unshare,nsenter: Move the old libc handling into a common header namespace.h
Move the defitions of CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC,
CLONE_NEWNET, CLONE_NEWUSER, CLONE_NEWPID into namespace.h in case
sched.h does not provide those definitions. Are there systems
around that are old enough that still need this?
Move the definitions of unshare() and setns() into namespace.h
for supporting old versions of libc that does not provice these.
I have tested this support with setns as I still have systems
old enough that glibc does not wrap setns.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
In the case of a pid namespace we need to fork a child process instead
of calling exec. Move all of that logic out of line into a function
continue_as_child, making the logic of the primary case easier to
understand.
Update the logic for waiting for a child process to suspend ourselves
when the child processes suspends and to continue the child process
when we are unsuspsended. This supports the bash suspend command and
various editors that suspend themselves.
If the child process exits with a signal update the logic to run
kill(getpid(), WTERMSIG(status)) so the caller sees the same exit code
that nsenter observed.
There will always be permission to send signals to our children and
the tty is not changing so there is no need for the intermediate
process to forward signals to it's child.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
unshare: Add support for the pid and user namespaces
- Update the unshare application to support the pid and user namespaces.
- Update the man page for the new options
- Fix typo in the man page where UTS was spelled UTC.
- Remove the vestigal support for running a suid unshare.
After unsharing a user namespace setuid(getuid()) won't work because
no uid or gid mappings have been specified yet. So it is just easier not
to have any support for running suid.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Karel Zak [Tue, 15 Jan 2013 12:55:29 +0000 (13:55 +0100)]
libmount: allow to use propagation flags in fstab
Linux kernel does not allow to change more than one propagation flag
by one mount(2) syscall. The flags also cannot be mixed with another
mount options. It means that the propagation flags cannot be stored in
/etc/fstab, manual "mount --make-* <mountpoint>" is always necessary
after successful mount. Painful...
This patch implements additional mount(2) after previous successful
mount(2) (or exec /sbin/mount.<type>).
For example:
mount /dev/sda1 /A -o private,unbindable,ro
or fstab entry:
/dev/sda1 /A auto ro,private,unbindable
is implemented by three mount(2) calls:
- 1st mounts /dev/sda1 with MS_RDONLY
- 2nd sets MS_PRIVATE flag
- 3rd sets MS_UNBINDABLE flag.
It's the same as as to manually call:
mount /dev/sda1 /A -o ro
mount --make-private /A
mount --make-unbindable /A
This solution is not atomic, and umount(2) is not called if
propagation flags are not successfully applied, only error is
returned.
This change does not affect libmount API, so one beautiful day when
mount(2) syscall will be improved we can drop this nasty patch.
Karel Zak [Mon, 14 Jan 2013 13:50:50 +0000 (14:50 +0100)]
findmnt: make --target usable with bind mounts
The --target <non-mount-point> functionality should be enabled only if
previous regular search found nothing to avoid collisions with bind
mounts, because to detect mountpoint we use traditional child / parent
stat.st_dev comparison which does not work for bind mounts (--bind /A
/A).
Btrfs has three superblock. The first one is placed at 64KB, the second one at
64MB, the third one at 256GB.
If the first superblock is valid except that the "magic field" is zeroed, btrfs
skips the check of the other superblocks. If the first superblock is fully
invalid, btrfs checks for the other superblock.
So zeroing the first superblock "magic field" at the beginning seems that the
filesystem is wiped. But when the first superblock is overwritten (eg by
another filesystem), then the other two superblock may be considered valid, and
the filesystem may resurrect.
This patch allow to find and wipe the other btrfs superblocks signature.
mount: Fix -t in listing mode when run as non-root
Presently, libmount-mount completely prohibits the use of -t by non-root
users. This breaks using -t in listing mode as a user, which represents
a regression against mount-deprecated, macosx and presumably *BSD.
This commit fixes the issue by deferring the mnt_context_is_restricted
check for -t until we know we're not in listing mode.
Sami Kerola [Fri, 28 Dec 2012 21:23:43 +0000 (21:23 +0000)]
losetup: fix declarations [smatch scan]
sys-utils/losetup.c:309:2: error: 'for' loop initial declarations are only allowed in C99 mode
sys-utils/losetup.c:374:2: error: 'for' loop initial declarations are only allowed in C99 mode
Sami Kerola [Fri, 28 Dec 2012 21:23:42 +0000 (21:23 +0000)]
swapon: default to --show if nothing is requested
Proposed-by: Karel Zak <kzak@redhat.com>
References: http://www.spinics.net/lists/util-linux-ng/msg07301.html Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Mike Frysinger [Wed, 26 Dec 2012 20:10:29 +0000 (15:10 -0500)]
flock: improve usage strings
The current examples miss the best usage of all: specifying the command
and its arguments directly on the command line. Add that to both the
program usage and the man page.
Werner Fink [Tue, 8 Jan 2013 14:38:40 +0000 (15:38 +0100)]
include/ttyutils: add default chardata
this one moves the init_chardata to include/ttyutils.h as well as to
lib/include/ttyutils.c. Also the macros CTL/CTRL are fixed in
agetty.c and sulogin.c to use the XOR variant CTL.
[kzak@redhat.com: use macro rather than global variable for default
chardata]
Signed-off-by: Werner Fink <werner@suse.de> Signed-off-by: Karel Zak <kzak@redhat.com>
Neil Horman [Fri, 28 Dec 2012 16:22:18 +0000 (11:22 -0500)]
unshare: support the switching of namespaces
In addition to the unshare syscall, there exists the setns syscall, which
allows processes to migrate to the namepsaces of other processes. Add this
functionality into the unshare command, as they operate in a fairly simmilar
fashion.
Note: There was discussion of adding a path based namespace argument to unshare
in the origional discussion thread, but I opted to leave that out as it didn't
seem to fit in nicely with the current argument pattern. I figure we can always
add that in later if we need to
[kzak@redhat.com: - fix optional arguments
- do not call unshare if no flag specified
- use O_CLOEXEC
- codding style cleanup]
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: Karel Zak <kzak@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Sami Kerola [Sun, 16 Dec 2012 10:43:51 +0000 (10:43 +0000)]
ipcs: add --human readable size conversion option
Introduces new function ipc_print_size() which will call
size_to_human_string(), and handles the occasional '([k]bytes)' printing
if default size format is requested.
Reviewed-by: Karel Zak <kzak@redhat.com> Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Werner Fink [Mon, 10 Dec 2012 12:27:11 +0000 (13:27 +0100)]
sulogin: add multi console feature from SysVinit sulogin
Now after adding Conflicts=rescue.service to getty@.service and
serial-getty@.service and Conflicts=getty.target to rescue.target
all works with `systemctl rescue'. Even adding init=/sbin/sulogin
to the kernels command line by using the `e' key in grub2 boot
menu works flawless.
This version is without the emergency code as I've this moved to
lib/console.c where it belongs to.
Werner Fink [Mon, 10 Dec 2012 12:27:10 +0000 (13:27 +0100)]
sulogin: mount temporary /dev and /proc if not found
This is very usefull if initrd can not loaded that is no /dev and no
/proc is found. Also if the /etc/shadow and /etc/passwd is copied into
the initrd the sulogin can be used in initrd even before /dev and/or /proc
are mounted.