Karel Zak [Fri, 18 Oct 2024 10:16:04 +0000 (12:16 +0200)]
nsenter: use pidfd to enter target namespaces
The typical use case is to enter namespaces of the task (--target
<pid>). The original nsenter opens /proc/<pid>/ns/* files and uses the
file descriptors to enter the namespaces by setns(). The recent kernel
allows using the pid file descriptor instead of the files in /proc,
making it possible to enter multiple namespaces with one setns call.
This solution reduces the number of syscalls (open+setns for each
namespace), removes the dependence on /proc, and allows entering
nested namespaces.
This commit should be backwardly compatible, meaning it can be used on
systems without pidfd_open(). Explicitly specified namespaces by
filenames are still supported, and user namespaces are still entered
first/last according to permissions privileging/deprivileging.
Addresses: https://github.com/util-linux/util-linux/pull/301 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Thu, 17 Oct 2024 09:14:49 +0000 (11:14 +0200)]
nsenter: add functions to enable/disable namespaces
Currently, enabled namespaces are those with an open file descriptor.
However, if we support pidfd, this will become unnecessary and we will
need an FD-independent enable/disable mechanism.
It also makes sense to delay opening --target <pid> namespaces files
until everything is ready and only handle it in one place.
Maks Mishin [Thu, 10 Oct 2024 17:23:49 +0000 (20:23 +0300)]
sys-utils: (setpriv): fix potential memory leak
Dynamic memory, referenced by 'buf' is allocated by calling function 'xstrdup'
add then changed by calling of strsep function.
The free(buf) call is incorrect if buf != NULL, and points to some
place inside or outside the source string.
Karel Zak [Mon, 7 Oct 2024 11:27:43 +0000 (13:27 +0200)]
Merge branch 'sock-netns-with-tests' of https://github.com/masatake/util-linux
* 'sock-netns-with-tests' of https://github.com/masatake/util-linux:
tests: (lsfd) verify SOCK.NETID and ENDPOINTS for sockets made in another netns
tests: (lsns) verify the code finding an isolated netns via socket
tests: (nsenter) verify the code entering the network ns via socket made in the ns
tests: (test_sysinfo) add a helper to detect NS_GET_USERNS
tests: (test_mkfds::foreign-sockets) new factory
tests: (test_mkfds, refactor) use xmemdup newly added in xalloc.h
xalloc.h: add xmemdup
tests: (test_mkfds) fix a typo in an option name
test_mkfds: (cosmetic) remove whitespaces between a function and its arguments
Karel Zak [Mon, 7 Oct 2024 08:22:07 +0000 (10:22 +0200)]
Merge branch 'lsfd--minor-fixes' of https://github.com/masatake/util-linux
* 'lsfd--minor-fixes' of https://github.com/masatake/util-linux:
lsfd: avoid accessing an uninitialized value
lsfd: finalize abst_class
lsfd,test_mkfds: (refactor) specify the variable itself as an operand of sizeof
tests: (test_mkfds) add a missing word in a comment
The exFAT specification lists valid value ranges for the superblock
fields. Validate the fields interpreted by the libblkid prober to avoid
undefined behaviour.
Karel Zak [Wed, 2 Oct 2024 08:06:10 +0000 (10:06 +0200)]
Merge branch 'PR/libmount-xnocanon' of https://github.com/karelzak/util-linux-work
* 'PR/libmount-xnocanon' of https://github.com/karelzak/util-linux-work:
mount: (man) add note about symlink over symlink
tests: add X-mount.nocanonicalize tests
libmount: support bind symlink over symlink
libmount: add X-mount.nocanonicalize[=source|target]
Karel Zak [Tue, 1 Oct 2024 11:56:52 +0000 (13:56 +0200)]
Merge branch 'test_mkfds-dont-free-and-close-when-exit-with-error' of https://github.com/masatake/util-linux
* 'test_mkfds-dont-free-and-close-when-exit-with-error' of https://github.com/masatake/util-linux:
tests: (test_mkfds) don't close fds and free memory objects when exiting with EXIT_FAILURE
tests: (test_mkfds,refactor) simplify nested if conditions
tests: (test_mkfds) save errno before calling system calls for clean-up
tests: (test_mkfds, cosmetic) add an empty line before the definition of struct sysvshm_data
Karel Zak [Thu, 26 Sep 2024 12:44:36 +0000 (14:44 +0200)]
libmount: support bind symlink over symlink
The new mount API allows for the use of AT_SYMLINK_NOFOLLOW when
opening a mount tree (aka the "mount source" for libmount).
As a result, you can now replace one symlink with another by using a
bind mount.
By default, the mount(8) command follows symlinks and canonicalizes
all paths. However, with the X-mount.nocanonicalize=source option, it
is possible to open the symlink itself. Similarly, with the
X-mount.nocanonicalize=target option, the path of the mount point can
be kept as the original symlink. (Using X-mount.nocanonicalize without
any argument works for both the "source" and "target".)
