Add an API to do the equivalent of `chmod [-r] MODE PATH` for
NTFS filesystems.
Files created on a linux ntfs-3g mount can not change permissions
directly. New files and directories are created with rough windows
equivalent of `chmod 777`. These wide open permissions can generate
security warnings on windows after virt-v2v installs bits into
`Program Files\Guestfs`.
Behind the scenes we use `ntfssecaudit(8)` from `ntfsprogs`
which is already part of the appliance. We only expose the chmod-style
feature; the rest of `ntfssecaudit` is concerned reporting and
managing fine grained windows security info which is way more than
we need.
Also note, `ntfssecaudit` needs to run on an unmounted partition
so using this is more complicated than a traditional `chmod` call.
Related: https://issues.redhat.com/browse/RHEL-104352
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Run this command across the source:
perl -pi.bak -e 's/(20[012][0-9])-20[12][012]/$1-2023/g' `git ls-files`
and remove changes to po{,-docs}/*.po{,t} (these will be regenerated
later when we run 'make dist').
GUESTFSD_EXT_CMD was used by OpenSUSE to track which external commands
are run by the daemon and package those commands into the appliance.
It is no longer used by recent SUSE builds, so remove it.
Thanks: Pino Toscano, Olaf Hering.
Run the following command over the source:
perl -pi.bak -e 's/(20[01][0-9])-2016/$1-2017/g' `git ls-files`
(Thanks Rich for the perl snippet, as used in past years.)
GCC has two warnings related to large stack frames. We were already
using the -Wframe-larger-than warning, but this reduces the threshold
from 10000 to 5000 bytes.
However that warning only covers the static part of frames (not
alloca). So this change also enables -Wstack-usage=10000 which covers
both the static and dynamic usage (alloca and variable length arrays).
Multiple changes are made throughout the code to reduce frames to fit
within these new limits.
Note that stack allocation of large strings can be a security issue.
For example, we had code like:
size_t len = strlen (fs->windows_systemroot) + 64;
char software[len];
snprintf (software, len, "%s/system32/config/software",
fs->windows_systemroot);
where fs->windows_systemroot is guest controlled. It's not clear what
the effects might be of allowing the guest to allocate potentially
very large stack frames, but at best it allows the guest to cause
libguestfs to segfault. It turns out we are very lucky that
fs->windows_systemroot cannot be set arbitrarily large (see checks in
is_systemroot).
This commit changes those to large heap allocations instead.
Use PRIi64 as format string for int64_t, so it builds and works fine
also on 32bit. Also switch from asprintf_nowarn to asprintf, since no
custom formats (eg %Q, %R) are used.
Adding ntfscat_i command for downloading files based on their inode number.
This allows the dowload of files unaccessible otherwise from a NTFS guest disk image.
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
blkid(1) (or actually, libblkid) seems to handle filesystem labels up
to 127 characters. Considering that btrfs labels can be up to 128
characters, this means long labels are not read correctly (i.e. get
truncated) by blkid. Furthermore, ntfs labels are actually unicode,
and libblkid seems to not decode them correctly.
Hence, if ntfsprogs is available invoke `ntfslabel` to get the label
of ntfs filesystems.
Related to RHBZ#1164708.
guestfsd calls many different tools. Keeping track of all of them is
error prone. This patch introduces a new helper macro to put the command
string into its own ELF section:
GUESTFSD_EXT_CMD(C_variable, command_name);
This syntax makes it still possible to grep for used command names.
The actual usage of the collected list could be like this:
objcopy -j .guestfsd_ext_cmds -O binary daemon/guestfsd /dev/stdout |
tr '\0' '\n' | sort -u
The resulting output will be used to tell mkinitrd which programs to
copy into the initrd.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
RWMJ:
- Move str_vgchange at request of author.
- Fix snprintf call in daemon/debug.c
This is a more comprehensive fix for RHBZ#685009. Add a new API which
allows the --force flag to be passed, allowing multiple NTFS resize
operations in a single session.
The RPC stubs already prefix the command name to error messages.
The daemon doesn't have to do this. As a (small) benefit this also
makes the daemon slightly smaller.
Code in the daemon such as:
if (argv[0] == NULL) {
reply_with_error ("passed an empty list");
return NULL;
}
now results in error messages like this:
><fs> command ""
libguestfs: error: command: passed an empty list
(whereas previously you would have seen ..command: command:..)
The current groups are defined very conservatively using the
following criteria:
(a) Would be impossible to implement on Windows because of
sheer architectural differences (eg: mknod).
(b) Already optional (augeas, inotify).
(c) Not currently optional but not implemented on older RHEL and
Debian releases (ntfs-3g.probe, scrub, zerofree).
The optional groups I've defined according to these criteria are:
. augeas
. inotify
. linuxfsuuid
. linuxmodules
. linuxxattrs
. lvm2
. mknod
. ntfs3g
. scrub
. selinux
. zerofree
(Note that these choices don't prevent us from adding more
optional groups in future. On the other hand to avoid breaking
ABIs we would not wish to change the above groups).
The rest of this large commit is really just implementation:
Each optional function is classified using Optional "group"
flag in the generator.
The daemon has to implement a function
int optgroup_<name>_available (void);
for each optional group. Some of these functions are fixed at
compile time, and some do simple run-time tests.
The do_available implementation in the daemon looks up the correct
function in a table and runs it.
We document the optional groups in the guestfs(3) man page.
Also: I added a NOT_AVAILABLE macro in order to unify all the
existing places where we had a message equivalent to
"function __func__ is not available".
Nearly every file-related function in daemons/*.c is affected:
Remove this pair of statements from each affected do_* function:
- NEED_ROOT (return -1);
- ABS_PATH (dir, return -1);
and change the type of the corresponding parameter to "const char *".
* src/generator.ml: Emit NEED_ROOT just once, even when there are two or
more Pathname args.
