| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Also improve the clarity of some of them.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
| |
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
|
|
|
| |
When user runs with --color it should not need to be combined with
filtering per level or facility, or decoding.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
| |
The dmesg should not crash while --decode'ing message facilities and
levels to readable string even if the values are out of bounds.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the defitions of CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC,
CLONE_NEWNET, CLONE_NEWUSER, CLONE_NEWPID into namespace.h in case
sched.h does not provide those definitions. Are there systems
around that are old enough that still need this?
Move the definitions of unshare() and setns() into namespace.h
for supporting old versions of libc that does not provice these.
I have tested this support with setns as I still have systems
old enough that glibc does not wrap setns.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
|
|
|
| |
This is shorter code and makes things a bit clearer and less
error prone if anyone happens to copy the code.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
|
|
| |
Make it clear where functions do not modify their arguments.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
| |
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case of a pid namespace we need to fork a child process instead
of calling exec. Move all of that logic out of line into a function
continue_as_child, making the logic of the primary case easier to
understand.
Update the logic for waiting for a child process to suspend ourselves
when the child processes suspends and to continue the child process
when we are unsuspsended. This supports the bash suspend command and
various editors that suspend themselves.
If the child process exits with a signal update the logic to run
kill(getpid(), WTERMSIG(status)) so the caller sees the same exit code
that nsenter observed.
There will always be permission to send signals to our children and
the tty is not changing so there is no need for the intermediate
process to forward signals to it's child.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update the unshare application to support the pid and user namespaces.
- Update the man page for the new options
- Fix typo in the man page where UTS was spelled UTC.
- Remove the vestigal support for running a suid unshare.
After unsharing a user namespace setuid(getuid()) won't work because
no uid or gid mappings have been specified yet. So it is just easier not
to have any support for running suid.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Inspired by unshare, nsenter is a simple wrapper around setns that
allows running a new process in the context of an existing process.
Full paths may be specified to the namespace arguments so that
namespace file descriptors may be used wherever they reside in the
filesystem.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
|
|
|
|
|
| |
The functionality will be replaced with nsenter from Eric W.
Biederman.
This reverts commit 4bbe8099390d528018890efa914e268de3c4b44b.
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If the target directory (mountpoint) does not exist then mount(8) will create
it before mount.<type> is executed or mount(2) syscall is called.
Co-Author: Karel Zak <kzak@redhat.com>
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Presently, libmount-mount completely prohibits the use of -t by non-root
users. This breaks using -t in listing mode as a user, which represents
a regression against mount-deprecated, macosx and presumably *BSD.
This commit fixes the issue by deferring the mnt_context_is_restricted
check for -t until we know we're not in listing mode.
Signed-off-by: Rich Tollerton <rich.tollerton@ni.com>
|
|
|
|
|
|
| |
Since 3.4, debugfs allows uid, gid, and mode options.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
| |
sys-utils/losetup.c:309:2: error: 'for' loop initial declarations are only allowed in C99 mode
sys-utils/losetup.c:374:2: error: 'for' loop initial declarations are only allowed in C99 mode
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
| |
Proposed-by: Karel Zak <kzak@redhat.com>
References: http://www.spinics.net/lists/util-linux-ng/msg07301.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
| |
Change 56692a6 introduced spacing error to --summary printing.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
| |
The current examples miss the best usage of all: specifying the command
and its arguments directly on the command line. Add that to both the
program usage and the man page.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Let's make it more obvious if swap area is accessible for non-root
users. The old version prints the warning only if --verbose is
specified.
Reported-by: mp.lists@free.fr
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In addition to the unshare syscall, there exists the setns syscall, which
allows processes to migrate to the namepsaces of other processes. Add this
functionality into the unshare command, as they operate in a fairly simmilar
fashion.
Note: There was discussion of adding a path based namespace argument to unshare
in the origional discussion thread, but I opted to leave that out as it didn't
seem to fit in nicely with the current argument pattern. I figure we can always
add that in later if we need to
[kzak@redhat.com: - fix optional arguments
- do not call unshare if no flag specified
- use O_CLOEXEC
- codding style cleanup]
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Karel Zak <kzak@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
Align the "size" columns to the right.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
It is difficult to think think tunelp command being in use a lot.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
| |
This makes the command being a little closer standard compliant. See
IEEE Std 1003.1 referral link below for more information.
References: http://pubs.opengroup.org/onlinepubs/009696799/utilities/ipcs.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
|
| |
Introduces new function ipc_print_size() which will call
size_to_human_string(), and handles the occasional '([k]bytes)' printing
if default size format is requested.
Reviewed-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
| |
One will be able to see enum symbols when debugging, which is not the
case when values are specified as define list.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
| |
The commit 7ae8b469adda598fda28e4ea647d47905b43e172 added option --bytes,
not the initial proposal which was changed after maillist discussion.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ mount /root/.ssh/../../dev/sda2
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
this is too promiscuous. It seems better to ignore on command line
specified paths which are not resolve-able for non-root users.
Fixed version:
$ mount /root/.ssh/../../dev/sda2
mount: /root/.ssh/../../dev/sda2: Permission denied
$ mount /dev/sda2
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
Note that this bug has no relation to mount(2) permissions evaluation
in suid mode. The way how non-root user specifies paths on command
line is completely irrelevant for comparison with fstab entries.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
The function is no longer in use.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
| |
[kzak@redhat.com: - fix msgctl() call,
move q_qbytes to ipc_msg_get_info]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
|
| |
And reindent the print_shm() function.
[kzak@redhat.com: move semctl(GET*...) calls to ipcutils.c]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
| |
And reindent the print_shm() function.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
- don't expect maxid as argument in ipc_shm_get_info()
- if there is @id argument then use it everywhere in ipc_shm_get_info()
- don't call shmctl() if not necessary in do_shm()
Signed-off-by: Karel Zak <kzak@redhat.com>
|