summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* inspection: Set last errno to ENOTSUP when inspection APIs are not available.Richard W.M. Jones2012-03-211-1/+1
| | | | | | | | | | | | | | | | Previously there was no programmatic way to tell if inspection APIs were unavailable because they are not compiled in (because hivex isn't around). This contrasts with daemon APIs where the availability is covered by the guestfs_available API. Change the inspection APIs so that when they are not available, the last errno is set to ENOTSUP. (Note that ENOTSUP must be defined on all POSIX platforms). This allows programs to detect if they are using a version of libguestfs that was compiled without support for inspection, without having to parse error messages. (cherry picked from commit c7dff02ccbb6bbe505c73df5d83bea8afdc188c3)
* inspect: Fedora/RHEL CDs are multipart if totaldiscs > 1, not > 0.Richard W.M. Jones2012-03-161-1/+1
| | | | (cherry picked from commit 974dffc6769b732befe85bcd8f614b9600927631)
* inspect: Add comment documenting findings of RHEL 5, 6 install CDs.Richard W.M. Jones2012-03-161-0/+58
| | | | (cherry picked from commit 5749de39c2b44644662fb176784731bce851b828)
* inspect: Ignore missing HKLM\SYSTEM\MountedDevices (RHBZ#803664).Richard W.M. Jones2012-03-161-4/+6
| | | | | | | When a Windows guest doesn't have a HKLM\SYSTEM\MountedDevices node, inspection fails. However inspection should not completely fail just because we cannot get the drive letter mapping from a guest. (cherry picked from commit 91cede3465cd2496a01a89d5c8815df7c326c2ec)
* Fix strict-overflow bugs and reenable this warning.Richard W.M. Jones2012-03-131-3/+3
| | | | | | | | | In two places, we were counting things in an array using an 'int'. In theory, the int could overflow, so gcc determines this to be undefined behaviour. The fix is to use size_t or ssize_t instead. (cherry picked from commit d66dd2260c724bdfe57a8595aac37c8e9173cee5)
* inspect: Move variable decl to top of function.Richard W.M. Jones2012-03-131-1/+3
| | | | (cherry picked from commit 46d1280100b025de2a448331306e794d688748bd)
* lib: Remove some unused variables.Richard W.M. Jones2012-03-134-7/+1
| | | | (cherry picked from commit cd3f2986eee8dbadc8253d4c3462f7e214f1236d)
* lib: Use size_t for allocation size in safe realloc function.Richard W.M. Jones2012-03-132-2/+2
| | | | (cherry picked from commit b8cdf6c2b9d12df6acbe295fd75c8c59c8b7eec1)
* Close all file descriptors and remove all signal handlers in the recovery ↵Richard W.M. Jones2012-03-131-0/+25
| | | | | | | | | | | | | | | | | | process. If the parent process uses a pipe (or any fd, but pipes are a particular problem), then the recovery process would hold open the file descriptor(s) of the pipe, meaning that it could not be fully closed in the parent. Because the recovery process doesn't use exec(2), this wasn't avoidable even using FD_CLOEXEC. Avoid this by closing all file descriptors when starting the recovery process. After discussion with Dan Berrange, he points out that it's also a good idea to set signal handlers to the default after forking, so that any signal handlers set up in the parent don't affect the child. (cherry picked from commit f1f045adf8d00549dd3efa3619e1162f9004b61e)
* inspect_apps: Avoid double-close on error path (found by Coverity) ↵Richard W.M. Jones2012-03-081-0/+1
| | | | | | | | | (RHBZ#801298). Error: USE_AFTER_FREE: /builddir/build/BUILD/libguestfs-1.16.5/src/inspect_apps.c:392: freed_arg: "fclose" frees "fp". /builddir/build/BUILD/libguestfs-1.16.5/src/inspect_apps.c:404: deref_arg: Calling "fclose" dereferences freed pointer "fp". (cherry picked from commit 270daae52b6a96b4d05cbe03e0b31a0b2e4ac1ae)
* dbdump: Avoid double-close on error path (found by Coverity).Richard W.M. Jones2012-03-081-0/+1
