search for: bind_mount

...pts; char *sysroot_proc; + char *sysroot_selinux; char *sysroot_sys; char *sysroot_sys_fs_selinux; - bool dev_ok, dev_pts_ok, proc_ok, sys_ok, sys_fs_selinux_ok; + bool dev_ok, dev_pts_ok, proc_ok, selinux_ok, sys_ok, sys_fs_selinux_ok; }; struct resolver_state { @@ -76,16 +77,18 @@ bind_mount (struct bind_state *bs) bs->sysroot_dev = sysroot_path ("/dev"); bs->sysroot_dev_pts = sysroot_path ("/dev/pts"); bs->sysroot_proc = sysroot_path ("/proc"); + bs->sysroot_selinux = sysroot_path ("/selinux"); bs->sysroot_sys = sysro...

...and it is not + * possible to rely on the guest to provide it (Linux guests + * get /dev dynamically populated at runtime by udev). + */ + fd = open ("/dev/null", O_RDONLY|O_CLOEXEC); + if (fd == -1) { + reply_with_perror ("/dev/null"); + return NULL; + } + if (bind_mount (&bind_state) == -1) return NULL; if (enable_network) { @@ -266,8 +279,10 @@ do_command (char *const *argv) return NULL; } + flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | fd; + CHROOT_IN; - r = commandv (&out, &err, (const char * const *) argv); + r = comman...

...ysroot_selinux; > char *sysroot_sys; > char *sysroot_sys_fs_selinux; > - bool dev_ok, dev_pts_ok, proc_ok, sys_ok, sys_fs_selinux_ok; > + bool dev_ok, dev_pts_ok, proc_ok, selinux_ok, sys_ok, > sys_fs_selinux_ok; }; > > struct resolver_state { > @@ -76,16 +77,18 @@ bind_mount (struct bind_state *bs) > bs->sysroot_dev = sysroot_path ("/dev"); > bs->sysroot_dev_pts = sysroot_path ("/dev/pts"); > bs->sysroot_proc = sysroot_path ("/proc"); > + bs->sysroot_selinux = sysroot_path ("/selinux"); > b...

On Tue, Dec 01, 2015 at 04:16:57PM +0100, Pino Toscano wrote: > On Tuesday 01 December 2015 15:59:56 Mateusz Guzik wrote: > > I would argue that /dev has to be at least partially populated for anything > > that gets executed in the chroot. At the very least special nodes like null, > > zero and {u,}random are needed. > > We do not assume anything about guests, which

...root. However we must be careful to unmount them - * afterwards because otherwise they would interfere with - * future mount and unmount operations. - * - * We deliberately allow these commands to fail silently, BUT - * if a mount fails, don't unmount the corresponding mount. - */ -static int -bind_mount (struct bind_state *bs) -{ - int r; - - memset (bs, 0, sizeof *bs); - - bs->sysroot_dev = sysroot_path ("/dev"); - bs->sysroot_dev_pts = sysroot_path ("/dev/pts"); - bs->sysroot_proc = sysroot_path ("/proc"); - bs->sysroot_selinux = sysroot_path (&quo...

...* possible to rely on the guest to provide it (Linux guests - * get /dev dynamically populated at runtime by udev). - */ - dev_null_fd = open ("/dev/null", O_RDONLY|O_CLOEXEC); - if (dev_null_fd == -1) { - reply_with_perror ("/dev/null"); - return NULL; - } - if (bind_mount (&bind_state) == -1) return NULL; if (enable_network) { @@ -279,11 +268,9 @@ do_command (char *const *argv) return NULL; } - flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | dev_null_fd; + flags = COMMAND_FLAG_DO_CHROOT; - CHROOT_IN; r = commandvf (&out, &err...

Do SELinux relabelling properly.

...uest to provide it (Linux guests > + * get /dev dynamically populated at runtime by udev). > + */ > + fd = open ("/dev/null", O_RDONLY|O_CLOEXEC); > + if (fd == -1) { > + reply_with_perror ("/dev/null"); > + return NULL; > + } > + > if (bind_mount (&bind_state) == -1) > return NULL; > if (enable_network) { > @@ -266,8 +279,10 @@ do_command (char *const *argv) > return NULL; > } > > + flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | fd; > + > CHROOT_IN; > - r = commandv (&out, &am...

