aboutsummaryrefslogtreecommitdiffstats
path: root/ports
AgeCommit message (Collapse)Author
2014-10-03Possibly fix strange corruptionsPeter Seebach
Trying to track down problems which sometimes result in files showing up as nameless files, producing clashes later. Looks like there were two issues; one is we were creating links for files that we'd already found by inode. The other is that rename was sending bogus LINK messages in some cases. Also simplified the find_file_dev path to extract the path as part of the initial operation, since there wasn't any case where that wasn't being done immediately afterwards.
2014-07-17linux/portdefs.h: fix non-x86 buildPeter Seebach
The assumption that a host is either x86_64 or x86_32 does not hold well on target systems.
2014-07-11symbol version tweakspseudo-1.6.0PSEUDO_1_6_0Peter Seebach
We don't want to pick up newer memcpy because pseudo sometimes has to run host binaries even when built against a newer libc.
2014-07-10make xattr work on DarwinSeebs
More complicated, because we actually need to make com.apple stuff work probably.
2014-06-13Don't follow symlinks for lutimes()Peter Seebach
Also for lstat, but that probably never matters because in Linux you will never actually call lstat without working really hard at it, because you end up calling __lxstat anyway. (Was already doing the right thing for Darwin.)
2014-05-27Typo fixPeter Seebach
So it turns out that if you fix a bug inside an #ifdef that hasn't applied to anything in years, it doesn't actually fix the bug.
2014-05-27Honor umaskPeter Seebach
We used to rely on filesystem operations to apply the umask when appropriate, but when we started masking out 022, that stopped working. Start watching umask.
2014-05-16pseudo_has_unload: add functionPeter Seebach
Various wrappers checked for a non-null pseudo_get_value("PSEUDO_UNLOAD") to determine whether the environment should include the pseudo variables. None of those checks freed the returned value when it was not null. The new check function does. The new check function also sees whether PSEUDO_UNLOAD was defined in the environment that should be used in the wrapped system call. This allows pkg_postinst scripts to strip out the LD_PRELOAD setting, for example before invoking qemu to execute commands in an environment that does not have libpseudo.so. [YOCTO #4843] Signed-off-by: Peter A. Bigot <pab@pabigot.com> Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-05-16Permissions handling tweaks (fchmodat, mask out write bits)Peter Seebach
Change the handling of fchmodat(AT_SYMLINK_NOFOLLOW) to reject it if the host system does, so we preserve host system behavior. Mask out group/other write bits when actually creating files to reduce risks to filesystem integrity.
2014-05-15fchmodat: don't pass AT_SYMLINK_NOFOLLOWseebs/xattrPeter Seebach
underlying fchmodat() will just fail, but GNU tar calls it that way anyway, figuring it'll just retry on failure, but we don't report the failure. Nor do we want to, because that's expensive and slow and will result in additional database round trips. But I don't want to fail out right away, so for now, just strip the flag.
2014-04-24subports: Use right compilerPeter Seebach
Turns out the checks for feature support were using plain cc, not ${CC}, which could break tests. Also add a sanity check to the xattr support to confirm that <attr/xattr.h> is available. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-24Make configure handle xattr guessing (or specifying)Peter Seebach
Clean-up: Allow specification of environment hints for subports scripts, such as whether xattr support is available. Also make configure guess at a bit width if none is specified. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-24Spell flag override correctly, rename flagsPeter Seebach
The "/* flags = AT_SYMLINK_NOFOLLOW */" comment only works if it comes AFTER the semicolon in wrapfuncs.in. Who knew? Fix those. Also rename the "flags" arguments for *setxattr() to "xflags" to avoid any confusion about the flags variable. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-22xattr support and other path stuff: reduce allocation and copyingPeter Seebach
The xattr first-pass implementation was allocating a buffer to hold the name and value for a set operation, then pseudo_client was allocating *another* buffer to hold the path and those two values. pseudo_client_op develops more nuanced argument handling, and also uses a static buffer for the extended paths it sometimes needs. So for the typical use case, only occasional operations will need to reallocate/expand the buffer, and we'll be down to copying things into that buffer once per operation, instead of having two alloc/free pairs and two copies. And of course, that wasn't two alloc/free pairs, it was one alloc/free pair and one alloc without a free. Whoops. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-21Extended attributes: Intercept posix_acl_accessPeter Seebach
In the fairly common case where someone is using setxattr() to specify the "posix_acl_access" attribute, but in fact the ACL list specified can be fully represented in a plain old mode, we intercept the request and just do a chmod. Even if the request can't be fully represented, we try to represent any aspects of it that we can in the plain old mode. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-04-21Initial draft xattr supportPeter Seebach
