[PATCH] make-fs: respect libguestfs' temporary dir
by Pino Toscano
Do not hardcode /tmp.
---
make-fs/make-fs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/make-fs/make-fs.c b/make-fs/make-fs.c
index 1bec3e2..9c11fef 100644
--- a/make-fs/make-fs.c
+++ b/make-fs/make-fs.c
@@ -381,8 +381,9 @@ estimate_input (const char *input, uint64_t *estimate_rtn, char **ifmt_rtn)
CLEANUP_FCLOSE FILE *fp = NULL;
char line[256];
size_t len;
+ CLEANUP_FREE char *tmpdir = guestfs_get_tmpdir (g);
- if (asprintf (&tmpfile, "/tmp/makefsXXXXXX") == -1) {
+ if (asprintf (&tmpfile, "%s/makefsXXXXXX", tmpdir) == -1) {
perror ("asprintf");
return -1;
}
--
1.9.3
9 years, 9 months
[PATCH] launch: Close file descriptors after fork (RHBZ#1123007).
by Richard W.M. Jones
This refactors existing code to close file descriptors in the recovery
process, and also adds code to close file descriptors between the
fork() and exec() of QEMU or User-Mode Linux.
The reason is to avoid leaking main process file descriptors where the
main process (or other libraries in the main process) are not setting
O_CLOEXEC at all or not setting it atomically. Python is a particular
culprit.
See also this OpenStack Nova bug report:
https://bugs.launchpad.net/nova/+bug/1313477
Thanks: Qin Zhao for identifying and characterizing the problem in Nova.
---
src/guestfs-internal-frontend.h | 16 +++++++++++++++-
src/launch-direct.c | 17 +++++++++--------
src/launch-uml.c | 13 +++++--------
3 files changed, 29 insertions(+), 17 deletions(-)
diff --git a/src/guestfs-internal-frontend.h b/src/guestfs-internal-frontend.h
index 6bf0a94..3129018 100644
--- a/src/guestfs-internal-frontend.h
+++ b/src/guestfs-internal-frontend.h
@@ -1,5 +1,5 @@
/* libguestfs
- * Copyright (C) 2013 Red Hat Inc.
+ * Copyright (C) 2013-2014 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -161,4 +161,18 @@ extern GUESTFS_DLL_PUBLIC int guestfs___add_libvirt_dom (guestfs_h *g, virDomain
# define program_name "libguestfs"
#endif
+/* Close all file descriptors matching the condition. */
+#define close_file_descriptors(cond) do { \
+ int max_fd = sysconf (_SC_OPEN_MAX); \
+ int fd; \
+ if (max_fd == -1) \
+ max_fd = 1024; \
+ if (max_fd > 65536) \
+ max_fd = 65536; /* bound the amount of work we do here */ \
+ for (fd = 0; fd < max_fd; ++fd) { \
+ if (cond) \
+ close (fd); \
+ } \
+ } while (0)
+
#endif /* GUESTFS_INTERNAL_FRONTEND_H_ */
diff --git a/src/launch-direct.c b/src/launch-direct.c
index bb73d19..104809d 100644
--- a/src/launch-direct.c
+++ b/src/launch-direct.c
@@ -717,6 +717,13 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
goto dup_failed;
close (sv[1]);
+
+ /* Close any other file descriptors that we don't want to pass
+ * to qemu. This prevents file descriptors which didn't have
+ * O_CLOEXEC set properly from leaking into the subprocess. See
+ * RHBZ#1123007.
+ */
+ close_file_descriptors (fd >= 2);
}
/* Dump the command line (after setting up stderr above). */
@@ -747,7 +754,7 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
if (g->recovery_proc) {
r = fork ();
if (r == 0) {
- int i, fd, max_fd;
+ int i;
struct sigaction sa;
pid_t qemu_pid = data->pid;
pid_t parent_pid = getppid ();
@@ -767,13 +774,7 @@ launch_direct (guestfs_h *g, void *datav, const char *arg)
/* Close all other file descriptors. This ensures that we don't
* hold open (eg) pipes from the parent process.
