For example:
sfdisk -N <parno>
may address unused partition. In this case we need to redirect from
fdisk_set_partition() to fdisk_add_partition() and follow default
setting (used all free space).
Signed-off-by: Karel Zak <kzak@redhat.com>
The write(1) is commonly a setuid binary, because common users cannot by
default write to each others terminals. Since the commit in reference, that
is part of releases v2.24 to v2.28, the write(1) has used access(2) to check
capability to write to a destination terminal. The catch is that access(2)
uses real UID and GID to when performing the accessibility. The obvious
correction is to avoid access(2) when in context of setuid binaries.
As a smaller fix, but equally important fix, ensure the 'msgsok' variable is
initialized to indicate no access. Uninitialized variable will almost
certainly do wrong thing at the time of check.
Breaking-commit: 0233a8ea18
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Wayne Pollock <profwaynepollock@gmail.com>
Use human numbering for lines - that is start counting from 1. And tell in
error message what the number means.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Use the return value of fdisk_reread_partition_table in write_changes so that
sfdisk exits with error if re-reading the partition table fails.
Signed-off-by: Victor Dodon <dodonvictor@gmail.com>
The option allows to remove filesystes/RAIDs from newly created
partitions before the partition table is updated (and partition
device created).
The default is "auto" in this case wipe is enabled in interactive mode
only and user's confirmation (yes/no dialog) is required. Note that
keep filesystem signature on partition is pretty valid use-case, so we
don't erase anything by default.
Signed-off-by: Karel Zak <kzak@redhat.com>
The option allows to remove filesystes/RAIDs from newly created
partitions before the partition table is updated (and partition
device created).
The default is "auto" in this case wipe is enabled in interactive mode
only and user's confirmation (yes/no dialog) is required. Note that
keep filesystem signature on partition is pretty valid use-case, so we
don't erase anything by default.
Signed-off-by: Karel Zak <kzak@redhat.com>
Now libfdisk provides functionality wipe disk device only ([s]fdisk
option --wipe).
This patch allows to probe for filesystems/RAIDs on newly created
partitions. It means we can remove signatures before the partition
node (device) is created. This reduces udev events and it's
unnecessary to call wipefs for all partitions. For example
sfdisk --wipe=always --wipe-partitions=always /dev/sda <<<
...
EOF
is a elegant way how to create new disk layout without any obsolete
filesystems/RAIDs.
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems too tricky to get a real size of the data track on hybrid
disks with audio+data. It seems overkill to analyze all header in
libblkid and on some disks it's probably possible to get I/O error
almost everywhere due to crazy copy protection etc.
Signed-off-by: Karel Zak <kzak@redhat.com>
This reverts commit a14cc9a504.
We need a better way (probably analyze track ioctls CDROMREADTOCHDR
and CDROMREADTOCENTRY) to get also proper track size.
The original patch works only if data track is the last track.
Signed-off-by: Karel Zak <kzak@redhat.com>
.. and read last session if probing offset is not specified.
udev uses cdrom_id to get last session offset, so people don't see a
problem with hybrid media (audio+data), but if you execute blkid on
command line (without -O <offset>) then you get I/O errors.
It seems that we can use the same way as kernel filesystem iso9960
driver when session= mount option is not specified ... just use
CDROMMULTISESSION ioctl to get last session offset and probe this last
session rather than all medium.
Signed-off-by: Karel Zak <kzak@redhat.com>
For petty long time we have strdup_to_struct_member() macro to avoid
duplicate code when strdup() strings in setter functions. Let's use it
for libmount.
Signed-off-by: Karel Zak <kzak@redhat.com>
For petty long time we have strdup_to_struct_member() macro to avoid
duplicate code when strdup() strings in setter functions. Let's use it
for libmount.
Signed-off-by: Karel Zak <kzak@redhat.com>
If the loop device is already initialized read-only, the new code for loop
device reuse returns -EROFS. There is no solution of this situation. But mount
can behave in the same way, as it does for EROFS returned by mount syscall: Try
again in read-only mode.
Before:
mount: /mnt/2: mount failed: Read-only file system
After:
mount: /btrfs.img is used as read only loop, mounting read-only
Note: It would be nice to mention loop device name in the warning message, but
it is not available in the mount context.
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
According to the Al Viro[1], kernel has no way to detect that a single file is
used by multiple loop devices, and multiple mounts of the same file using
different loop devices will result in a data corruption. Exactly this now
happens, if multiple btrfs sub-volumes in one file are mounted with "-oloop".
Make use of multiple -oloop mounting the same file safe: Do a loop devices
lookup, and if a loop device is already initialized, use it.
Hopefully it is possible, as "losetup -d" will return OK, even if the device
itself is in use, and is not released.
Problems:
There is a risk of race condition between the lookup and real mount.
Once loop device is initialized read-only, kernel offers no way to turn it to
read-write. It has to fail.
References:
https://lkml.org/lkml/2016/2/26/897
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
First parse options, then initialize context.
No change in function.
The change is needed for loop device reuse.
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
We have two use cases for user namespaces, one to elevate the
privilege of an unprivileged user, in which case we have to enter the
user namespace before all other namespaces (otherwise there isn't
enough permission to enter any other namespace). And the other one is
where we're deprivileging a user and thus have to enter the user
namespace last (because that's the point at which we lose the
privileges). On the first pass, we start at the position one after
the user namespace clearing the file descriptors as we close them
after calling setns(). If setns() fails on the first pass, ignore the
failure assuming that it will succeed after we enter the user
namespace.