Initial, incomplete, support for extended attributes. Extended attributes are implemented fairly naively, using a second table in the file database using the primary file table's id as a foreign key. The ON DELETE CASCADE behavior requires sqlite 3.6.19 or later with foreign key and trigger support compiled in. To reduce round-trips, the client does not check for existing attributes, but rather, sends three distinct set messages; OP_SET_XATTR, OP_CREATE_XATTR, OP_REPLACE_XATTR. A SET message always succeeds, a CREATE fails if the attribute already exists, and a REPLACE fails if the attribute does not already exist. The /* flags */ feature of makewrappers is used to correct path names appropriately, so all functions are already working with complete paths, and can always use functions that work on links; if they were supposed to dereference, the path fixup code got that. The xattr support is enabled, for now, conditional on whether getfattr --help succeeds. Not yet implemented: Translation for system.posix_acl_access, which is used by "cp -a" (or "cp --preserve-all") on some systems to try to copy modes. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-01-23mkdir was storing/reporting modes with 0700 addedPeter Seebach
2014-01-23mknod apparently got broken a long time ago, fixedPeter Seebach
2013-06-25Change debugging to use flags rather than levelsPeter Seebach
This is a moderately intrusive change. The basic overall effect: Debugging messages are now controlled, not by a numeric "level", but by a series of flags, which are expressed as a string of letters. Each flag has a single-letter form used for string specifications, a name, a description, a numeric value (1 through N), and a flag value (which is 1 << the numeric value). (This does mean that no flag has the value 1, so we only have 31 bits available. Tiny violins play.) The other significant change is that the pseudo_debug calls are now implemented with a do/while macro containing a conditional, so that computationally-expensive arguments are never evaluated if the corresponding debug flags weren't set. The assumption is that in the vast majority of cases (specifically, all of them so far) the debug flags for a given call are a compile-time constant, so the nested conditional will never actually show up in code when compiled with optimization; we'll just see the appropriate conditional test. The VERBOSE flag is magical, in that if the VERBOSE flag is used in a message, the debug flags have to have both VERBOSE and at least one other flag for the call to be made. This should dramatically improve performance for a lot of cases without as much need for PSEUDO_NDEBUG, and improve the ability of users to get coherent debugging output that means something and is relevant to a given case. It's also intended to set the stage for future development work involving improving the clarity and legibility of pseudo's diagnostic messages in general. Old things which used numeric values for PSEUDO_DEBUG will sort of continue to work, though they will almost always be less verbose than they used to. There should probably be a pass through adding "| PDBGF_CONSISTENCY" to a lot of the messages that are specific to some other type.
2013-06-18Fix RHEL 4.7 compilation errorPeter Seebach
No idea how this survived so long, but the clone() syscall prototype on RHEL 4.7 doesn't have the "..." for additional arguments, so we can't pass them. Also had unused variables that would otherwise have been being filled in from va_args and passed. But there's no extra args to pass. Interestingly, this contradicts the clone() man page in RHEL 4.7. If you have problems with clone() there, that's probably why.
2013-02-17Darwin fixes for fsync changes, uninitialized variablePeter Seebach
Darwin's off_t is a 64-bit type, so there's no off64_t. Also, there's an uninitialized variable usage in unlinkat which LLVM catches. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2013-02-16If you don't want the answer, don't ask the question.Peter Seebach
Most pseudo operations don't actually USE the server's response. So why wait for a response? This patch introduces a new message type, PSEUDO_MSG_FASTOP. It also tags pseudo operation types with whether or not they need to give a response. This requires updates to maketables to allow non-string types for additional columns, and the addition of some quotes to the SQL query enums/query_type.in table. A few routines are altered to change their behavior and whether or not they perform a stat operation. The only operations that do wait are OP_FSTAT and OP_STAT, OP_MKNOD, and OP_MAY_UNLINK. Rationale: You can't query the server for replacement information and not wait for it. Makes no sense. There's extra checking in mknod, because we really do want to fail out if we couldn't do that -- that implies that we haven't created a thing that will look like a node. The result from OP_MAY_UNLINK is checked because it's used to determine whether we need to send a DID_UNLINK or CANCEL_UNLINK. It might be cheaper to send two messages without waiting than to send one, wait, and maybe send another, but I don't want to send invalid messages. This is highly experimental.
2013-02-16allow pseudo to force asynchronous behaviorPeter Seebach
The openembedded build, at least with RPM or SMART, is heavily affected by the cost of calling fsync or fdatasync on package databases all the time. Gosh, wouldn't it be nice if we could suppress that without making dozens of highly intrusive and risky changes into RPM, various database packages, and so on? Yes, yes it would. If only there were a program which could intercept system calls and change their behavior! Enter --enable-force-async. There are now wrappers for fsync, fdatasync, and a few related functions. If --enable-force-async is set, these wrappers instantly return 0, even if PSEUDO_DISABLED is set. And with any luck, bitbake will now perform a bit better. Credit for this insight goes to Richard Purdie. I've reimplemented this to add the configure option, and make the fsync suppression work even when PSEUDO_DISABLED is set.
