summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version 1.14.8.1.14.8Richard W.M. Jones2011-12-2218-128/+143
|
* Security: Mitigate possible privilege escalation via SG_IO ioctl ↵Richard W.M. Jones2011-12-221-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (CVE-2011-4127, RHBZ#757071) CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from the underlying host device to be read and written. Significantly, neither qemu nor the host kernel checks that the range of sectors is within the partition / LV assigned to the guest. For example, if the guest is assigned host partition /dev/sda3, it would be able to read or write any part of /dev/sda including other partitions and the boot sector. Exploits through LVs passed to the guest are also possible, with some limitations. File-backed virtual block devices are not vulnerable. Non-virtio block devices are not vulnerable. This patch mitigates the problem by disabling the SG_IO ioctl passthrough in qemu. Thus if libguestfs is examining an untrusted guest and the libguestfs appliance/daemon is compromised (eg. by executing guest commands, or through some other compromise), then the compromised appliance will not be able to issue the above SG_IO ioctls and exploit the host. Note that this is just mitigation for libguestfs. Users will still want to fully update their host kernel, qemu/KVM and libvirt, in order to prevent other (non-libguestfs) routes to compromise. The following versions of libguestfs (will/have) this patch applied. libguestfs >= 1.15.13 libguestfs >= 1.14.8 libguestfs >= 1.12.11 libguestfs >= 1.10.12 libguestfs >= 1.8.16 Earlier versions may be vulnerable unless a downstream packager has applied this patch. Cc: Hilko Bengen <bengen@hilluzination.de> (cherry picked from commit 9a5f784d511a8f00a8386f316eab41fe660430db)
* Version 1.14.7.1.14.7Richard W.M. Jones2011-12-0918-237/+703
|
* fuse: Return EXIT_FAILURE if fuse_main fails.Richard W.M. Jones2011-12-091-1/+1
| | | | | | | | | | | fuse_main can return any non-zero value on error. In particular on certain sorts of error such as unsupported -o options it returns 1 (not -1). Therefore make sure any non-zero return is turned into EXIT_FAILURE. (Thanks Pádraig Brady) (cherry picked from commit ae45cee728039d7724fc73e5ffb2550c8054d268)
* fish: -i option should fail if / is not mountable, but warn about others.Richard W.M. Jones2011-12-091-1/+7
| | | | | | | | | In particular this stops a problem with guestmount where if the -i option half-recognizes the guest OS, it would mount the disk (and fail, giving only warnings), leaving the mountpoint unusable. (Thanks Pádraig Brady) (cherry picked from commit 54e91da925323642e67b8ce4b95899fe4b7a51c4)
* daemon: Fix utimens so it doesn't hang on named pipes (RHBZ#761460).Richard W.M. Jones2011-12-092-21/+29
| | | | | | | | | | | This also adds comprehensive tests for utimens on regular files, directories (RHBZ#761451), named pipes (RHBZ#761460), symbolic links, block and char devices. Note that there is a small change in the (previously undefined) semantics of this call: It now sets the time on a symbolic link itself, not on what the symbolic link points to. (cherry picked from commit 19e2f5aa4fd4ed70b505661d918b5575616ad441)
* daemon: Allow utimens to work for directories (RHBZ#761451).Richard W.M. Jones2011-12-091-1/+1
| | | | | | | You don't need to open the file O_WRONLY in order to call futimens on the file descriptor. Opening it O_WRONLY fails for directories. Therefore open O_RDONLY instead. (cherry picked from commit 31fba8d8033216f8a288e75fe3f575b73b9ef925)
* copy-in/copy-out: Wait for the tar subprocess only (RHBZ#760669).Richard W.M. Jones2011-12-091-26/+35
| | | | (cherry picked from commit 98edfac1ee70bcf15ee7caebc306e11cdbbb0d9a)
* fish: Improve error messages when no OS / multi-boot OS found with ↵Richard W.M. Jones2011-12-091-2/+30
| | | | | | inspection (RHBZ#760775). (cherry picked from commit 7d3848ddc046f79cc1112809bd9970eea8060018)
* let the user explicitly choose ruby and rake programsHilko Bengen2011-12-095-10/+13
| | | | (cherry picked from commit 41a7a68cf33a174ba950aa29951a07c391a16b4d)
* Version 1.14.6.1.14.6Richard W.M. Jones2011-12-0619-75/+37
|
* Fix rpcgen post-processing for out-of-tree buildsHilko Bengen2011-12-062-2/+2
| | | | (cherry picked from commit 43942b08cfbcf91bef29ec532f3d097a8519c982)