| | | | | | | Error: USE_AFTER_FREE: /builddir/build/BUILD/libguestfs-1.16.5/src/dbdump.c:132: freed_arg: "pclose" frees "pp". /builddir/build/BUILD/libguestfs-1.16.5/src/dbdump.c:142: deref_arg: Calling "pclose" dereferences freed pointer "pp". (cherry picked from commit 3f3b08a6bc610ca0886e02972257dfcb633a9d40)
* daemon: proto: Close fd along error paths (found by Coverity).Richard W.M. Jones2012-03-081-0/+3
| | | | | | | | | | Error: RESOURCE_LEAK: /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:894: open_fn: Calling opening function "open". /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:894: var_assign: Assigning: "fd" = handle returned from "open(filename, 0)". /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:903: noescape: Variable "fd" is not closed or saved in function "read". /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:911: leaked_handle: Handle variable "fd" going out of scope leaks the handle. /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:918: leaked_handle: Handle variable "fd" going out of scope leaks the handle. (cherry picked from commit d0453c02545c825810fec6e5874c55d7ac5ec678)
* proto: Close file along error and cancel paths (found by Coverity).Richard W.M. Jones2012-03-081-1/+5
| | | | | | | | | | Error: RESOURCE_LEAK: /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:1125: open_fn: Calling opening function "open". /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:1125: var_assign: Assigning: "fd" = handle returned from "open(filename, 833, 438)". /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:1133: noescape: Variable "fd" is not closed or saved in function "xwrite". /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:1146: leaked_handle: Handle variable "fd" going out of scope leaks the handle. /builddir/build/BUILD/libguestfs-1.16.5/src/proto.c:1173: leaked_handle: Handle variable "fd" going out of scope leaks the handle. (cherry picked from commit 855aaf414af3b8c8ca1f722a589fd251cc8317ee)
* Check return values from calloc (found by Coverity).Richard W.M. Jones2012-03-081-25/+29
| | | | | | | | | | | | Error: NULL_RETURNS: /builddir/build/BUILD/libguestfs-1.16.5/src/inspect.c:417: returned_null: Function "calloc" returns null (checked 67 out of 81 times). /builddir/build/BUILD/libguestfs-1.16.5/src/inspect.c:417: var_assigned: Assigning: "ret" = null return value from "calloc". /builddir/build/BUILD/libguestfs-1.16.5/src/inspect.c:418: dereference: Dereferencing a null pointer "ret". [...] /builddir/build/BUILD/libguestfs-1.16.5/src/inspect.c:374: returned_null: Function "calloc" returns null (checked 67 out of 81 times). /builddir/build/BUILD/libguestfs-1.16.5/src/inspect.c:374: var_assigned: Assigning: "ret" = null return value from "calloc". /builddir/build/BUILD/libguestfs-1.16.5/src/inspect.c:375: dereference: Dereferencing a null pointer "ret". (cherry picked from commit 35d5be22b1c09c3a99b445f65453601ec25b9f60)
* Dead code: 'lvs' cannot be true here (found by Coverity).Richard W.M. Jones2012-03-081-1/+1
| | | | | | | | | | | | | | Remove dead code; however only comment it out since if we change the preceeding code we may need this line again. Error: DEADCODE: /builddir/build/BUILD/libguestfs-1.16.5/src/listfs.c:107: dead_error_condition: On this path, the condition "lvs" cannot be true. /builddir/build/BUILD/libguestfs-1.16.5/src/listfs.c:54: const: After this line, the value of "lvs" is equal to 0. /builddir/build/BUILD/libguestfs-1.16.5/src/listfs.c:91: const: After this line, the value of "lvs" is equal to 0. /builddir/build/BUILD/libguestfs-1.16.5/src/listfs.c:54: assignment: Assigning: "lvs" = "NULL". /builddir/build/BUILD/libguestfs-1.16.5/src/listfs.c:91: new_values: Noticing condition "lvs == NULL". /builddir/build/BUILD/libguestfs-1.16.5/src/listfs.c:107: dead_error_line: Execution cannot reach this statement "guestfs___free_string_list(...". (cherry picked from commit 109d3ad34aac8d50a1c02437928a64d9bad9f1a6)
