Karel Zak [Wed, 14 Jul 2021 10:18:08 +0000 (12:18 +0200)]
Merge branch 'verity_corruption' of https://github.com/bluca/util-linux
* 'verity_corruption' of https://github.com/bluca/util-linux:
verity: fix verity.roothashsig only working as last parameter
verity: add support for corruption action flag
build-sys: display cryptsetup status after ./configure
fdisk: move reorder diag messages to fdisk_reorder_partitions()
The function fdisk_reorder_partitions() is also used in sfdisk and cfdisk
and these commands assume info/warn messages from the library. So move all
messages from fdisk to fdisk_reorder_partitions().
verity: fix verity.roothashsig only working as last parameter
Parsing of verity.roothashsig did not take into consideration that other options
might follow, and used the whole string as a file path. But mnt_optstr_get_option
just returns a pointer in the mount option string, it doesn't extract it, so it
would have other subsequent options too. The length parameter has to be used.
FAT32 can be formatted with boot sign 0x28 to indicate that only serial id
is present or with boot sign 0x29 which indicates that both boot label and
serial id is present.
libblkid: vfat: Fix reading FAT16 boot label and serial id
Older FAT16 variants do not have to contain boot label or serial id. Boot
sign 0x28 indicates that only serial id is present and boot sign 0x29
indicates that both boot label and serial id is present. Other boot sign
values (e.g. zero) indicates older FAT16 variant without boot label and
boot sign.
dlopen is treated as a dependency, but that's not quite right, it
should be an alternative way to link to libcryptsetup.
Search for it only if cryptsetup is not disabled, and if the cryptsetup-dlopen
is explicitly set to enabled. If it is, do not link to libcryptsetup.
Add cryptsetup support status to the meson summary.
It should set HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY, rather than HAVE_CRYPTSETUP
which enables the verity features, as it needs to detect the availability of
the crypt_activate_by_signed_key API
benaryorg [Fri, 4 Jun 2021 12:34:52 +0000 (12:34 +0000)]
fix #648 by ignoring EINVAL on-remount of proc
When using --mount-proc=/some/path then unshare fails if the path provided is not already mounted due to the mount(2) call to change the propagation of the mount.
In such a case mount(2) returns EINVAL, which however is used for a variety of other errors.
If this error is ignored mistakenly the effects however should be negligible since:
1. the mount of proc afterwards happens regardless, errors of which are not ignored
2. the propagation change of root uses MS_REC, which should already change the propagation of all mounts recursively
Furthermore /proc is not touched if --mount-proc specifies a different mount point.
This should not cause too much unexpected behaviour due to point 2 from above in any case.
Specifying --mount-proc with a different path also means that unshare(3) is not instructed to touch /proc, thus /proc not being touched should not be unexpected.
As a side note, if unshare is called with /proc as an (implicit) parameter to --mount-proc then /proc is a stacked mount, meaning if /proc is unmounted within the namespace the host /proc will be visible again, thus not touching /proc with a different parameter does not constitute more information leakage than the alternative, quite contrary it may even be the desired behaviour.
Ross Burton [Thu, 1 Jul 2021 19:44:31 +0000 (20:44 +0100)]
test/eject: guard asan LD_PRELOAD with use-system-commands check
This test tries to add asan to LD_PRELOAD because the just-built eject
will call the host /bin/umount, and apparently asan doesn't like this.
However, if ldd isn't present, this fails as the path to asan is the
error message saying that ldd isn't present.
As the asan workaround is only needed when executing the binaries that
have just been built and not the system binaries, only use it if the
test is on the built binaries.
Karel Zak [Wed, 30 Jun 2021 10:07:50 +0000 (12:07 +0200)]
Merge branch 'kill' of https://github.com/rossburton/util-linux
* 'kill' of https://github.com/rossburton/util-linux:
tests: check correct log file for errors in blkdiscard test
tests: don't hardcode /bin/kill in the kill tests
Huang Shijie [Thu, 17 Jun 2021 12:41:16 +0000 (12:41 +0000)]
lscpu: remove the old code
The file "/sys/firmware/dmi/tables/DMI" always exists.
The dmi_decode_cputype() can provide more information then arm_smbios_decode().
So remove it to tidy the code.
Before this patch, we can get the output from Centos 7.9 who has
"/sys/firmware/dmi/entries/4-0/raw" and "/sys/firmware/dmi/tables/DMI":
----------------------------------------------------
BIOS Vendor ID: Ampere(TM)
Model name: Neoverse-N1
BIOS Model name: Ampere(TM) Altra(TM) Processor
----------------------------------------------------
After this patch which uses "/sys/firmware/dmi/tables/DMI", in Centos 7.9, we get:
----------------------------------------------------
BIOS Vendor ID: Ampere(TM)
Model name: Neoverse-N1
BIOS Model name: Ampere(TM) Altra(TM) Processor Q00-00 CPU @ 2.8GHz
BIOS CPU family: 257
----------------------------------------------------
Ross Burton [Tue, 29 Jun 2021 15:34:20 +0000 (16:34 +0100)]
tests: don't hardcode /bin/kill in the kill tests
If the 'kill' test is executed with --use-system-commands, it calls
/bin/kill to avoid the shell's own kill command being invoked.