*/
- max_fd = sysconf (_SC_OPEN_MAX);
- if (max_fd == -1)
- max_fd = 1024;
- if (max_fd > 65536)
- max_fd = 65536; /* bound the amount of work we do here */
- for (fd = 0; fd < max_fd; ++fd)
- close (fd);
+ close_file_descriptors (1);
/* It would be nice to be able to put this in the same process
* group as qemu (ie. setpgid (0, qemu_pid)). However this is
diff --git a/src/launch-uml.c b/src/launch-uml.c
index 2a6ddaf..88c684b 100644
--- a/src/launch-uml.c
+++ b/src/launch-uml.c
@@ -333,6 +333,9 @@ launch_uml (guestfs_h *g, void *datav, const char *arg)
goto dup_failed;
close (csv[1]);
+
+ /* RHBZ#1123007 */
+ close_file_descriptors (fd >= 2 && fd != dsv[1]);
}
/* Dump the command line (after setting up stderr above). */
@@ -360,7 +363,7 @@ launch_uml (guestfs_h *g, void *datav, const char *arg)
if (g->recovery_proc) {
r = fork ();
if (r == 0) {
- int i, fd, max_fd;
+ int i;
struct sigaction sa;
pid_t vmlinux_pid = data->pid;
pid_t parent_pid = getppid ();
@@ -380,13 +383,7 @@ launch_uml (guestfs_h *g, void *datav, const char *arg)
/* Close all other file descriptors. This ensures that we don't
* hold open (eg) pipes from the parent process.
*/
- max_fd = sysconf (_SC_OPEN_MAX);
- if (max_fd == -1)
- max_fd = 1024;
- if (max_fd > 65536)
- max_fd = 65536; /* bound the amount of work we do here */
- for (fd = 0; fd < max_fd; ++fd)
- close (fd);
+ close_file_descriptors (1);
/* It would be nice to be able to put this in the same process
* group as vmlinux (ie. setpgid (0, vmlinux_pid)). However
--
1.9.0
9 years, 9 months
[PATCH] p2v: properly call va_end
by Pino Toscano
---
p2v/miniexpect.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/p2v/miniexpect.c b/p2v/miniexpect.c
index ec81030..1baab5f 100644
--- a/p2v/miniexpect.c
+++ b/p2v/miniexpect.c
@@ -114,6 +114,7 @@ mexp_spawnl (const char *file, const char *arg, ...)
new_argv = realloc (argv, sizeof (char *) * (i+1));
if (new_argv == NULL) {
free (argv);
+ va_end (args);
return NULL;
}
argv = new_argv;
@@ -122,6 +123,7 @@ mexp_spawnl (const char *file, const char *arg, ...)
h = mexp_spawnv (file, argv);
free (argv);
+ va_end (args);
return h;
}
--
1.9.3
9 years, 10 months
[PATCH] sparsify: Relax requirement that output device cannot be block device.
by Richard W.M. Jones
To fix RHBZ#1056290, I prevented virt-sparsify being used if the
output device is a block device.
I have now retested this scenario and it does work (in both copying
and in-place mode), and does not delete the output device, and
therefore we can relax this restriction so only char devices are
banned.
This is useful for oVirt which uses a qcow2 formatted block device to
store virtual machines.
---
sparsify/cmdline.ml | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/sparsify/cmdline.ml b/sparsify/cmdline.ml
index a99c851..b1fb83f 100644
--- a/sparsify/cmdline.ml
+++ b/sparsify/cmdline.ml
@@ -167,11 +167,7 @@ read the man page virt-sparsify(1).
else
Sys.getcwd () // indisk in
- (* Check the output is not a block or char special (RHBZ#1056290). *)
- if is_block_device outdisk then
- error (f_"output '%s' cannot be a block device, it must be a regular file")
- outdisk;
-
+ (* Check the output is not a char special (RHBZ#1056290). *)
if is_char_device outdisk then
error (f_"output '%s' cannot be a character device, it must be a regular file")
outdisk;
--
1.9.0
9 years, 10 months
IRC question: Ruby gems
by Richard W.M. Jones
18:24 < cknapp> rwmjones: is the RPM the best way to grab the guestfs gem?