* Ignore return values from some functions in guestfs_close (Coverity warning).Richard W.M. Jones2012-03-081-2/+3
| | | | | | | | | | | | | | | | | Error: CHECKED_RETURN: /builddir/build/BUILD/libguestfs-1.16.5/java/com_redhat_et_libguestfs_GuestFS.c:9552: example_assign: Assigning: "r" = return value from "guestfs_internal_autosync(g)". /builddir/build/BUILD/libguestfs-1.16.5/java/com_redhat_et_libguestfs_GuestFS.c:9555: example_checked: "r" has its value checked in "r == -1". /builddir/build/BUILD/libguestfs-1.16.5/ocaml/guestfs_c_actions.c:5584: example_assign: Assigning: "r" = return value from "guestfs_internal_autosync(g)". /builddir/build/BUILD/libguestfs-1.16.5/ocaml/guestfs_c_actions.c:5586: example_checked: "r" has its value checked in "r == -1". /builddir/build/BUILD/libguestfs-1.16.5/perl/Guestfs.xs:5990: example_assign: Assigning: "r" = return value from "guestfs_internal_autosync(g)". /builddir/build/BUILD/libguestfs-1.16.5/perl/Guestfs.xs:5991: example_checked: "r" has its value checked in "r == -1". /builddir/build/BUILD/libguestfs-1.16.5/python/guestfs-py.c:13702: example_assign: Assigning: "r" = return value from "guestfs_internal_autosync(g)". /builddir/build/BUILD/libguestfs-1.16.5/python/guestfs-py.c:13707: example_checked: "r" has its value checked in "r == -1". /builddir/build/BUILD/libguestfs-1.16.5/ruby/ext/guestfs/_guestfs.c:16000: example_assign: Assigning: "r" = return value from "guestfs_internal_autosync(g)". /builddir/build/BUILD/libguestfs-1.16.5/ruby/ext/guestfs/_guestfs.c:16001: example_checked: "r" has its value checked in "r == -1". /builddir/build/BUILD/libguestfs-1.16.5/src/guestfs.c:191: check_return: Calling function "guestfs_internal_autosync" without checking return value (as is done elsewhere 5 out of 6 times). /builddir/build/BUILD/libguestfs-1.16.5/src/guestfs.c:191: unchecked_value: No check of the return value of "guestfs_internal_autosync(g)". (cherry picked from commit 07a8c3c0c25974e0b9496966a7a1354be9ee844f)
* Comment change.Richard W.M. Jones2012-03-081-1/+1
| | | | (cherry picked from commit 4d8ae8f5a2e309a6a518fdb0b6f65685aa9137e0)
* Hide stderr of bmptopng.Richard W.M. Jones2012-03-081-2/+3
| | | | | This program is noisy on stderr. Send that to /dev/null. (cherry picked from commit e40f408faeea204417bc46024590a07272eeda92)
* build: Make netpbm and icoutils into proper optional dependencies.Richard W.M. Jones2012-03-081-4/+18
| | | | | | | | | Netpbm and icoutils (wrestool) have always been dependencies. Since they are not always present, make these into optional dependencies (which they were, sort of, before). Also document these dependencies in the README file. (cherry picked from commit 2c9c0525ebda105f37e6a6eea2307db4cb2f0a73)
* Whitespace change.Richard W.M. Jones2012-03-081-1/+1
| | | | (cherry picked from commit b106dda97c9e18563bb27a44a025016fef6dec97)
* Add a 'fixed' style of appliance.Richard W.M. Jones2012-03-031-3/+33
| | | | | | | | | | | This is just the 'kernel', 'initrd' and 'root' files, copied from one machine to another, along with a 'README.fixed' file which is also used for identification. This allows the appliance to be copied from one machine to another, making it easier for us to distribute a starter appliance for people who cannot get febootstrap or appliance-building working. (cherry picked from commit 5e8a4627d9f0d313485f186a63dc2250f6fd5c01)
* Rebrand 'ordinary appliance' as 'old-style appliance'.Richard W.M. Jones2012-03-032-8/+8
| | | | | This is just code motion. (cherry picked from commit 49726b9269490e331e740d55952da87552ca2500)