However, this doesn't work if the kill we want to test isn't in fact in
/bin. Instead, use $(which kill) to find a kill on the PATH and call
that directly.
Karel Zak [Wed, 23 Jun 2021 09:37:31 +0000 (11:37 +0200)]
more: fix null-pointer dereference
The command allows executing arbitrary shell commands while viewing a file by
entering '!' followed by the command. Entering a command that contains a '%',
'!', or '\' causes a segmentation violation.
The same more(1) function has a problem when not file is specified (cat
/etc/passwd | more) on command line.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1975153 Signed-off-by: Karel Zak <kzak@redhat.com>
The exclusivity between the {fscontext, defcontext} and context options
was removed in kernel 2.6.25[1]. No specific verification on these
options is done in mount(8)[2].
Tj [Thu, 17 Jun 2021 12:13:22 +0000 (13:13 +0100)]
mount: man-page; add all overlayfs options
The section in man (8) mount for overlay is missing nine options which
aren't documented elsewhere either and are useful features to be aware
of and use.
Alex Xu [Wed, 16 Jun 2021 13:58:25 +0000 (13:58 +0000)]
build-sys: Update configure.ac
1. the test incorrectly used AC_COMPILE_IFELSE instead of
AC_LINK_IFELSE, defeating the purpose of checking -lcrypt.
2. the test did not properly restore LIBS, causing later checks to all
fail if libcrypt wasn't found.
3. HAVE_LIBCRYPT only controls whether to use -lcrypt, it is not
needed or used in any source files.
[kzak@redhat.com: - improve commit message
- use UL_{SET,RESTORE}_FLAGS() rather than directly
modify $LIBS]
Karel Zak [Thu, 17 Jun 2021 11:28:32 +0000 (13:28 +0200)]
lib/path: improve ul_path_readlink() to be more robust
According to POSIX, readlink() makes no effort to null-terminate buffer
with the result. It seems better to hide this disadvantage in the
ul_path_...() API rather than assume buf[sz] = '\0' everywhere.
Reported-by: Reported-by: Jan Pazdziora <jpazdziora@redhat.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Huang Shijie [Tue, 15 Jun 2021 10:06:39 +0000 (10:06 +0000)]
lscpu: add bios_family
In the arm platform, we do not have the "CPU family" as X86.
In the linux kernel, it is hardcode to set the "CPU architecuture:8"
which should be changed for arm v9 in future.
This patch adds "bios_family" field, which we can get from the DMI table.
In the ampere Altra platform, we can get the new lscpu output:
----------------------------------------------------------------
Architecture: aarch64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 160
On-line CPU(s) list: 0-159
Vendor ID: ARM
BIOS Vendor ID: Ampere(R)
Model name: Neoverse-N1
BIOS Model name: Ampere(R) Altra(R) Processor Q00-00 CPU @ 3.0GHz
BIOS CPU family: 257
Model: 1
Thread(s) per core: 1
----------------------------------------------------------------
[kzak@redhat.com: - s/sprintf/snprintf/]
Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Huang Shijie [Tue, 15 Jun 2021 10:06:38 +0000 (10:06 +0000)]
lscpu: get the processor information by DMI
The patch :367c85c47286 ("lscpu: use SMBIOS tables on ARM for lscpu")
relies on the existence of "/sys/firmware/dmi/entries/4-0/raw",
which may not exist in standard linux kernel.
But "/sys/firmware/dmi/tables/DMI" should exist and can provide the required
processor information.
This patch uses "/sys/firmware/dmi/tables/DMI"
to get the processor information:
Before this patch, in Ampere Altra platform, the lscpu output is:
---------------------------------------------
Architecture: aarch64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 160
On-line CPU(s) list: 0-159
Vendor ID: ARM
Model name: Neoverse-N1
Model: 1
Thread(s) per core: 1
Core(s) per socket: 80
Socket(s): 2
........................................
---------------------------------------------
After this patch, we can use get the lscpu output
in Ampere Altra platform:
---------------------------------------------
Architecture: aarch64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 160
On-line CPU(s) list: 0-159
Vendor ID: ARM
BIOS Vendor ID: Ampere(R)
Model name: Neoverse-N1
BIOS Model name: Ampere(R) Altra(R) Processor Q00-00 CPU @ 3.0GHz
Model: 1
Thread(s) per core: 1
Core(s) per socket: 80
Socket(s): 2
........................................
---------------------------------------------
[kzak@redhat.com: - s/sprintf/snprintf/]
Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Reported-by: Brian Lane <bcl@redhat.com>
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1971877
Fix: https://github.com/karelzak/util-linux/issues/1348 Signed-off-by: Karel Zak <kzak@redhat.com>
projects / thirdparty / util-linux.git / log
