Even though so far there is just one possible setting to read, isolate
in an own function the code to parse a configuration file and read the
settings out of it.
Now there's a new config_t handle used every time, but since config_read
would reset an handle completely, there is no behaviour change.
The warning only appears when we set CFLAGS to be the same as used by
RPM, which you can do by setting:
CFLAGS="$(rpm --eval '%{__global_cflags}')"
before running ./configure.
FWIW the current value of that RPM expression (in Fedora 20) is:
-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
It is not clear which option precisely enables the warning.
This adds:
- GUESTFISH_INIT
- GUESTFISH_OUTPUT
- GUESTFISH_RESTORE
which along with existing GUESTFISH_PS1 allow you to fine control the
colour of the output.
This fixes the handling of paths for the protocols named above, with
respect to leading '/' (or not) on the volume/export name.
See previous commits which did the same fixes for Ceph:
commit 53a3ff9c00
commit 992a6b2970
The path at the API level (for guestfs_add_drive_opts) is:
pool/disk
The URI syntax is either rbd:///pool/disk or rbd://server:port/pool/disk.
Because of the way URI parsing works we may need to remove a leading
'/' character before passing the path down to the API.
Allow settings (an arbitrary list of strings) to be passed to the
current backend. This will allow us to tweak how the backend works,
eg. by forcing TCG.
In some tests we were specifying qcow2 as the image format when adding
a disk, but actually passing a raw format image.
Libguestfs previously did not detect this until guestfs_launch, but it
was still a bug to pass an incorrect format to guestfs_add_drive_opts.
It only worked because these tests never call guestfs_launch.
A later commit in this series will cause this to be detected
(sometimes) during guestfs_add_drive_opts.
This is essentially just code motion, except:
(1) It cleans up a few variable declarations which were implicitly
used by the old macro that aren't needed any more.
(2) The options are reordered alphabetically.
When using the guestfish --remote or guestfish --listen options,
guestfish would create a socket in a known location
(/tmp/.guestfish-$UID/socket-$PID).
The location has to be a known one in order for both ends to
communicate. However no checking was done that the containing
directory (/tmp/.guestfish-$UID) is owned by the user. Thus another
user could create this directory and potentially modify sockets owned
by another user's guestfish client or server.
This commit fixes the issue by creating the directory unconditionally,
and then checking that the directory has the correct owner and
permissions, thus preventing another user from creating the directory
first.
If guestfish sees a suspicious socket directory it will print an error
like this and exit with an error status:
guestfish: '/tmp/.guestfish-1000' is not a directory or has insecure owner or permissions
Thanks: Michael Scherer for discovering this issue.
Version 2:
- Add assigned CVE number.
- Update documentation.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Code like:
CLEANUP_FREE char *buf;
/* some code which might return early */
buf = malloc (10);
is a potential bug because the free (*buf) might be called when buf is
an uninitialized pointer. Initialize buf = NULL to avoid this.
Several of these are bugs, most are not bugs (because there is no
early return statement before the variable gets initialized).
However the compiler can elide the initialization, and even if it does
not the performance "penalty" is miniscule, and correctness is better.
Review every test(!) to ensure that it:
- Doesn't use a generic name (eg. "test1.img", "test.out") for any
temporary file it needs.
- Does instead use a unique name or a temporary name (eg. a name like
"name-of-the-test.img", or a scratch disk).
- Does not use 'rm -f' to clean up its temporary files (so we can
detect errors if the wrong temporary file is created or removed).
This allows tests to be run in parallel, so they don't stomp on each
other's temporary files.
Although autodetecting is safe (we always have just created a drive),
it saves a little bit of time if we don't have to run qemu-img to
detect the disk format with the libvirt backend.
Note that for prepared drives the format is always raw and we don't
anticipate creating drives in other formats.
