Earl Chew [Sun, 9 Jan 2022 22:01:21 +0000 (14:01 -0800)]
unshare: Propagate inherited signal handling to forked child
In #1086, signal(3) is used along with SIG_IGN,
and SIG_DFL, to prevent premature termination of
the parent. The present approach causes the
forked child to have different inherited
signal handling behaviour than original
behaviour inherited by the parent.
Sam James [Fri, 7 Jan 2022 01:54:41 +0000 (01:54 +0000)]
su: use LOG_PID for syslog
Enable PID in syslog lines for `su`.
In Gentoo Linux, we recently switched `su` providers from
shadow to util-linux.
It was notiiced that syslog output differs slightly
with util-linux (no PID):
```
Jan 7 20:00:50 localhost su: (to root) root on pts/5
Jan 7 20:00:50 localhost su: pam_unix(su:session): session opened for user root(uid=0) by sam(uid=0)
```
... whereas shadow's `su` gave (with PID):
```
Jan 7 20:52:50 localhost su[22245]: Successful su for root by root
Jan 7 20:52:50 localhost su[22245]: + /dev/pts/5 root:root
```
This change enables PID logging to give shadow-like syslog
output for `su`:
```
Jan 7 20:54:32 localhost su[10827]: (to root) root on pts/6
Jan 7 20:54:32 localhost su[10827]: pam_unix(su:session): session opened for user root(uid=0) by sam(uid=0)
```
Karel Zak [Tue, 4 Jan 2022 09:37:55 +0000 (10:37 +0100)]
libmount: remove support for deleted mount table entries
The "(deleted)" suffix has been originally used by kernel for deleted
mountpoints. Since kernel commit 9d4d65748a5ca26ea8650e50ba521295549bf4e3
(Dec 2014) kernel does not use this suffix for mount stuff in /proc at
all. Let's remove this support from libmount too.
Karel Zak [Mon, 3 Jan 2022 12:06:47 +0000 (13:06 +0100)]
Merge branch 'meson' of https://github.com/t-8ch/util-linux
* 'meson' of https://github.com/t-8ch/util-linux:
meson: only install pkgconfig if library is built
meson: install manpages and bash completions
meson: install examples to correct directory
meson: headers: Install headers
meson: headers: use util-linux version of version defines
Karel Zak [Mon, 13 Dec 2021 12:22:56 +0000 (13:22 +0100)]
mount: add hint about systemctl daemon-reload
This commit implements an extra hint for systemd based distros to
inform users that units currently used by systemd are older than
fstab. This situation is usually unwanted, and 'systemctl
daemon-reload' is recommended.
The message is printed only on terminal to avoid extra messages in
logs, etc.
Addresses: https://github.com/systemd/systemd/pull/20476 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Fri, 10 Dec 2021 14:20:28 +0000 (15:20 +0100)]
Merge branch 'lsfd-blkdev' of https://github.com/masatake/util-linux
* 'lsfd-blkdev' of https://github.com/masatake/util-linux:
tests: (lsfd) call ts_skip_nonroot earlier
lsfd: fix a typo in comment
lsfd: declare local variables at the beginning of block
tests: (lsfd) add a case for listing a fd opening a block device
tests: (lsfd) add a factory for opening a block device to the helper command
lsfd: use the list of block devices in /proc/devices for decoding SOURCE column
lsfd: add a helper function for reading bdevs in /prode/devices
lsfd: move the code for reading /proc/devices to lsfd.c
libblkid/src/probe: check for ENOMEDIUM from ioctl(CDROM_LAST_WRITTEN)
The CD device on Azure VMs returns CDS_DISC_OK from CDROM_DRIVE_STATUS even
when no disc is present. In that case an ENOMEDIUM from CDROM_LAST_WRITTEN
follows. Catch that and return error to prevent probing which results in
hundreds of "unaligned transfer" warnings in the kernel logbuffer.
Karel Zak [Thu, 9 Dec 2021 12:20:50 +0000 (13:20 +0100)]
findmnt: add SOURCES column to print all devices with the same tag
It's the same like TARGETS for lsblk (the same device is possible to
mount on more mountpoints). Here in findmnt we support by a new column
SOURCES scenario when more devices (filesystems) use the same tag
(LABEL, UUID, e.g.).
Karel Zak [Thu, 9 Dec 2021 09:56:07 +0000 (10:56 +0100)]
isfdisk: improve --backup documentation
* add reference to backup section
* add note that backup is done always after startup
* remove TODO item about --backup, it seems that back after open is
only way how we can make it with current libfdisk, because
fdisk_locate_disklabel() returns current in-memory rather than on-disk
situation.