* appliance: Make appliance building thread-safe (RHBZ#790721).Richard W.M. Jones2012-03-011-1/+12
| | | | | | | | | | | | | | | | Appliance building can be called from multiple processes, but this is only safe if each process holds a lock on the 'checksum' file. However threads within a process are not excluded by a file lock, and so this strategy completely failed for a multithreaded program calling guestfs_launch in parallel. Since it makes no sense for threads in a single program to race each other to try to create the appliance, add a lock around appliance building. This serialises building the appliance, but the rest of guestfs_launch (eg. starting up qemu) can run in parallel. (cherry picked from commit afed7e493dcd594620f19b93e9fb73e58553f60a)
* docs: Note that JRuby should use the Java bindings.Richard W.M. Jones2012-02-101-0/+2
| | | | (cherry picked from commit 6ca8a2db6d6f1028a35ece616af44538074483fc)
* Enable running the daemon under valgrind.Richard W.M. Jones2012-01-242-0/+18
| | | | | | | | | | | | | | | | | | This commit allows you to run the daemon under valgrind. You have to enable it at configure time: ./configure --enable-valgrind-daemon This should *not* be done for production builds. When this feature is enabled, valgrind is added to the appliance and the daemon is run under valgrind. Log messages from valgrind are passed back over a virtio-serial channel into a file called 'valgrind.log.$PID' in the top build directory. Running 'make check', 'make extra-tests' etc causes many valgrind.log.* files to be created which must be examined by hand. (cherry picked from commit d08806adfc5d111b4b6c761540ff508d3f25b66e)
* API support: Fix src/api-support/added file.Richard W.M. Jones2012-01-231-470/+470
| | | | | This fixes commit 37e07db1598b433c12ee643302712d81b2c5415d. (cherry picked from commit 734b1f662f4e563cc8baad3aca8cf751314e0e49)
* Update API support.Richard W.M. Jones2012-01-2324-474/+11234
|
* gobject: Document these bindings in guestfs(3).Richard W.M. Jones2012-01-221-0/+7
|
* Tempus fugit.Richard W.M. Jones2012-01-1814-14/+14
| | | | Update all copyright dates to 2012.
* lib: Use -fvisibilty=hidden by default; only ABI symbols are now visible.Richard W.M. Jones2012-01-181-3/+5
| | | | http://gcc.gnu.org/wiki/Visibility
* New tool: virt-format: erase and make blank disks.Richard W.M. Jones2012-01-181-0/+5
| | | | | This tool allows you to easily reformat a disk, creating a blank disk with optional partition, LVM and empty filesystem.
* NEW API: add a new api e2fsckWanlong Gao2012-01-131-1/+1
| | | | | | | | | | | | | | m: Wanlong Gao <gaowanlong@cn.fujitsu.com> Add a new api e2fsck with two options: correct: same as '-p' option of e2fsck forceall: same as '-y' option of e2fsck Thanks for Rich's idea. v1->v2: use optargs_bitmask v2->v3: change the optargs_bitmask check Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
* Allow /dev/null to be added multiple times.Richard W.M. Jones2012-01-101-1/+8
| | | | | | | | Change the test for duplicate drives so that you're allowed to add /dev/null multiple times. This corresponds to traditional usage. This amends commit be47b66c3033105a2b880dbc10bfc2b163b7eafe.
* launch: move the filename checking to a wrapperWanlong Gao2012-01-091-6/+12
| | | | | | Move the filename's comma character checking to a wrapper. Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
* launch: don't add a drive twiceWanlong Gao2012-01-091-2/+12
| | | | | | | | | | | | | | 1. Change the g->path to restore a absolute path instead of the mixed. 2. Check that if the adding drive is duplicated with the added drive. Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> RWMJ: - Make sure abs_path is NULL before it is assigned, so freeing it will work along the error path. - Fix the test which added /dev/null multiple times.
