similar to: [PATCH v3 libguestfs] launch: Implement a safer getumask.

The current implementation of getumask involves writing a file with mode 0777 and then testing what mode was created by the kernel. This doesn't work properly if the user set a per-mount umask (or fmask/ dmask). This alternative method was suggested by Josh Stone. By forking, we can use the thread-unsafe method (calling umask) and pass the result back over a pipe. This change also fixes

The current implementation of getumask involves writing a file with mode 0777 and then testing what mode was created by the kernel. This doesn't work properly if the user set a per-mount umask (or fmask/ dmask). This alternative method was suggested by Josh Stone. By forking, we can use the thread-unsafe method (calling umask) and pass the result back over a pipe. This change also fixes

On 04/13/2016 03:43 PM, Richard W.M. Jones wrote: > The current implementation of getumask involves writing a file with > mode 0777 and then testing what mode was created by the kernel. This > doesn't work properly if the user set a per-mount umask (or fmask/ > dmask). > > This alternative method was suggested by Josh Stone. By forking, we > can use the thread-unsafe

On 04/14/2016 03:59 AM, Richard W.M. Jones wrote: > The current implementation of getumask involves writing a file with > mode 0777 and then testing what mode was created by the kernel. This > doesn't work properly if the user set a per-mount umask (or fmask/ > dmask). > > This alternative method was suggested by Josh Stone. By forking, we > can use the thread-unsafe

Since Linux 4.7, the process umask is available in /proc/<pid>/status. See: https://github.com/torvalds/linux/commit/3e42979e65dace1f9268dd5440e5ab096b8dee59 Use this value if available, else fall back to the existing codepath for Linux <= 4.6 and other Unix. --- src/umask.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 78 insertions(+), 8

On 04/14/2016 07:57 AM, Richard W.M. Jones wrote: > On Thu, Apr 14, 2016 at 07:38:23AM -0600, Eric Blake wrote: >>> + /* Read the umask. */ >>> + if (read (fd[0], &mask, sizeof mask) != sizeof mask) { >>> + perrorf (g, "read"); >>> + close (fd[0]); >>> + return -1; >> >> Oops - this strands a child process. You

On Thu, Apr 14, 2016 at 08:04:39AM -0600, Eric Blake wrote: > On 04/14/2016 07:57 AM, Richard W.M. Jones wrote: > > On Thu, Apr 14, 2016 at 07:38:23AM -0600, Eric Blake wrote: > >>> + /* Read the umask. */ > >>> + if (read (fd[0], &mask, sizeof mask) != sizeof mask) { > >>> + perrorf (g, "read"); > >>> + close (fd[0]);

On Thu, Apr 14, 2016 at 07:38:23AM -0600, Eric Blake wrote: > > + /* Read the umask. */ > > + if (read (fd[0], &mask, sizeof mask) != sizeof mask) { > > + perrorf (g, "read"); > > + close (fd[0]); > > + return -1; > > Oops - this strands a child process. You have to reap the child, even > if the read() failed. Bleah that was

Thanks: Eric Blake. --- src/Makefile.am | 1 + src/command.c | 7 ++---- src/guestfs-internal.h | 4 +++ src/launch-direct.c | 11 +++------ src/launch-uml.c | 11 +++------ src/umask.c | 10 ++------ src/wait.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 84 insertions(+), 27 deletions(-) create mode 100644

Move to lazy_make_tmpdir the logic for making world-readable (but only for root) newly-created temporary directories, removing the non-fatal code doing that in guestfs_impl_launch. Followup of commit 772f649e595d202bdb67f05aeb62157c1104be89. --- src/launch.c | 7 ------- src/tmpdirs.c | 30 ++++++++++++------------------ 2 files changed, 12 insertions(+), 25 deletions(-) diff --git

The previously library-side ‘file_architecture’ API is reimplemented in the daemon, in OCaml. There are some significant differences compared to the C implementation: - The C code used libmagic. That is replaced by calling the ‘file’ command (because that is simpler than using the library). - The C code had extra cases to deal with compressed files. This is not necessary since the

The API for UNIX sockets limits the path to a static size (usually 104 or 108 characters, NULL included), which is internally represented as UNIX_PATH_MAX. If the temporary directory set is long enough (e.g. when running tools as uninstalled, using "run") then these socket paths get trucated, if not even cause failures when binding the sockets. Introduce a new internal API to create

BTW this causes valgrind to fail in a particularly strange way. I filed a bug upstream with a minimal reproducer. Do you have any ideas? https://bugs.kde.org/show_bug.cgi?id=361810 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual

This was only used inside the library, so move it there. --- .gitignore | 2 +- common/utils/Makefile.am | 4 +--- common/utils/guestfs-internal-frontend.h | 12 ------------ docs/C_SOURCE_FILES | 2 +- generator/UEFI.ml | 3 ++- generator/main.ml | 2 +- lib/Makefile.am

In some places when generating XML output in C code we use some clever macros: start_element ("memory") { attribute ("unit", "MiB"); string_format ("%d", g->memsize); } end_element (); This commit which is mostly refactoring moves the repeated definitions of these macros into a common header file. I also took this opportunity to change /

On Fri, Jan 29, 2016 at 07:25:30PM +0100, Pino Toscano wrote: > The API for UNIX sockets limits the path to a static size (usually 104 > or 108 characters, NULL included), which is internally represented as > UNIX_PATH_MAX. If the temporary directory set is long enough (e.g. > when running tools as uninstalled, using "run") then these socket paths > get trucated, if not

Updating gnulib has caused -Wformat-signedness to be enabled. This has revealed many problems in C format strings. The fixes here fall into the following main categories: - Using %d with an unsigned parameter. - %x and %o expect an unsigned argument. - uid_t and gid_t are unsigned on Linux. The safe way to print these is to cast them to uintmax_t and then print then using the %ju

Updating gnulib has caused -Wformat-signedness to be enabled. This has revealed many problems in C format strings. The fixes here fall into the following main categories: - Using %d with an unsigned parameter. - %x and %o expect an unsigned argument. - uid_t and gid_t are unsigned on Linux. The safe way to print these is to cast them to uintmax_t and then print them using the %ju

Prune from the list of sources where to extract messages various sources with no messages: - .pl and .pm files, as they do not contain messages: almost all the .pl files are tests, and the only .pm file is the Perl Sys::Guestfs module, which wraps the XS extension - dummy.c sources; they are empty sources used to build OCaml-only targets using automake - gperf generated sources - C/OCaml

Since all the usage of augeas is done in OCaml parts (via ocaml-augeas), drop all the C code using the C augeas library. --- daemon/Makefile.am | 2 - daemon/augeas.c | 91 --------------------------------------------- daemon/cleanups.c | 11 ------ daemon/daemon.h | 34 ----------------- daemon/lvm-filter.c | 2 - docs/C_SOURCE_FILES | 1 - po/POTFILES | 1 - 7 files