| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(CVE-2011-4127, RHBZ#757071)
CVE-2011-4127 is a serious qemu & kernel privilege escalation bug
found by Paolo Bonzini.
http://seclists.org/oss-sec/2011/q4/536
An untrusted guest kernel is able to issue special SG_IO ioctls on
virtio devices which qemu passes through to the host kernel without
filtering or sanitizing. These ioctls allow raw sectors from the
underlying host device to be read and written. Significantly, neither
qemu nor the host kernel checks that the range of sectors is within
the partition / LV assigned to the guest. For example, if the guest
is assigned host partition /dev/sda3, it would be able to read or
write any part of /dev/sda including other partitions and the boot
sector. Exploits through LVs passed to the guest are also possible,
with some limitations. File-backed virtual block devices are not
vulnerable. Non-virtio block devices are not vulnerable.
This patch mitigates the problem by disabling the SG_IO ioctl
passthrough in qemu. Thus if libguestfs is examining an untrusted
guest and the libguestfs appliance/daemon is compromised (eg. by
executing guest commands, or through some other compromise), then the
compromised appliance will not be able to issue the above SG_IO ioctls
and exploit the host.
Note that this is just mitigation for libguestfs. Users will still
want to fully update their host kernel, qemu/KVM and libvirt, in order
to prevent other (non-libguestfs) routes to compromise.
The following versions of libguestfs (will/have) this patch applied.
libguestfs >= 1.15.13
libguestfs >= 1.14.8
libguestfs >= 1.12.11
libguestfs >= 1.10.12
libguestfs >= 1.8.16
Earlier versions may be vulnerable unless a downstream packager has
applied this patch.
Cc: Hilko Bengen <bengen@hilluzination.de>
|
| |
|
|
|
| |
The python3.1 package shipped with Debian/squeeze does not have the
'mu' suffix that was assumed before.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Add 'event', 'list-events' and 'delete-event' commands so that event
handlers can be registered, listed and deleted in guestfish. The
event handler is a shell script snippet or host command.
Cc: Pádraig Brady <P@draigBrady.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
fuse_main can return any non-zero value on error. In particular on
certain sorts of error such as unsupported -o options it returns 1
(not -1).
Therefore make sure any non-zero return is turned into EXIT_FAILURE.
(Thanks Pádraig Brady)
|
| |
|
|
|
|
|
|
| |
In particular this stops a problem with guestmount where if the -i
option half-recognizes the guest OS, it would mount the disk (and
fail, giving only warnings), leaving the mountpoint unusable.
(Thanks Pádraig Brady)
|
| |
|
|
|
|
|
|
|
|
| |
This also adds comprehensive tests for utimens on regular files,
directories (RHBZ#761451), named pipes (RHBZ#761460), symbolic links,
block and char devices.
Note that there is a small change in the (previously undefined)
semantics of this call: It now sets the time on a symbolic link
itself, not on what the symbolic link points to.
|
| |
|
|
|
|
| |
You don't need to open the file O_WRONLY in order to call futimens on
the file descriptor. Opening it O_WRONLY fails for directories.
Therefore open O_RDONLY instead.
|
| | |
|
| |
|
|
| |
inspection (RHBZ#760775).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
RHEL5 shoult not support '-p', '-i' and '-o export' options.
But we just split it according to the '-p' option.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
|
| |
|
|
|
|
| |
Remove the implemented command blkid from TODO lists.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
|
| |
|
|
| |
This reverts commit 6533491b178d18bfab8240cf093be4ef9b547548.
|
| |
|
|
| |
This reverts commit c48226a5026816b115ab63b50d3601531aff59dc.
|
| |
|
|
| |
This updates commit 6533491b178d18bfab8240cf093be4ef9b547548.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Augeas 0.10 depends on libxml2, so this is now required in the
appliance (in fact, it was already present).
However this exposed two bugs:
(1) In libguestfs we use a home-brewed recipe for Augeas flags,
resulting in this error:
/usr/include/augeas.h:24:25: fatal error: libxml/tree.h: No such file or directory
(2) Augeas's own augeas.pc didn't include the libxml2 flags, so
it was broken. This requires a patch to Augeas 0.10, see:
https://www.redhat.com/archives/augeas-devel/2011-December/msg00008.html
Change to using pkg-config to detect Augeas. It is still an optional
library.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A NEW API blkid.
It can print the device attributes.
Use it after list-devices, we can list ower devices and the attributes
of each device.
Use it like:
blkid <device>
It's should be a usefull function.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
|
| | |
|
| |
|
|
|
|
|
| |
Check that we properly handle fstab entries of the form /dev/md0 and
/dev/md/foo.
RWMJ: Add a skip to test if the Augeas lens is not available.
|
| |
|
|
|
|
|
|
|
| |
This patch fixes inspection when fstab contains devices md devices
specified as /dev/mdN. The appliance creates these devices without reference to
the guest's mdadm.conf so, for e.g. /dev/md0 in the guest will often be created
as /dev/md127 in the appliance. With this patch, we match the uuids of detected
md devices against uuids specified in mdadm.conf, and map them appropriately
when we encounter them in fstab.
|
| | |
|
| |
|
|
|
|
|
|
| |
Just add the -f option to mkfs.xfs to make sure we can
make a xfs filesystem when the device already has a
filesystem on it.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
|
| |
|
|
|
|
|
|
| |
documentation
Since some modules (`getopt', for example) may copy files
into the build directory, `top_builddir/lib' is needed as well as
`top_srcdir/lib'. -- GNU Gnulib manual, section 2.2 Initial import
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