...(Linux guests > - * get /dev dynamically populated at runtime by udev). > - */ > - dev_null_fd = open ("/dev/null", O_RDONLY|O_CLOEXEC); > - if (dev_null_fd == -1) { > - reply_with_perror ("/dev/null"); > - return NULL; > - } > - > if (bind_mount (&bind_state) == -1) > return NULL; > if (enable_network) { > @@ -279,11 +268,9 @@ do_command (char *const *argv) > return NULL; > } > > - flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | dev_null_fd; > + flags = COMMAND_FLAG_DO_CHROOT; > >...

...ev). > > + */ > > + fd = open ("/dev/null", O_RDONLY|O_CLOEXEC); > > + if (fd == -1) { > > + reply_with_perror ("/dev/null"); > > + return NULL; > > + } > > + > > I disagree with this (see below). > > > if (bind_mount (&bind_state) == -1) > > return NULL; > > nit: this leaks the fd on error, but it may not matter much. > > > if (enable_network) { > > @@ -266,8 +279,10 @@ do_command (char *const *argv) > > return NULL; > > } > > > > nit...

...; + * get /dev dynamically populated at runtime by udev). > + */ > + fd = open ("/dev/null", O_RDONLY|O_CLOEXEC); > + if (fd == -1) { > + reply_with_perror ("/dev/null"); > + return NULL; > + } > + I disagree with this (see below). > if (bind_mount (&bind_state) == -1) > return NULL; nit: this leaks the fd on error, but it may not matter much. > if (enable_network) { > @@ -266,8 +279,10 @@ do_command (char *const *argv) > return NULL; > } > nit: same. > + flags = COMMAND_FLAG_CHROOT_COPY_FILE_...

This is a more working version. Inspection (partially) succeeds on a real guest this time :-) You can test it out on a real guest (in this case, a CentOS disk image located at /tmp/centos-6.img) by doing: $ ./run guestfish -v -x -a /tmp/centos-6.img ><fs> run ><fs> debug sh "guestfs-inspection --verbose" which will print lots of debugging, and at the end the

For background on this change, see: https://rwmj.wordpress.com/2015/12/06/inspection-now-with-added-prolog/ v2 was previously posted here: https://www.redhat.com/archives/libguestfs/2015-December/msg00038.html To test this patch series on a real guest, you can do: $ ./run guestfish -v -x -a /var/tmp/centos-6.img ><fs> run ><fs> debug sh "guestfs-inspection

..._EXT_CMD(str_cp, cp); -GUESTFSD_EXT_CMD(str_mount, mount); -GUESTFSD_EXT_CMD(str_umount, umount); - #ifdef HAVE_ATTRIBUTE_CLEANUP #define CLEANUP_BIND_STATE __attribute__((cleanup(free_bind_state))) #define CLEANUP_RESOLVER_STATE __attribute__((cleanup(free_resolver_state))) @@ -100,20 +96,20 @@ bind_mount (struct bind_state *bs) * However I have not found a reliable way to unmount the same set * of directories (umount -R does NOT work). */ - r = command (NULL, NULL, str_mount, "--bind", "/dev", bs->sysroot_dev, NULL); + r = command (NULL, NULL, "mount",...

...CMD(str_cp, cp); -GUESTFSD_EXT_CMD(str_mount, mount); -GUESTFSD_EXT_CMD(str_umount, umount); +DECLARE_EXTERNAL_COMMANDS ("cp", "mount", "umount") #ifdef HAVE_ATTRIBUTE_CLEANUP #define CLEANUP_BIND_STATE __attribute__((cleanup(free_bind_state))) @@ -100,20 +98,20 @@ bind_mount (struct bind_state *bs) * However I have not found a reliable way to unmount the same set * of directories (umount -R does NOT work). */ - r = command (NULL, NULL, str_mount, "--bind", "/dev", bs->sysroot_dev, NULL); + r = command (NULL, NULL, "mount",...

This is a simpler patch that removes GUESTFSD_EXT_CMD completely.

Replace GUESTFSD_EXT_CMD with a command line option ‘./guestfsd --print-external-commands’