Hi Rich,
I realized a day or two late that my suggestion was not quite right.
Here's the fix:
>From 5294c21cf07c4ec2f094182ba9f32696f3de2751 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 23 Jan 2012 10:01:40 +0100
Subject: [PATCH libguestfs] build: don't use automake-internal variable
* ocaml/Makefile.am (mlguestfs.cma): Use the documented variable form,
$(libguestfsocaml_a_OBJECTS), not the $(am_libguestfsocaml_a_OBJECTS)
that I suggested for commit 1.15.16-17-g8b9eaec.
(cherry picked from commit 70070cf244)
We were passing the name of the last argument directly to va_start. However, if
the last argument is a BufferIn it expands to 2 arguments, the latter of which
is <name>_size.
(cherry picked from commit 3d80161d9c)
When you call close on any block device, udev kicks off a rule which
runs blkid to reexamine the device. We need to wait for this rule to
finish running since it holds the device open and can cause other
operations to fail, notably BLKRRPART.
(cherry picked from commit a9c8123c72)
By arranging the C part of the bindings into a library, we can get
automake to build it instead of using $(CC) directly.
(cherry picked from commit 8b9eaec993)
However since the OCaml bindings use guestfs_safe_strdup and
guestfs_safe_memdup we need to export those two (in the private
functions section) from <guestfs.h>.
(cherry picked from commit 607784df92)
Previously, passing NULL optargs to an _argv call resulted in a segfault. This
change causes NULL optargs to be interpreted as no optargs, and to be correctly
handled accordingly.
(cherry picked from commit fd1a6d8003)
Tweak the error message "e2fsck -f" and "e2fsck -fy".
Indicate the user to use the correct and/or forceall options.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
(cherry picked from commit 0eaf06e673)
If you have a lot of guests, running extra tests takes a lot of time,
but (arguably) you're not really doing any more detailed testing.
Thus pick up to 5 guests at random to test. A different random
selection is done on each run, ensuring that data-driven errors (eg in
inspection) will still be found eventually.
(cherry picked from commit 54a7982dc3)
Move the filename's comma character checking to a wrapper.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
(cherry picked from commit e0c3093795)
Previously, optional arguments had the same type as regular arguments, but were
constrained by various runtime tests to be only Bool, Int, Int64 or String. This
change makes the type of optional arguments stronger by giving them their own
type.
A convenience function, optargs_to_args is defined to convert optargs in the few
places where they are genuinely treated identically to mandatory arguments.
It also allows for future changes to optional arguments which do not affect
mandatory arguments.
RWMJ:
- removed redundant parens
- readded the check for > 64 optargs, but changed it to > 63
- changed the new function to args_of_optargs
(cherry picked from commit 0a7b734d2f)
This map was originally included just for the java bindings, but is generally
useful to any binding which uses camel case by requirement or convention.
(cherry picked from commit e24af214fe)
Handle SIGQUIT by guestfish, so that it can't be terminated.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
(cherry picked from commit f49a30eba8)
This function does 'rm -rf <dir>' for temporary directories, safely
working if '<dir>' contains shell meta-characters.
Replace existing code for removing directories with this.
(cherry picked from commit 690ff694ca)
v1->v2: fix a typo pointed by Matt
Optimizations by reducing the STREQ operations and do some
code cleanup.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
RWMJ: Whitespace changes.
(cherry picked from commit 2ac869bcc8)
CVE-2011-4127 is a serious qemu & kernel privilege escalation bug
found by Paolo Bonzini.
http://seclists.org/oss-sec/2011/q4/536
An untrusted guest kernel is able to issue special SG_IO ioctls on
virtio devices which qemu passes through to the host kernel without
filtering or sanitizing. These ioctls allow raw sectors from the
underlying host device to be read and written. Significantly, neither
qemu nor the host kernel checks that the range of sectors is within
the partition / LV assigned to the guest. For example, if the guest
is assigned host partition /dev/sda3, it would be able to read or
write any part of /dev/sda including other partitions and the boot
sector. Exploits through LVs passed to the guest are also possible,
with some limitations. File-backed virtual block devices are not
vulnerable. Non-virtio block devices are not vulnerable.
This patch mitigates the problem by disabling the SG_IO ioctl
passthrough in qemu. Thus if libguestfs is examining an untrusted
guest and the libguestfs appliance/daemon is compromised (eg. by
executing guest commands, or through some other compromise), then the
compromised appliance will not be able to issue the above SG_IO ioctls
and exploit the host.
Note that this is just mitigation for libguestfs. Users will still
want to fully update their host kernel, qemu/KVM and libvirt, in order
to prevent other (non-libguestfs) routes to compromise.
The following versions of libguestfs (will/have) this patch applied.
libguestfs >= 1.15.13
libguestfs >= 1.14.8
libguestfs >= 1.12.11
libguestfs >= 1.10.12
libguestfs >= 1.8.16
Earlier versions may be vulnerable unless a downstream packager has
applied this patch.
Cc: Hilko Bengen <bengen@hilluzination.de>
(cherry picked from commit 9a5f784d51)
fuse_main can return any non-zero value on error. In particular on
certain sorts of error such as unsupported -o options it returns 1
(not -1).
Therefore make sure any non-zero return is turned into EXIT_FAILURE.
(Thanks Pádraig Brady)
(cherry picked from commit ae45cee728)
In particular this stops a problem with guestmount where if the -i
option half-recognizes the guest OS, it would mount the disk (and
fail, giving only warnings), leaving the mountpoint unusable.
(Thanks Pádraig Brady)
(cherry picked from commit 54e91da925)
This also adds comprehensive tests for utimens on regular files,
directories (RHBZ#761451), named pipes (RHBZ#761460), symbolic links,
block and char devices.
Note that there is a small change in the (previously undefined)
semantics of this call: It now sets the time on a symbolic link
itself, not on what the symbolic link points to.
(cherry picked from commit 19e2f5aa4f)