[Please stay in the channel after asking a question!]
We currently ship the Ruby bindings as an extension in the ruby/
subdirectory of the source tarball. (Note that because the extension
is mostly generated during the build, you will have to download the
tarball from http://libguestfs.org/download/ which contains the
generated bits; or, much less conveniently, you will have to do a full
build from git).
So there is no gem as such. In particular there is nothing on
rubygems.org.
However it should be possible to take the ruby/ subdirectory and turn
it into a gem with minimal effort, since it is already in mostly the
right format. In particular, see the Gem::Specification section in
ruby/Rakefile.
I don't know how the gem relates to the Fedora RPM. Possibly not at
all.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
9 years, 10 months
[PATCH] configure: look for "default-java" as directory for Java
by Pino Toscano
In Debian-based systems, /usr/lib/jvm/default-java is a symlink
pointing to the location of the default Java version.
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index ec98e4b..932bad1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1250,6 +1250,7 @@ if test "x$with_java" != "xno"; then
# Look for Java in some likely locations.
for d in \
/usr/lib/jvm/java \
+ /usr/lib/jvm/default-java \
/usr/lib/jvm/java-6-openjdk
do
if test -d $d && test -f $d/bin/java; then
--
1.9.3
9 years, 10 months
working with mount-local
by Vasiliy Tolstov
Hi. I'm try to use guestfish inside golang (extract some files from
image and create squashfs from root).
Now i can't understand how can i work with mount-local/mount-local-run.
Where i can specify what partition i'm export to local? Does i need
firstly mount /dev/sda1 to / for example and after that run
mount-local /tmp/xxx ?
Second - i'm work with guestfish via writing to stdin and getting
result from stdout. In case of mount-local-run does i need fully fork
new binary or i can only dup stdin descriptor and work with it?
--
Vasiliy Tolstov,
e-mail: v.tolstov(a)selfip.ru
jabber: vase(a)selfip.ru
9 years, 10 months
supermin: how can I avoid downloading packages everytime when run make
by Hu Tao
Hi,
When I run make in libguestfs directory, supermin tries to redownload
all packages it needs everytime. This is a blocker for me because:
1. I have a slow network connection, redownloading all packages is just
a waste of time even though they are not big.
2. My network connection is not stable(especially when visiting sites
outside of China), sometimes it fails to download the packages in the
middle of downloading, so I have to restart from the beginning.
3. I'm not expected to consume too much network traffic from within
office.
So what I want to know is:
1. is it possible to use cached packages that supermin already
downloaded? How?
2. or better, whether supermin can use packages installed on local
systems, instead of downloading from web?
I read the man page of supermin and saw there is --if-newer and
--use-installed, but I'm not sure how to use them. Any helps will be
appreciated!
Regards,
Hu Tao
9 years, 10 months
[PATCH] appliance: init: run ldconfig
by Pino Toscano
Run ldconfig early in the init script, so libraries outside standard
library paths but with a proper ld.so configuration file pointing at
them can be found.
---
appliance/init | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/appliance/init b/appliance/init
index b407bf9..94e77cf 100755
--- a/appliance/init
+++ b/appliance/init
@@ -10,6 +10,10 @@ RUNLEVEL=S
PREVLEVEL=N
export RUNLEVEL PREVLEVEL
+# Make sure to find all the libraries, also those in non-standard place
+# but with a proper ld.so configuration pointing at them
+ldconfig || :
+
# Try to print a stack trace for segfaults inside the appliance.
for d in /lib64 /lib; do
f=$d/libSegFault.so
--
1.9.3
9 years, 10 months
