Allow users to point mount to a file to read the roothash, in addition
to passing it inline.
Allows a volume managed by a systemd mount unit to be updated without
changing the mount unit content itself, for easier and more user friendly
servicing.
The first line of the adjtime file is made of three numbers (see=20
hwclock.c):
- a drift factor as a decimal float
- the time of last adjust as a decimal integer
- a zero (for compatibility) as a decimal float.
but both man pages (hwclock.8 and adj_time.5) tell that the third
number is a decimal integer.
Of course this is harmless if somebody edits the adjtime file with
"0"=20 as the third number: it will be correctly read by hwclock
anyway. But if for some reason, a program reads the adjtime file and
expects an integer, it will fail, because hwclock writes O.OOOO0O as
the third=20 number.
Signed-off-by:: Pierre Labastie <pierre.labastie@neuf.fr>
Signed-off-by: Karel Zak <kzak@redhat.com>
The following new options are added:
verity.hashdevice
verity.roothash
verity.hashoffset
The source path will be used as a dm-verity object, and will be
opened using libcryptsetup APIs.
A new --with-cryptsetup build-time option is added, which adds a
dependency on libcryptsetup. To ease bootstrapping, given libcryptsetup
build-depends on util-linux for libuuid, if --with-cryptsetup=yes but
libcryptsetup is not installed only a warning will be printed at
configure time rather than an error. This way stage0/first stage/ring0
builds can use the same configure options but avoid installing
cryptsetup to get a working base set, and then rebuild util-linux in
the next step of the boostrapping process.
If verity options are selected but cannot be fullfilled due to lack of
dependencies, mounting a volume will fail even if using a loop device
would work as a fallback, to avoid silently skipping integrity checks.
The file sys-utils/hwclock-parse-date.c is generated from .y and
stored in the build directory and "#include hwclock.h" is interpreted
relatively to the build tree rather than to source tree. We need
explicit -I compiler option to point to $srcdir for hwclock.
Signed-off-by: Karel Zak <kzak@redhat.com>
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
The --{pid,pgrp,user} options does not have arguments.
Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The option [-n] in the code has no any meaning and the value is used
as priority, not incrementally.
Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The parse-date.y is used only for hwclock, let's keep it together.
Note that the file (originally from gnulib) has GPLv3 license, so it's
better to make it obvious that we use it really only for hwclock (also
GPL).
Signed-off-by: Karel Zak <kzak@redhat.com>
For example:
# mount --verbose --all -t xfs -o ro
will mount all all XFS filesystems from fstab, but read-only.
Signed-off-by: Karel Zak <kzak@redhat.com>
Add an entry for the HiSilicon aarch64 part tsv110.
Another known alias for this part is TaishanV110, and it can be
found in the Kunpeng920/Hi1620 SoC.
Signed-off-by: John Garry <john.garry@huawei.com>
Let's be more verbose and provide real open() error to make
debugging easier on --verbose.
For example:
$ hwclock --verbose
hwclock from util-linux 2.34.193-6bebea-dirty
System Time: 1570445823.701266
Trying to open: /dev/rtc0
hwclock: cannot open /dev/rtc0: Permission denied <---
No usable clock interface found.
hwclock: Cannot access the Hardware Clock via any known method.
Addresses: https://github.com/karelzak/util-linux/issues/879
Signed-off-by: Karel Zak <kzak@redhat.com>
Sorry detail-oriented people tend to wipe these out if they notice them.
Add in automated tools and lots of excess end-of-line spaces get wiped
out.
Addresses: https://github.com/karelzak/util-linux/pull/849
Signed-off-by: Karel Zak <kzak@redhat.com>
... but I have doubts this change fixes the issue. It seems (on my
system) that \0 is already filtered out by kernel/syslog.
Addresses: https://github.com/karelzak/util-linux/issues/862
Signed-off-by: Karel Zak <kzak@redhat.com>
Add the --keep-caps option to unshare to preserve capabilities that
are granted when creating a new user namespace. This allows the child
process to retain privilege within the new user namespace without also
being UID 0.
We have no way how to print the kernel message buffer in really raw
way. The new option --noescape disables all \x<hex> translations.
Addresses: https://github.com/karelzak/util-linux/issues/858
Signed-off-by: Karel Zak <kzak@redhat.com>
Add the --map-current-user option to unshare. This option maps the
current effective UID and GID in the new user namespace so that the
inner and outer credentials match.
Signed-off-by: James Peach <jpeach@apache.org>
It seems better to silently ignore mount binds on file (= mountpoint
is not a directory).
This patch also fixes use-after-free bug from commit 402006fa6e.
Addresses: https://github.com/karelzak/util-linux/issues/857
Signed-off-by: Karel Zak <kzak@redhat.com>
* '2019wk33' of https://github.com/kerolasa/util-linux:
docs: try to find broken man references and fix them
docs: correct su.1 runuser reference from section 8 to 1
po: remove possibility to translate static option arguments
Adjust the number of the macros ".RS" and ".RE" to be equal.
There is no change in the formatted output.
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Unfortunately methods I used to find and fix were based on quite manual
process that cannot be easily repeated so I do not see how this fix could be
turned into a tools/checkmans.sh addition. Well, lets hope doing this
manually twice every decade is good enough.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
These strings are expected to be wrote exactly as they are parsed, so make
translating them impossible. Since mkfs.cramfs -N option arguments need
this treatment use opportunity to slice usage() output to multiple lines.
Addresses: https://bugs.debian.org/907568
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* by default we assume all is umounted; so O_EXCL is no problem,
otherwise there is bug or race (someone else remounted the device)...
* --force and --no-umount disable O_EXCL
Addresses: https://github.com/karelzak/util-linux/issues/423
Signed-off-by: Karel Zak <kzak@redhat.com>
The <unistd.h> header is included twice in "wdctl.c". Remove one
of these includes to keep "make checkincludes" happy.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Container type implies the following products:
openvz OpenVZ/Virtuozzo
lxc Linux container implementation by LXC
lxc-libvirt Linux container implementation by libvirt
systemd-nspawn systemd's minimal container implementation, see systemd-nspawn(1)
docker Docker container manager
podman Podman container manager
rkt rkt app container runtime
wsl Windows Subsystem for Linux
References:
https://www.freedesktop.org/software/systemd/man/systemd.unit.htmlhttps://www.freedesktop.org/software/systemd/man/systemd-detect-virt.html#Fix: #840
Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com>
The no follow option will allow user to distinct mount points from symbolic
links pointing to them. Arguably this is pretty pedantic option, mounting a
device or bind mount to a directory via symlink does not have or cause any
issues.
Addresses: https://github.com/karelzak/util-linux/issues/832
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The current code ignores single-byte non-printable characters.
Reported-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
It's not obvious from the current docs that you have to explicitly
split command line options and wanted commands.
Addresses: https://github.com/karelzak/util-linux/issues/833
Signed-off-by: Karel Zak <kzak@redhat.com>
With pointer arithmetic clang address sanitizer gives following error this
change addresses. Notice the following happens only when running as root.
sys-utils/lscpu-dmi.c:83:14: runtime error: load of misaligned address
0x55a1d62f3d1d for type 'const uint16_t' (aka 'const unsigned short'), which
requires 2 byte alignment
Signed-off-by: Sami Kerola <kerolasa@iki.fi>