Example:
# file /mnt/test/symlinkA /mnt/test/symlinkB
/mnt/test/symlinkA: symbolic link to /mnt/test/fileA
/mnt/test/symlinkB: symbolic link to /mnt/test/fileB
The result is that 'symlinkB' is still a symlink, but it now points to
a different file.
This commit also modifies umount(8) because it does not work with
symlinks by default. The solution is to call umount2(UMOUNT_NOFOLLOW)
for symlinks after a failed regular umount(). For example:
Thomas Weißschuh [Wed, 25 Sep 2024 06:12:45 +0000 (08:12 +0200)]
login-utils/su-common: Validate all return values again
The additional coded added in commit d6564701e812 ("login-utils/su-common: Check that the user didn't change during PAM transaction")
was inserted in between the assignment and tests of "rc",
making the return value unchecked.
Add a new explicit check.
Thomas Weißschuh [Wed, 25 Sep 2024 06:09:29 +0000 (08:09 +0200)]
meson: test for pidfd_getfd()
Commit 55c7120accab ("nsenter: Provide an option to join target process's socket net namespace")
added stubs for pidfd_getfd() but didn't add the code for meson to check
if the function is already available.
Karel Zak [Tue, 24 Sep 2024 11:37:13 +0000 (13:37 +0200)]
libfdisk: (dos) ignore incomplete EBR for non-wholedisk
The logical partitions are defined by a chain of extended partitions,
with the beginning of the chain located on the whole disk device.
If a user runs "fdisk --list /dev/sda4", libfdisk cannot calculate proper
offsets for the items in the chain, resulting in the following error
message:
Failed to read extended partition table (offset=22528): Invalid argument
This error message may confuse users and is unnecessary when fdisk is
used in list-only mode (--list option). It would be sufficient to only
print the content of the partition without the error message and not
continue to the next item in the chain.
However, in write mode (without --list), the error message will still
be displayed as it is potentially dangerous to edit the EBR table.
Addresses: https://issues.redhat.com/browse/RHEL-59867 Signed-off-by: Karel Zak <kzak@redhat.com>
The new kernel mount API can bind-mount over a symlink. However, this
feature does not work with libmount because it canonicalizes all paths
by default. A possible workaround is to use the --no-canonicalize
option on the mount(8) command line, but this is a heavy-handed
solution as it disables all conversions for all paths and tags (such
as LABEL=) and fstab processing.
This commit introduces the X-mount.nocanonicalize userspace mount
option to control canonicalization. It only affects paths used for
mounting and does not affect tags and searching in fstab. Additionally,
this setting possible to use in fstab.
If the optional argument [=source|target] is not specified, then paths
canonicalization is disabled for both the source and target paths.
Adresses: https://github.com/util-linux/util-linux/issues/2370 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Tue, 24 Sep 2024 10:31:39 +0000 (12:31 +0200)]
Merge branch 'sock-netns' of https://github.com/0x7f454c46/util-linux
* 'sock-netns' of https://github.com/0x7f454c46/util-linux:
lsns: List network namespaces that are held by a socket
lsfd: Gather information on target socket's net namespace
nsenter: Provide an option to join target process's socket net namespace
Michal Suchanek [Tue, 24 Sep 2024 07:19:39 +0000 (09:19 +0200)]
partx: Fix example in man page
The example is:
partx -d --nr :-1 /dev/sdd
Removes the last partition on _/dev/sdd_.
The documentation says:
M:
Specifies the lower limit only (e.g. --nr 2:).
:N
Specifies the upper limit only (e.g. --nr :4).
In the above example the lower limit is not set and the upper is set to
the last partition, meaning all partitions. The lower limit should be
set instead.
nsenter: Provide an option to join target process's socket net namespace
The network namespace of a socket can be different from the target
process. Previously there were some userspace issues where a
net-namespace was held alive by a socket leak. For this purpose Arista's
linux kernel has a patch to provide socket => netns map by procfs pid/fd
directory links.
Add nsenter option to join the network namespace of a target process'
socket.
login-utils/su-common: Check that the user didn't change during PAM transaction
PAM modules can change the user during their execution, in such case su
would still use the user that has been provided giving potentially
access to another user with the credentials of another one.
So prevent this to happen, by ensuring that the final PAM user is
matching the one required
Karel Zak [Mon, 16 Sep 2024 12:50:43 +0000 (14:50 +0200)]
sfdisk: add --discard-free
Why do we need this? It can be difficult for end-users to discard
unpartitioned areas using blkdiscard, as it requires using fdisk to
obtain a list of free areas and then using blkdiscard with the correct
--offset and --length options. It is less risky for end-users to use
(s)fdisk, as they have a better understanding of the disk layout.
Addresses: https://github.com/util-linux/util-linux/issues/2804 Signed-off-by: Karel Zak <kzak@redhat.com>
Yao Zi [Mon, 9 Sep 2024 18:08:30 +0000 (18:08 +0000)]
bash-completion: look: rewrite completion logic
look(1) opens /usr/share/dict/words as dictionary by default. Doing TAB
completion for look(1) without the dictionary installed will result in
popups like
$ look look: /usr/share/dict/words: No such file or directory
messing up the terminal.
