However since the OCaml bindings use guestfs_safe_strdup and
guestfs_safe_memdup we need to export those two (in the private
functions section) from <guestfs.h>.
Previously, passing NULL optargs to an _argv call resulted in a segfault. This
change causes NULL optargs to be interpreted as no optargs, and to be correctly
handled accordingly.
Currently any api which takes a FileIn or FileOut parameter is implicitly
cancellable. This change make cancellable an explicit flag in anticipation of it
being added to other apis.
Note that a Cancellable function must be able to return an error, which means it
can't return RConstOptString.
We can make a good guess at camel case names for most APIs. For example,
add_drive_opts can be automatically transformed to AddDriveOpts. However, other
apis don't produce a satisfactory name when transformed automatically. For
example, we would want md_create to produce MDCreate rather than MdCreate.
This change adds a CamelName flag which allows a camel case name to be specified
explicitly when the automatic transformation isn't satisfactory.
Since we implement the new api e2fsck, just change the
internal of e2fsck_f to use e2fsck now.
v1->v2: use optargs_bitmask
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
m: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Add a new api e2fsck with two options:
correct: same as '-p' option of e2fsck
forceall: same as '-y' option of e2fsck
Thanks for Rich's idea.
v1->v2: use optargs_bitmask
v2->v3: change the optargs_bitmask check
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Tweak the error message "e2fsck -f" and "e2fsck -fy".
Indicate the user to use the correct and/or forceall options.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
If you have a lot of guests, running extra tests takes a lot of time,
but (arguably) you're not really doing any more detailed testing.
Thus pick up to 5 guests at random to test. A different random
selection is done on each run, ensuring that data-driven errors (eg in
inspection) will still be found eventually.
Change the test for duplicate drives so that you're allowed to
add /dev/null multiple times. This corresponds to traditional
usage.
This amends commit be47b66c30.
1. Change the g->path to restore a absolute path instead of the mixed.
2. Check that if the adding drive is duplicated with the added drive.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
RWMJ:
- Make sure abs_path is NULL before it is assigned, so freeing it
will work along the error path.
- Fix the test which added /dev/null multiple times.
Previously, optional arguments had the same type as regular arguments, but were
constrained by various runtime tests to be only Bool, Int, Int64 or String. This
change makes the type of optional arguments stronger by giving them their own
type.
A convenience function, optargs_to_args is defined to convert optargs in the few
places where they are genuinely treated identically to mandatory arguments.
It also allows for future changes to optional arguments which do not affect
mandatory arguments.
RWMJ:
- removed redundant parens
- readded the check for > 64 optargs, but changed it to > 63
- changed the new function to args_of_optargs
This map was originally included just for the java bindings, but is generally
useful to any binding which uses camel case by requirement or convention.
This function does 'rm -rf <dir>' for temporary directories, safely
working if '<dir>' contains shell meta-characters.
Replace existing code for removing directories with this.
extra-tests is depending on tests-guests.
We need guests/*.img when doing extra-tests.
/work/git/libguestfs/run valgrind --log-file=/work/git/libguestfs/tests/extra/valgrind.log --leak-check=full --error-exitcode=119 --suppressions=/work/git/libguestfs/tests/extra/suppressions ../../cat/virt-cat -a ../guests/fedora.img /etc/fstab >/dev/null
../guests/fedora.img: No such file or directory
make[1]: *** [test-tools-internal] Error 1
make[1]: Leaving directory `/work/git/libguestfs/tests/extra'
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
v1->v2: fix a typo pointed by Matt
Optimizations by reducing the STREQ operations and do some
code cleanup.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
RWMJ: Whitespace changes.
CVE-2011-4127 is a serious qemu & kernel privilege escalation bug
found by Paolo Bonzini.
http://seclists.org/oss-sec/2011/q4/536
An untrusted guest kernel is able to issue special SG_IO ioctls on
virtio devices which qemu passes through to the host kernel without
filtering or sanitizing. These ioctls allow raw sectors from the
underlying host device to be read and written. Significantly, neither
qemu nor the host kernel checks that the range of sectors is within
the partition / LV assigned to the guest. For example, if the guest
is assigned host partition /dev/sda3, it would be able to read or
write any part of /dev/sda including other partitions and the boot
sector. Exploits through LVs passed to the guest are also possible,
with some limitations. File-backed virtual block devices are not
vulnerable. Non-virtio block devices are not vulnerable.
This patch mitigates the problem by disabling the SG_IO ioctl
passthrough in qemu. Thus if libguestfs is examining an untrusted
guest and the libguestfs appliance/daemon is compromised (eg. by
executing guest commands, or through some other compromise), then the
compromised appliance will not be able to issue the above SG_IO ioctls
and exploit the host.
Note that this is just mitigation for libguestfs. Users will still
want to fully update their host kernel, qemu/KVM and libvirt, in order
to prevent other (non-libguestfs) routes to compromise.
The following versions of libguestfs (will/have) this patch applied.
libguestfs >= 1.15.13
libguestfs >= 1.14.8
libguestfs >= 1.12.11
libguestfs >= 1.10.12
libguestfs >= 1.8.16
Earlier versions may be vulnerable unless a downstream packager has
applied this patch.
Cc: Hilko Bengen <bengen@hilluzination.de>
