The 'begin ... rescue' code is supposed to ensure these old packages
are required, but for reasons not understood this doesn't work on
ancient Ruby 1.8.5 in RHEL 5.
Linux file capabilities are not supported in RHEL 5, and the
cap_*_file functions don't exist in the libcap library (although
confusingly they are in the header file).
This fixes the test-charset-fidelity test case. A simpler example
which fails without this is:
guestfish <<EOF
sparse test1.img 1G
run
part-disk /dev/sda mbr
mkfs msdos /dev/sda1
mount /dev/sda1 /
touch /foo
umount /
mkfs ntfs /dev/sda1
# Next command would fail:
mount /dev/sda1 /
vfs-type /dev/sda1 -x
EOF
The old parser had several problems: firstly it called the error path
sometimes without calling reply_with_error causing a protocol hang.
More seriously it had hard-coded line numbers, and since Fedora 21 the
output of xfs_info has changed, moving lines around.
Change the parser to be more robust against added fields by using the
first name on the line as the section name, thus 'bsize=' is
interpreted differently depending on whether it appears in the "data"
section or the "naming" section.
Ensure also that we don't call the error path without calling
reply_with_error, which is a side-effect of the above change.
(cherry picked from commit 8abd0a83b3)
(cherry picked from commit adcdc44004)
When using the guestfish --remote or guestfish --listen options,
guestfish would create a socket in a known location
(/tmp/.guestfish-$UID/socket-$PID).
The location has to be a known one in order for both ends to
communicate. However no checking was done that the containing
directory (/tmp/.guestfish-$UID) is owned by the user. Thus another
user could create this directory and potentially modify sockets owned
by another user's guestfish client or server.
This commit fixes the issue by creating the directory unconditionally,
and then checking that the directory has the correct owner and
permissions, thus preventing another user from creating the directory
first.
If guestfish sees a suspicious socket directory it will print an error
like this and exit with an error status:
guestfish: '/tmp/.guestfish-1000' is not a directory or has insecure owner or permissions
Thanks: Michael Scherer for discovering this issue.
Version 2:
- Add assigned CVE number.
- Update documentation.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 54fb09e052)
(cherry picked from commit b23fca294e)
This change avoids the hard requirement for qemu-tools during package
build.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
(cherry picked from commit cb7b1c56b7)
(cherry picked from commit 9b62b700ba)
When using guestfish --remote, libguestfs is not the parent of qemu,
so waitpid is expected to return -ECHILD. And indeed guestfish --remote
would print a bogus error message in this case:
libguestfs: error: waitpid (qemu): No child processes
If the parent process forked into the background, then it should have
called 'set_recovery_proc 0' so we can use this to determine if we
need to wait for qemu.
Thanks: Kazuya Saito for reporting and identifying the issue.
(cherry picked from commit a843b5e5e3)
(cherry picked from commit 8b354dbbfd)
This was accidentally moved by this commit:
commit b8b5ed65c2
Author: Richard W.M. Jones <rjones@redhat.com>
Date: Wed May 23 11:46:23 2012 +0100
FAQ: Add section about using libguestfs in closed source programs.
(cherry picked from commit 0a484e868f)
(cherry picked from commit e02bbeabb1)
The link was broken, and we don't support Ubuntu 10.04 (maybe the
'oldlinux' branch does).
(cherry picked from commit 937a9a3532)
(cherry picked from commit 023dc6f23c)