* launch: add a goto label when add_drive errorWanlong Gao2012-01-091-18/+11
| | | | | | | Code cleanup. Add a goto label to simplify the code. Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
* lib: Try harder to remove temporary directory along error paths (RHBZ#769680).Richard W.M. Jones2011-12-231-1/+11
|
* lib: Add guestfs___remove_tmpdir helper function.Richard W.M. Jones2011-12-235-46/+35
| | | | | | | This function does 'rm -rf <dir>' for temporary directories, safely working if '<dir>' contains shell meta-characters. Replace existing code for removing directories with this.
* Security: Mitigate possible privilege escalation via SG_IO ioctl ↵Richard W.M. Jones2011-12-221-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (CVE-2011-4127, RHBZ#757071) CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from the underlying host device to be read and written. Significantly, neither qemu nor the host kernel checks that the range of sectors is within the partition / LV assigned to the guest. For example, if the guest is assigned host partition /dev/sda3, it would be able to read or write any part of /dev/sda including other partitions and the boot sector. Exploits through LVs passed to the guest are also possible, with some limitations. File-backed virtual block devices are not vulnerable. Non-virtio block devices are not vulnerable. This patch mitigates the problem by disabling the SG_IO ioctl passthrough in qemu. Thus if libguestfs is examining an untrusted guest and the libguestfs appliance/daemon is compromised (eg. by executing guest commands, or through some other compromise), then the compromised appliance will not be able to issue the above SG_IO ioctls and exploit the host. Note that this is just mitigation for libguestfs. Users will still want to fully update their host kernel, qemu/KVM and libvirt, in order to prevent other (non-libguestfs) routes to compromise. The following versions of libguestfs (will/have) this patch applied. libguestfs >= 1.15.13 libguestfs >= 1.14.8 libguestfs >= 1.12.11 libguestfs >= 1.10.12 libguestfs >= 1.8.16 Earlier versions may be vulnerable unless a downstream packager has applied this patch. Cc: Hilko Bengen <bengen@hilluzination.de>
* tests: Split images -> tests/data + tests/guestsRichard W.M. Jones2011-12-221-6/+0
|
* tests: Rename extratests -> tests/extra.Richard W.M. Jones2011-12-221-5/+0
|
* tests: Split regressions -> various subdirectories of tests/Richard W.M. Jones2011-12-221-6/+3
|
* tests: Rename capitests -> tests/c-api.Richard W.M. Jones2011-12-221-5/+1
|
* tests: Rename caution -> tests/qemu.Richard W.M. Jones2011-12-221-5/+0
|
* tests: Document new tests/ subdirectory.Richard W.M. Jones2011-12-221-0/+4
|
* docs: Arrange directory names in alphabetical order.Richard W.M. Jones2011-12-221-4/+4
|
* Fix rpcgen post-processing for out-of-tree buildsHilko Bengen2011-12-061-1/+1
|
* NEW API: add blkid command to print the attributes of the deviceWanlong Gao2011-12-031-1/+1
| | | | | | | | | | | | A NEW API blkid. It can print the device attributes. Use it after list-devices, we can list ower devices and the attributes of each device. Use it like: blkid <device> It's should be a usefull function. Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
* inspection: Handle MD devices in fstabMatthew Booth2011-12-021-7/+323
| | | | | | | | | This patch fixes inspection when fstab contains devices md devices specified as /dev/mdN. The appliance creates these devices without reference to the guest's mdadm.conf so, for e.g. /dev/md0 in the guest will often be created as /dev/md127 in the appliance. With this patch, we match the uuids of detected md devices against uuids specified in mdadm.conf, and map them appropriately when we encounter them in fstab.
* libguestfs: Added gnulib includes from builddir, as suggested by the Gnulib ↵Hilko Bengen2011-12-011-1/+1
| | | | | | | | documentation Since some modules (`getopt', for example) may copy files into the build directory, `top_builddir/lib' is needed as well as `top_srcdir/lib'. -- GNU Gnulib manual, section 2.2 Initial import
generated by cgit (git 2.34.1) at 2025-08-29 21:29:24 +0000