* ruby: Use RSTRING_PTR, RSTRING_LEN for compat with Ruby 1.9 (RHBZ#760000).Richard W.M. Jones2011-12-061-2/+11
| | | | (cherry picked from commit 2972987d0257d9c3d26b53f961e802d121b436cd)
* daemon: Use pkg-config to locate Augeas CFLAGS / libraries.Richard W.M. Jones2011-12-063-18/+16
| | | | | | | | | | | | | | | | | | | Augeas 0.10 depends on libxml2, so this is now required in the appliance (in fact, it was already present). However this exposed two bugs: (1) In libguestfs we use a home-brewed recipe for Augeas flags, resulting in this error: /usr/include/augeas.h:24:25: fatal error: libxml/tree.h: No such file or directory (2) Augeas's own augeas.pc didn't include the libxml2 flags, so it was broken. This requires a patch to Augeas 0.10, see: https://www.redhat.com/archives/augeas-devel/2011-December/msg00008.html Change to using pkg-config to detect Augeas. It is still an optional library. (cherry picked from commit 615924abaa968398d6529529fa2f31ae23de825b)
* extra tests: Test that valgrind and libtool are installed.Richard W.M. Jones2011-12-061-0/+12
| | | | (cherry picked from commit b7addee24d211014086c44bcef6a0c799e4fb987)
* build: Add more suppressions for valgrind testsMatthew Booth2011-12-061-1/+34
| | | | (cherry picked from commit 655f8037def7742a608fb272004eec51424ac31d)
* mkfs: enable to make xfs filesystems when the device already has a filesystemWanlong Gao2011-12-061-0/+3
| | | | | | | | | Just add the -f option to mkfs.xfs to make sure we can make a xfs filesystem when the device already has a filesystem on it. Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> (cherry picked from commit 1970a14178b5c53569965d35e54efead6c4c4bdc)
* Version 1.14.5.1.14.5Richard W.M. Jones2011-12-0220-608/+664
|
* libguestfs: Added gnulib includes from builddir, as suggested by the Gnulib ↵Hilko Bengen2011-12-023-2/+3
| | | | | | | | | documentation Since some modules (`getopt', for example) may copy files into the build directory, `top_builddir/lib' is needed as well as `top_srcdir/lib'. -- GNU Gnulib manual, section 2.2 Initial import (cherry picked from commit 1a35ca59088e572c11633e85524bb282cb436186)
* ocaml: Fix OCaml dependencies.Richard W.M. Jones2011-12-021-2/+2
| | | | (cherry picked from commit ce331df0f1857bccebaaddfac79677bc9f527197)
* python: Memory leak: Free roots array along handle close path.Richard W.M. Jones2011-12-021-0/+1
| | | | (cherry picked from commit e7e3a32edc29e3448b1d7efb3f6b53c5173c4e9c)
* perl: Memory leak: Free roots array along handle close path.Richard W.M. Jones2011-12-021-0/+1
| | | | (cherry picked from commit 00c9755ee3bea98968acea47bac858db94f7fbe2)
* ruby: Memory leak: Free roots array along handle close path.Richard W.M. Jones2011-12-021-0/+1
| | | | (cherry picked from commit eb7ec6170eca278fb910e18ca1f7ca81c6b507c0)
* extra tests: Add comments about what is not tested here.Richard W.M. Jones2011-12-021-8/+25
| | | | (cherry picked from commit efef3e3c1205e5476044f41fb88385e3ba07468d)
* extra tests: Absolute path for 'run' command.Richard W.M. Jones2011-12-021-1/+1
| | | | (cherry picked from commit 27d00960c93b26c68fa1f4068502c32a6e3b5e94)
* extra tests: Split up and reorder tests more logically.Richard W.M. Jones2011-12-021-9/+15
| | | | (cherry picked from commit cee513112adcf4084d6be9e3b5037b7b54c9f514)
* extra tests: Test virt-sparsify.Richard W.M. Jones2011-12-024-5/+23
| | | | | | | | | This adds the virt-sparsify --debug-gc option which causes virt-sparsify to call Gc.compact before exiting, allowing GC and memory problems to be tested. Add an extratest which runs virt-sparsify under valgrind. (cherry picked from commit 14b1e7b963cd5446ab76a067085b91925dd5d3e3)
* extra tests: Test virt-resize.Richard W.M. Jones2011-12-024-5/+23
| | | | | | | | | This adds the virt-resize --debug-gc option which causes virt-resize to call Gc.compact before exiting, allowing GC and memory problems to be tested. Add an extratest which runs virt-resize under valgrind. (cherry picked from commit 7708d3e04f6ec3985fd74ee1a44a5615d43065e2)
* ocaml: Load test should call Gc.compact to flag memory errors.Richard W.M. Jones2011-12-021-0/+2
| | | | (cherry picked from commit 082a55f76cd61f3590976f6b095552ea65259ced)
* ocaml: Fix memory leak in bindings for functions that return buffers.Richard W.M. Jones2011-12-021-0/+1
| | | | | | | | RBufferOut binding didn't free the buffer after copying it onto the OCaml heap. Found by valgrind. (cherry picked from commit 6bd0eec12f2e39360847bfe7a9f50628cc89ed8e)