Addresses: https://github.com/util-linux/util-linux/issues/850 Signed-off-by: Karel Zak <kzak@redhat.com>
Masatake YAMATO [Wed, 8 Dec 2021 14:41:52 +0000 (23:41 +0900)]
lsfd: use the list of block devices in /proc/devices for decoding SOURCE column
For decoding the SOURCE column of a fd opening a block devices, the
origina code uses /proc/partitions only. However, this is not enough
for decoding /dev/nullb0. Though is is a block device node, the block
device behind the node is not listed in /proc/partitions.
This change uses the information min /proc/devices as the fallback of
/proc/partitions.
Masatake YAMATO [Wed, 8 Dec 2021 14:02:45 +0000 (23:02 +0900)]
lsfd: move the code for reading /proc/devices to lsfd.c
The original code is only for reading the names of character device
drivers. For making the code reusable in reading that of block device
drivers, rearrange the code an move it to the common area, lsfd.c.
Karel Zak [Wed, 8 Dec 2021 13:13:36 +0000 (14:13 +0100)]
Merge branch 'patch-2' of https://github.com/mariobl/util-linux
* 'patch-2' of https://github.com/mariobl/util-linux:
lsfd.1.adoc: Improve punctuation and add translator comments
lsfd.1.adoc: Fix yet another entry in the filter examples list
lsfd.1.adoc: Fix wording and markup
Karel Zak [Thu, 2 Dec 2021 13:15:49 +0000 (14:15 +0100)]
hardlink: add reflinks support (add --reflinks and --skip-reflinks)
Let's make XFS and BTRFS users more happy. The option --skip-reflinks
forces hardlink to detect files with shared extends and --reflinks
forces hardlink to create clones (FICLONE ioctl) rather than
hardlinks.
Addresses: https://github.com/util-linux/util-linux/issues/1447 Signed-off-by: Karel Zak <kzak@redhat.com>
Sean Anderson [Wed, 24 Nov 2021 18:26:18 +0000 (13:26 -0500)]
unshare: Document --map-{groups,users,auto}
This documents the new options added in the previous few commits.
I have added another example to better demonstrate the these
options. The actual use is fairly straightforward, but the descriptions
are on the pithier side.
Sean Anderson [Wed, 24 Nov 2021 18:26:17 +0000 (13:26 -0500)]
unshare: Add option to automatically create user and group maps
This option is designed to handle the "garden path" user/group ID
mapping:
- The user has one big map in /etc/sub[u,g]id
- The user wants to map as many user and group IDs as they can,
especially the first 1000 users and groups.
The "auto" map is designed to handle this. We find the first map
matching the current user, and then map the whole thing to the ID range
starting at ID 0.
Sean Anderson [Wed, 24 Nov 2021 18:26:16 +0000 (13:26 -0500)]
unshare: Add options to map blocks of user/group IDs
This adds the ability to map multiple user/group IDs when creating a new
user namespace. Regular processes cannot map any user other than the
effective user, so we need to use the setuid helpers newuidmap and
newgidmap, provided by shadow. Typically, users will be assigned blocks
of user/group IDs in /etc/sub{u,g}id, although it is also possible to
use NSS. There is a second advantage in using these helpers: because we
never write to /proc/self/gid_map, we don't have to disable setgroups.
Because the process of mapping IDs is almost identical, whether we are
mapping user IDs or group IDs, we put both in a common "map_range"
structure. These are read in by (ab)using string_to_idarray. In addition
to any map created with --map-users, we still need to handle a map of
size one created with --map-user. This makes constructing the helpers'
command line the trickiest part of the whole process. newuidmap/
newgidmap check to see if any ranges overlap before creating a mapping.
To avoid failing, we carve out a hole in the mapping for the singular
map. In the worst case, we may have three separate maps.
where the parent has to do some tasks (unshare(), fork() again, etc)
before the child can do its work. At the moment this is implemented
explicitly with a pipe().
Add some helper functions to abstract this process away. In addition,
switch to eventfd() instead of pipe(). As the man page for eventfd(2)
notes,
> Applications can use an eventfd file descriptor instead of a pipe (see
> pipe(2)) in all cases where a pipe is used simply to signal events. The
> kernel overhead of an eventfd file descriptor is much lower than that of
> a pipe, and only one file descriptor is required (versus the two required
> for a pipe).
> In the commit, the protoname of (AF_UNIX, SOCK_DGRAM) sockets was also
> changed to "UNIX-DGRAM". However, it was renamed back to "UNIX" in
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edf0824e0dc359ed76bf96af986e6570ca2c0b9
To make this test case more portable, this change makes the test case
accept "UINX-DGRAM" in addition to "UINX", too.