Addresses: https://github.com/karelzak/util-linux/issues/315
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The getopt(1) is short living command, and one could argue ensuring all
allocations are freed at end of execution is waste of time. There is a
point in that, but making test-suite runs to be less noisy with ASAN is also
nice as it encourages reading the errors when/if they happen.
Reviewed-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
Reviewed-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Linux kernel reports devices greater than area readable by read(2).
The readable area is usually 2-3 CD blocks smaller (CD block is
2048-bytes) than size returned by BLKGETSIZE. This patch checks for
this issues to avoid I/O errors in probing functions.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
When a probe is created with an offset, e.g. via
blkid_probe_set_device(), this offset is correctly used when looking for
the signatures, but is not respected by blkid_do_wipe() function.
Therefore the signature is removed from an invalid location.
Usecase: Wiping signatures from an area on the block device where
partition is to be created (but as it does not exist yet, there's no
device node for it and probe on the whole block device has to be used
with correct offset and length).
Reproducer:
======================== wiper.c ===========================
const char *dev;
unsigned long offset;
unsigned long size;
int main(int argc, char** argv) {
if (argc != 4) {
printf("usage: wiper dev offset size\n");
exit(1);
}
dev = argv[1];
offset = strtoull(argv[2], NULL, 10);
size = strtoull(argv[3], NULL, 10);
printf("dev=%s, off=%llu, size=%llu\n", dev, offset, size);
int fd = open (dev, O_RDWR);
if (fd == -1) {
perror("open");
exit(1);
}
blkid_loff_t wipe_offset = offset * SECTOR_SIZE;
blkid_loff_t wipe_size = size * SECTOR_SIZE;
int ret;
blkid_probe pr;
pr = blkid_new_probe();
if (!pr)
return 0;
ret = blkid_probe_set_device(pr, fd, wipe_offset, wipe_size);
ret = blkid_probe_enable_superblocks(pr, 1);
ret = blkid_probe_set_superblocks_flags(pr, BLKID_SUBLKS_MAGIC);
while (blkid_do_probe(pr) == 0) {
ret = blkid_do_wipe(pr, 0);
}
blkid_free_probe(pr);
close(fd);
}
======================== wiper.c ===========================
Steps to reproduce:
modprobe scsi_debug
parted -s /dev/sdX mklabel gpt
parted -s /dev/sdX mkpart first 2048s 4095s
mkfs.ext2 /dev/sdX1
wipefs -np /dev/sdX1
./wiper /dev/sdX1 2048 2048
Actual result: wiper gets into endless loop, because
blkid_do_wipe() wipes at wrong location (1080), leaving the signature
on /dev/sdc1. So it is again found by blkid_do_probe(), and so on.
Expected result: wiper clears the ext2 signature at offset 1049656(=1080+2048*512).
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
From abb2a420924c792be33aa3ed825b1348ea7d51a9 Mon Sep 17 00:00:00 2001
From: "Yuriy M. Kaminskiy" <yumkam@gmail.com>
Date: Wed, 13 Apr 2016 17:30:10 +0300
Subject: [PATCH] losetup: fix outdated comment
--direct-io argument was made optional by
f98d9641a3, but this comment was not
updated accordingly
Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
* '2016wk15' of git://github.com/kerolasa/lelux-utiliteetit:
mount: try to tell what mount was doing when it failed
dmesg: --notime should not suppress --show-delta
script: check status of writes when closing outputs
script: avoid trying fclose(NULL)
sulogin: make fopen O_CLOEXEC specifier usage portable
script: close file descriptors on exec
docs: optinal option arguments should be long-only
It might be that the underlying filesystem just doesn't support SELinux
labeling. This fixes creating swap on vfat live media:
# livecd-iso-to-disk.sh --msdos --swap-size-mb 666 ...
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Earlier output did not give enough information to system admin to fix an
issue in /etc/fstab effectively.
$ sudo mount -a
mount: mount(2) failed: No such file or directory
Addresses: https://bugs.launchpad.net/bugs/1557145
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The --show-delta is off by default, which means it can be only on when user
has requested to see these time stamps. The --notime option should not turn
the delta outputing off, because then option order matters and no-one wants
that. Example of the old output:
$ dmesg --notime --show-delta | sed -n 's/ version.*//p; q'
[< 0.000000>] Linux
$ dmesg --show-delta --notime | sed -n 's/ version.*//p; q'
Linux
Addresses: https://bugs.launchpad.net/bugs/1544595
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Here is a one-liner to reproduce the issue.
$ mkdir example && cd example && chmod 0500 . && script
Script started, file is typescript
script: cannot open typescript: Permission denied
Script done, file is typescript
Segmentation fault (core dumped)
Addresses: https://bugs.launchpad.net/bugs/1537518
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The close at exit specifier "e" is glibc extension, so use it only if when
the extension is available.
Proposed-by: Ruediger Meier <sweet_f_a@gmx.de>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The commands spawned from script(1) will never need access various file
descriptors the script(1) is using.
Reviewed-by: Ruediger Meier <sweet_f_a@gmx.de>
Reviewed-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>