* 'kill-pidfd' of https://github.com/kerolasa/util-linux:
kill: use pidfd system calls to implement --timeout option
build-sys: add missing NR underscore to UL_CHECK_SYSCALL()
The file is originally from libuuid, this library is under BSD
licence. Unfortunately, I have added LGPL header by accident to the
file (commit 0f23ee0c85).
The file under LGPL was modified (in relevant way) by Sami,
Christopher and me. We all agree with re-licensing back to BSD.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Christopher James Halse Rogers <chris@cooperteam.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
The first line of the adjtime file is made of three numbers (see=20
hwclock.c):
- a drift factor as a decimal float
- the time of last adjust as a decimal integer
- a zero (for compatibility) as a decimal float.
but both man pages (hwclock.8 and adj_time.5) tell that the third
number is a decimal integer.
Of course this is harmless if somebody edits the adjtime file with
"0"=20 as the third number: it will be correctly read by hwclock
anyway. But if for some reason, a program reads the adjtime file and
expects an integer, it will fail, because hwclock writes O.OOOO0O as
the third=20 number.
Signed-off-by:: Pierre Labastie <pierre.labastie@neuf.fr>
Signed-off-by: Karel Zak <kzak@redhat.com>
When the requested shell matches the restricted shell, there is no reason
to issue a warning, since we will be doing precisely as requested.
Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
The following new options are added:
verity.hashdevice
verity.roothash
verity.hashoffset
The source path will be used as a dm-verity object, and will be
opened using libcryptsetup APIs.
A new --with-cryptsetup build-time option is added, which adds a
dependency on libcryptsetup. To ease bootstrapping, given libcryptsetup
build-depends on util-linux for libuuid, if --with-cryptsetup=yes but
libcryptsetup is not installed only a warning will be printed at
configure time rather than an error. This way stage0/first stage/ring0
builds can use the same configure options but avoid installing
cryptsetup to get a working base set, and then rebuild util-linux in
the next step of the boostrapping process.
If verity options are selected but cannot be fullfilled due to lack of
dependencies, mounting a volume will fail even if using a loop device
would work as a fallback, to avoid silently skipping integrity checks.
Not sure why, but on travis-ci the shell output is little bit
different, probably depends on shell version, etc.
Signed-off-by: Karel Zak <kzak@redhat.com>
At times there is need in scripts to send multiple signals to a process.
Often these cases require some amount of waiting before follow-up signal
should be sent.
One common case is process termination, where first script tries to kill
process gracefully but if that does not work SIGKILL is sent. Functionality
like that is commonly done by periodically checking if signalled pid exist
or not, and if it does another signal is sent possibly to an unrelated
process that reused pid number. That means polling a pid is prone to a data
race. Also if the first signal immediately kills the process one polling
interval is lost in sleep.
Another example when multiple signal need to be sent is various daemon
process control situations, such as Upgrading Executable on the Fly (see
reference). This happens to be the case that inspired change author to make
sequential signaling a little bit easier.
Reference: http://nginx.org/en/docs/control.html#upgrade
Pull-request: https://github.com/karelzak/util-linux/pull/902
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The file sys-utils/hwclock-parse-date.c is generated from .y and
stored in the build directory and "#include hwclock.h" is interpreted
relatively to the build tree rather than to source tree. We need
explicit -I compiler option to point to $srcdir for hwclock.
Signed-off-by: Karel Zak <kzak@redhat.com>
It some cases it makes sense to disable ECHO flag also when script
used in pipe. This new option allows to keep full control in user's
hands.
Signed-off-by: Karel Zak <kzak@redhat.com>
We need a proper way how to inform child (shell) that the game is
over. It seems the best is to send EOF to child rather than
immediately break PTY mainloop where we have poll(), because shell can
still produce data etc.
Signed-off-by: Karel Zak <kzak@redhat.com>
For tools like su(1) is ECHO flag unexpected for use-case like
echo 'date' | su - user
but script(1) need the echo to keep input recorded.
The patch also return execlp() use to script(1) code.
Signed-off-by: Karel Zak <kzak@redhat.com>
The current libmount assumes that mount(8) and umount(8) are suid
binaries. For this reason it implements internal rules which
restrict what is allowed for non-root users. Unfortunately, it's
out of reality for some use-cases where root permissions are no
required. Nice example are fuse filesystems.
So, the current situation is to call exit() always when mount, umount or
libmount are unsure with non-root user rights. This patch removes the
exit() call and replaces it with suid permissions drop, after that it
continues as usually. It means after suid-drop all depend on kernel
and no another security rule is used by libmount (simply because any
rule is no more necessary).
Example:
old version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
mount: only root can use "--types" option
new version:
$ mount -t fuse.sshfs kzak@192.168.111.1:/home/kzak /home/kzak/mnt
kzak@192.168.111.1's password:
$ findmnt /home/kzak/mnt
TARGET SOURCE FSTYPE OPTIONS
/home/kzak/mnt kzak@192.168.111.1:/home/kzak fuse.sshfs rw,nosuid,nodev,relatime,user_id=1000,group_id=1000
$ umount /home/kzak/mnt
$ echo $?
0
Note that fuse user umount is supported since v2.34 due to user_id= in
kernel mount table.
Signed-off-by: Karel Zak <kzak@redhat.com>
nologin is typically used in /etc/passwd as a shell replacement. Hence it
is reasonable to ignore well known command-line options silently to avoid
unwanted ugly error messages.
Addresses: https://github.com/karelzak/util-linux/issues/895
Requested-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
libfdisk chooses a grain of 1MB fairly arbitrarily, and this granule
may not be honored by other utilities. GPT disks formatted elsewhere
may have space before the first partition, AND a partition that exists
solely below 1MB. If this occurs, cfdisk ends up adding a free space
region where end < start, resulting in a 16 Exabyte free region.
That's too many exabytes.
This happens because the start gets rounded up to the granule size in
new_freespace() but the end is left alone. The logs show it best:
23274: libfdisk: CXT: [0x572d878]: initialized: last=34, grain=2048
23274: libfdisk: CXT: [0x572d878]: partno=10, start=64
23274: libfdisk: CXT: [0x572d878]: freespace analyze: partno=10, start=64, end=64
23274: libfdisk: CXT: [0x572d878]: LBA 34 aligned-up 2048 [grain=2048s]
23274: libfdisk: CXT: [0x572d878]: LBA 63 aligned-down 0 [grain=2048s]
23274: libfdisk: CXT: [0x572d878]: LBA 34 aligned-near 0 [grain=2048s]
23274: libfdisk: CXT: [0x572d878]: 0 in range <2048..0> aligned to 2048
23274: libfdisk: PART: [0x574bb98]: alloc
23274: libfdisk: TAB: [0x5749d58]: adding freespace
23274: libfdisk: TAB: [0x5749d58]: insert entry 0x574bb98 pre=0x574a820 [start=2048, end=63, size=18446744073709549632, freespace ]
Avoid this by aligning the last value like new_freespace() does.
Signed-off-by: Evan Green <evangreen86@gmail.com>
Karel Zak
Manatsu Takahashi
Pierre Labastie
Jouke Witteveen
Luca Boccassi
Sami Kerola
Evan Green