* extra tests: Run C API tests under valgrind.Richard W.M. Jones2011-12-021-0/+5
| | | | (cherry picked from commit e1f395defc6db5bbc82537af6e517d94216b7d4b)
* protocol: Memory leak: Free temporary buffer along recv_discard path.Richard W.M. Jones2011-12-021-0/+1
| | | | (cherry picked from commit d81c0829ea4a99aadb98df37be9543a973269041)
* extra tests: Run OCaml tests under valgrind.Richard W.M. Jones2011-12-022-2/+41
| | | | (cherry picked from commit aa4eb4cd109dda0dc7dfdd66a5163a18b0be2277)
* extra tests: Split VG variable into VG / RUN_VG.Richard W.M. Jones2011-12-021-33/+33
| | | | | This is just code motion. (cherry picked from commit 6ccae55ddcf0c08cd1b1cdbc07afeed043ad410d)
* ocaml: Memory leak: Free roots array along handle close path.Richard W.M. Jones2011-12-021-0/+1
| | | | (cherry picked from commit c5dbb1e63a8e0c45c7088dd2e58f5abbcfc30620)
* fish: When -m option fails, canonicalize device names that are printed.Richard W.M. Jones2011-12-021-0/+15
| | | | | | | | | | | | The error message now looks like this: guestfish: '/dev/vda6' could not be mounted. Did you mean one of these? /dev/sda1 (ext4) /dev/vg_f15x32/lv_root (ext4) /dev/vg_f15x32/lv_swap (swap) Note that '/dev/sda1' has been canonicalized. (cherry picked from commit f5bfc68fdb3e25b9d75c65e3f5e88983584b25ed)
* fish: Rearrange code for displaying mountpoints when -m option fails.Richard W.M. Jones2011-12-021-12/+33
| | | | | This also frees the list returned by guestfs_list_filesystems. (cherry picked from commit 450134501c37f1dd1b898dc390591a3f84ec18b4)
* Version 1.14.4.1.14.4Richard W.M. Jones2011-11-2420-9757/+9795
|
* ubuntu: Add extra suppressions for libnl.1 leaks.Richard W.M. Jones2011-11-241-0/+14
| | | | (cherry picked from commit b5b4816ab006ce09b7a7103dbe87b3129046648d)
* extra-tests: Include valgrind suppressions file.Richard W.M. Jones2011-11-243-1/+48
| | | | | This updates commit c55bad93fbde03a3daa6058913f02098c45e55f5. (cherry picked from commit be7cb789069afc93e7c1b0e7a1a9a293dc846d45)
* regressions: Allow test-launch-race.pl to be skipped.Richard W.M. Jones2011-11-241-0/+3
| | | | | | export SKIP_TEST_LAUNCH_RACE_PL=1 will cause this test to be skipped. (cherry picked from commit 3bbcbd5eeadabb1cc5a40b2f8ae586e6aafd39c6)
* Add 'make extra-tests' rule and run extra tests.Richard W.M. Jones2011-11-246-1/+123
| | | | | | These tests are optional, and require a special environment and tools to run. (cherry picked from commit c55bad93fbde03a3daa6058913f02098c45e55f5)
* lib: Fix memory leak when debugging enabled (found by valgrind).Richard W.M. Jones2011-11-241-0/+2
| | | | | | If you enabled debugging (eg. LIBGUESTFS_DEBUG=1) then every debug message printed would be leaked. (cherry picked from commit dd76ce2b4c93dd10d8eca9ab7c77bc831f103d03)
* test-tool: Fix multiple memory leaks found by valgrind.Richard W.M. Jones2011-11-241-4/+8
| | | | (cherry picked from commit bfc0a5f58d3cb6faad5a44bed392f33190e62246)
* filesystems: Fix memory leak found by valgrind.Richard W.M. Jones2011-11-241-1/+3
| | | | (cherry picked from commit cd3d28491dd19d25a6c04a8bc6a7ec94bded413b)
* part-disk: Change default alignment of this to 64K (128 sectors).Richard W.M. Jones2011-11-241-5/+6
| | | | | | | This is the minimum alignment. 1MB would be better. Note that the exact behaviour is not defined in the API. (cherry picked from commit c4381dba737d5cb8aad8e1b2e2123b0fcaff1d1a)
* virt-alignment-scan: Add checks for when API calls return NULL.Richard W.M. Jones2011-11-241-0/+4
| | | | | | In particular, virt-alignment-scan -a /dev/null would segfault because of an error returned by parted. (cherry picked from commit 7b192f5a672197ad67ac23501e420c674aa2f3a9)
* NFC: Allow multiple config files in inspect_with_augeas in inspect_fs_unix.cMatthew Booth2011-11-241-19/+59
| | | | | This change is in support of the addition of MD support to fstab inspection. (cherry picked from commit 373dca7d12a8741e116205b4a3ac67a7d82cc782)
* NFC: Consolidate the error path in check_fstab in inspect_fs_unix.cMatthew Booth2011-11-241-14/+9
| | | | (cherry picked from commit 011a248381cacd6751deb1d1be122cc9bd6aba09)
* NFC: Declare and use variables on the same line in inspect.cMatthew Booth2011-11-241-4/+2
| | | | (cherry picked from commit c8cb3d27b62da20be6b2fa06f1ce6b63a722c32b)
generated by cgit (git 2.34.1) at 2025-09-03 20:14:18 +0000