As /usr/share/dict/words is not shipped by quite a few distros nowadays
and it should not be listed as a hard dependency of util-linux, we make
sure the dictionary exists before calling look(1) when doing completion,
avoiding these error messages.
When completing the word without anything specified on the command line,
alphabets and numbers instead of all words are listed as a hint, for
better interacting experience.
Karel Zak [Thu, 5 Sep 2024 08:18:38 +0000 (10:18 +0200)]
Merge branch 'PR/env-whitelist' of github.com:karelzak/util-linux-work
* 'PR/env-whitelist' of github.com:karelzak/util-linux-work:
login: add LOGIN_ENV_SAFELIST /etc/login.def item
su: use lib/env.c for --whitelist-environment
env: add env_list_add_getenv() and env_list_add_getenvs()
autotools: improve devel-non-docs config-gen scenario
env: cleanup env_list API
env: add "overwrite" argument to env_list_setenv()
env: save parsed variables into ul_env_list
tests: add su --whitelist-environment test
Jan Engelhardt [Fri, 30 Aug 2024 20:44:56 +0000 (20:44 +0000)]
lscpu: add procfs–sysfs dump from Milk-V Pioneer
already in tree:
rv64-linux: just a BeagleV Starlight SBC (no longer in production)
rv64-visionfive2 is interesting because it's a system with an odd CPU count / mix of core types (4+1)
new dump:
rv64-milkvpioneer is interesting because it's arguably a server board, i.e. with a whole bunch of cores and NUMA nodes.
Karel Zak [Wed, 28 Aug 2024 10:10:50 +0000 (12:10 +0200)]
login: add LOGIN_ENV_SAFELIST /etc/login.def item
It is possible to preserve the entire environment (-p), but it is
rarely a good idea. The new configuration file item allows for
specifying a list of variables to protect, such as locale-related
environment variables.
Addresses: https://github.com/util-linux/util-linux/pull/3159 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Wed, 28 Aug 2024 09:23:31 +0000 (11:23 +0200)]
env: add env_list_add_getenv() and env_list_add_getenvs()
* Add env_list_add_getenv() to import a single variable from the
environ[] array. The function may accept a default value if getenv()
does not return anything.
* Add env_list_add_getenvs() to import multiple variables from the
environ[] array.
Karel Zak [Tue, 27 Aug 2024 11:07:56 +0000 (13:07 +0200)]
env: save parsed variables into ul_env_list
The struct ul_env_list is currently only used to store the value of
env when sanitizing environ[]. It would be beneficial to also use the
functions related to ul_env_list for other purposes. In order to do
this, it is important to keep the NAME and VALUE components separate.
* Accept non-terminated name and value for env_list_add().
* Add env_list_add_from_string() to add item to the list from a
"name=value" string.
* Add env_list_add_variable() to add item to the list using separate
"name" and "value" strings.
* Update __sanitize_env() to use env_list_add_from_string().
* Modify the test to use "abc" as the value instead of copying the
variable name (with '=') to the value.
Karel Zak [Mon, 2 Sep 2024 12:21:40 +0000 (14:21 +0200)]
libfdisk: check alignment reset return codes
Traditionally, there was only recalculation based on disk properties.
However, since libfdisk now supports additional script headers to
modify the default alignment, we need to check return codes. This is
because users can specify nonsensical values. If we ignore the return
codes, the library will report the issue multiple times and
return an error to the application when creating a new disk label.
Old version:
>>> Script header accepted.
>>> Last LBA specified by script is out of range.
Last LBA specified by script is out of range.
Last LBA specified by script is out of range.
Failed to apply script headers, disk label not created: Numerical result out of range
Fixed version:
>>> Script header accepted.
>>> Last LBA specified by script is out of range.
Failed to apply script headers, disk label not created: Numerical result out of range.
Karel Zak [Mon, 2 Sep 2024 12:04:18 +0000 (14:04 +0200)]
sfdisk: ignore last-lba from script on --force
The last LBA depends on the disk size. It seems like a good idea to
ignore it when using the --force option, in order to make it possible
to apply the script on smaller disks.
Addresses: https://github.com/util-linux/util-linux/issues/3186 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Thu, 29 Aug 2024 09:52:31 +0000 (11:52 +0200)]
Merge branch 'PR/buildsys-lsfd-bpf' of github.com:karelzak/util-linux-work
* 'PR/buildsys-lsfd-bpf' of github.com:karelzak/util-linux-work:
meson: check for BPF_OBJ_NAME_LEN and linux/bpf.h
autotools: Check for BPF_OBJ_NAME_LEN (required by lsfd)
Gábor Németh [Thu, 29 Aug 2024 06:59:23 +0000 (08:59 +0200)]
Optionally execute a program after group change
We accept a `-c` command option or possible second argument which is then
invoked through the user's shell after the group change, as by the `sg`
utility. The default is still running the shell itself.
projects / thirdparty / util-linux.git / log
