index terms, but in this document, their use is intended to be interpreted by the shell's arithmetic expansion. By escaping them with a backslash in the AsciiDoc, they pass through as-is to the manpage and other targets.
So, instead of a rendered result of `dd if=~/wipefs-sdb-0x00000438.bak of=/dev/sdb seek=$0x00000438 bs=1 conv=notrunc`, we get `dd if=~/wipefs-sdb-0x00000438.bak of=/dev/sdb seek=$((0x00000438)) bs=1 conv=notrunc`.
Seperately, when interpreted by a shell's arithmetic expansion, the 0x00000438 hex is converted to decimal 1080 `dd if=~/wipefs-sdb-0x00000438.bak of=/dev/sdb seek=1080 bs=1 conv=notrunc`
Alex Xu [Wed, 24 Nov 2021 20:34:10 +0000 (20:34 +0000)]
loopdev: accept ENOSYS for LOOP_CONFIGURE
qemu returns this if it doesn't understand the ioctl. according to ioctl(2) it should actually return EINVAL, but considering that it's been doing this for at least 20 years already, I doubt there's much appetite for change, considering that it has a slightly better error message if propagated back to the user and changing it to EINVAL may break other programs.
Karel Zak [Mon, 22 Nov 2021 12:18:54 +0000 (13:18 +0100)]
nsenter: add --wdns to change working directory
The current --wd=<dir> changes CWD to the path which is opened
*before* nsenter calls setns(). It may be useful if you want to use in
namespace something from your current namespace. In this case, the
option --wd works like a "tunnel" between namespaces.
For some other use-cases, this is useless and you want to be sure that
CWD always points to the target namespace. For this purpose this patch
implements --wdns <dir>.
Karel Zak [Fri, 19 Nov 2021 13:19:03 +0000 (14:19 +0100)]
libblkid: don't mark cache as "probed" if /sys not available
For "mount --all" we need to read the cache more than once in a short
time. The library checks the delay between probes, and if the delay is
too short, it does not read devices. This is a problem on boot when there
are no /sys, and the cache is empty. In this case, we need to check
for /sys until it's available constantly.
https://github.com/util-linux/util-linux/issues/1492 Signed-off-by: Karel Zak <kzak@redhat.com>
Masatake YAMATO [Thu, 18 Nov 2021 15:14:50 +0000 (00:14 +0900)]
lsfd: add --dump-counters option
User may wonder how the built-in counters are defined.
Describing their definitions in lsfd(1) is one of choice.
However, the definitions may drastically change in the future
development.
--dump-counters option is for making lsfd self descriptive.
Users who understand the filter expressions can understand
directly the meaning of the counters.
Karel Zak [Thu, 18 Nov 2021 13:31:38 +0000 (14:31 +0100)]
findmnt: make sure all entries are in tree output
For example /proc/self/mountinfo when mounted in chroot environment
does not contain all nodes and parent-child relation is not always
possible to create.
David Engraf [Thu, 18 Nov 2021 13:08:35 +0000 (14:08 +0100)]
Do not include sys/syscall.h if not available
Some platforms do not provide sys/syscall.h. The configure script already
checks for the existance of the file. Include sys/syscall.h only in case
HAVE_SYS_SYSCALL_H has been set.
Karel Zak [Thu, 18 Nov 2021 10:47:08 +0000 (11:47 +0100)]
libmount: (--all) continue although /proc is not mounted
Now 'mount --all' ends with error if /proc is not mounted and there is
some other entry before /proc in fstab. This commit improves this
situation and ignores all mount table related errors if the table is
empty.
This is important for situation when there is for example "/" as the
first line in fstab.
Addresses: https://github.com/util-linux/util-linux/issues/1492 Signed-off-by: Karel Zak <kzak@redhat.com>
Always set SIGCHLD handler to default, even if the caller of vipw has
set SIGCHLD to ignore. If SIGCHLD is ignored no zombie processes would
be created, which in turn could mean that kill is called with an already
recycled pid.
Also improved error message if child process fails.
Proof of Concept:
1. Compile nochld:
--
#include <signal.h>
#include <unistd.h>
int main(void) {
char *argv[] = { "vipw", NULL };
signal(SIGCHLD, SIG_IGN);
execvp("vipw", argv);
return 1;
}
--
2. Run nochld
3. Suspend child vi, which suspends vipw too:
`kill -STOP childpid`
4. Kill vi:
`kill -9 childpid`
5. You can see with ps that childpid is no zombie but disappeared
6. Bring vipw back into foreground
`fg`
7. See misleading warning message
You will get an improperly formatted warning message. Also the wake up
kill call sent SIGCONT to "childpid" which could have been assigned
to another process already.
This is definitely not a vulnerability. It would take super user
operations, at which point an attacker would have already elevated
permissions.
Karel Zak [Fri, 12 Nov 2021 14:18:22 +0000 (15:18 +0100)]
Merge branch 'nsenter-all-avoid-entering-nonexisting-ns' of https://github.com/Jongy/util-linux
* 'nsenter-all-avoid-entering-nonexisting-ns' of https://github.com/Jongy/util-linux:
nsenter: Do not try to enter nonexisting namespaces when --all is used
nsenter: Do not try to enter nonexisting namespaces when --all is used
This PR changes is_same_namespace() to is_usable_namespace(). If a namespace file
is missing for the running PID, then it is considered not usable and we do not try
to enter it.
zhenwei pi [Wed, 10 Nov 2021 03:16:42 +0000 (11:16 +0800)]
irqtop: add -c/--cpu-stat option
Since a23aecc1bf("irqtop: add per-cpu stats"), irqtop always shows
per-cpu stats. Test on a modern AMD server with 2 socket(256 CPU),
irqtop shows messy output with too many columns.
In this patch, add -c/--cpu-stat option to enable/disable per-cpu stats.
And 'auto' option auto-detect window size, only show per-cpu stats
if the length of per-cpu stats is shorter than the width of window.
[kzak@redhat.com: - shorten the commit message
- rename --cpu to --cpu-stat
- use scols_table_enable_nowrap() rather than trim in irqtop.c
- reduce --help for the new option]
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Mon, 8 Nov 2021 12:38:45 +0000 (13:38 +0100)]
libfdisk: enlarge partition by move start down
Now it's possible move start of the partition only when offset or
absolute value is specified. This commit implements resize to "use all
available free space before the current start".
We already support the same for end of the partition (resize to use all
free space after the partition).
To get it to work a secret named COVERITY_SCAN_TOKEN should
be added to the util-linux repository:
https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository
It has to match the util-linux project token, which
can be found at
https://scan.coverity.com/projects/karelzak-util-linux?tab=project_settings
Daan De Meyer [Sat, 30 Oct 2021 14:56:14 +0000 (15:56 +0100)]
login: Restore tty size after calling vhangup()
If login receives the tty to work on via stdin, stdout and stderr,
login might end up closing the remaining open file descriptors to
the tty just before it calls vhangup(). When the last open file
descriptors to a tty are closed, it's configured size is reset to
0x0. To avoid this from happening, save the size before closing
the stdin, stdout and stderr file descriptors and reapply the size
after the tty is re-opened.
Karel Zak [Mon, 25 Oct 2021 10:21:15 +0000 (12:21 +0200)]
Merge branch 'refactor-tests' of https://github.com/Ajchler/util-linux
* 'refactor-tests' of https://github.com/Ajchler/util-linux:
tests: split additional tests into subtests
tests: split several tests into subtests
tests: split test into subtest
tests: split cal/colorw test into subtests
tests: split cal/color test into subtests
projects / thirdparty / util-linux.git / log