2013-02-13Fix linkat() again.pseudo-1.4.5PSEUDO_1_4_5Peter Seebach
wrap_linkat() was trying to avoid "redundantly" expanding paths before calling real_linkat(). Which is fine when you're not using an absolute path in a chroot environment, but if you are, it ends up calling the real syscall with the absolute path and no chroot prefix. General observation: All the *at() implementations are expanding paths into absolute paths, then dutifully calling real_*at() functions with them anyway. This is silly. Added a note to Futures.txt to fix it some day. In the mean time, linkat() is fixed correctly; it always expands paths, does so exactly once, and then uses the underlying link() call because it doesn't need special processing of directory fds anymore. Also fixed errno stashing to reduce the risk that link() will change errno in a circumstance where it doesn't actually fail.
2013-02-12Fix link() to work when chrootedpseudo-1.4.4PSEUDO_1_4_4Peter Seebach
The automatic path fixups invoked for names which end in the string "path" was still applying to link(), which then called linkat(), which would do the same path fixups; if you were chrooted, this would produce bogus paths. On systems which actually have linkat(), this would produce the even more mysterious behavior that the link would succeed, but the following stat would fail. Solution: Change the wrapfuncs prototypes for link() so it doesn't invoke automatic path name fixups.
2012-12-12bitrot and linkat() fixes for Darwin.SEEBS_TESTINGPeter Seebach
2012-12-12add linkat() implementationPeter Seebach
We never had an implementation for linkat() because no one used it; now someone uses it. link() is now implemented on top of linkat(). Note the abnormal AT_SYMLINK_FOLLOW (as opposed to _NOFOLLOW) flag.
2012-08-09Fix up chroot damage caused by PSEUDO_STATBUF fixpseudo-1.4.1PSEUDO_1_4_1Peter Seebach
The PSEUDO_STATBUF change (allowing operations on files over 2GB even on 32-bit systems) introduced a subtle bug; by calling stat64() rather than real_stat(), pseudo stopped handling chrooted paths well. In most cases, this was fine, but in the specific case of a rename, where the stat buffers for the various parts were actually used, it wasn't. Of particular note, pseudo could end up creating links which had stack garbage for their stat buffs, because it assumed that if the rename operation succeeded, the stat operations must have succeeded. Of course, there is no real_stat64 in the Linux port, because there's no need for it; most code is calling __xstat64 or some relative thereof, and even if you did really call stat64, it'd end up routed there anyway. So we add that so that it can be used for calls and we don't have to encode Linux-specific magic about __xstat into the generic header.
2012-08-02Remove the _plain thing, use PSEUDO_STATBUF everywhere.Peter Seebach
The _plain thing was added because of clashes between Linux ("struct stat64 for 64-bit file sizes") and Darwin ("struct stat is already 64 bits"). But it turns out not to be enough, because stat will *fail* if it cannot represent a file size, so when something like unlinkat() calls a non-64-bit stat in order to determine whether a file exists, it gets the wrong answer if the file is over 2GB in size. Solution: Continue using PSEUDO_STATBUF, and also provide defines for base_stat() which can be either real_stat() or real_stat64(), etcetera. This eliminates any reason to need the _plain functions. It also suggests that the other real___fxstatat() calls should someday go away because that is an ugly, ugly, implementation detail. As part of testing this, fix up some bitrot which affected Darwin (such as the continue outside of a loop, but inside an #ifdef; that was left over from the conversion of init_one_wrapper to a separate function).
2012-03-28cleanup and fixesPeter Seebach
Spotted a couple of things during the last batch of fixes; fixing these up so things are more consistent or clearer.
2012-03-27add popen() callPeter Seebach
We weren't trapping popen(), so if environment variables were in an inconsistent state when popen() was called, Bad Things Happened. Add a popen() wrapper. Like a couple of other special cases, is applied even when pseudo is theoretically disabled, and that includes the antimagic case. (But we never use popen() so that's fine.)
2012-02-06The O_LARGEFILE value was getting merged into mode (where it wasPeter Seebach
ignored) rather than flags (where it was needed), meaning that the open64 type functions didn't work as intended on 32-bit hosts.
2012-02-06Fix *at() function interface holesPeter Seebach
1. Fix *at() where dirfd is obtained through dirfd(DIR *). The dirfd(DIR *) interface allows you to get the fd for a DIR *, meaning you can use it with openat(), meaning you can need its path. This causes a segfault. Also fixed the base_path code not to segfault in that case, but first fix the underlying problem. 2. Implement renameat() After three long years, someone tried to use this. This was impossibly hard back when pseudo was written, because there was only one dirfd provided for. Thing is, now, the canonicalization happens in wrapfuncs, so a small tweak to makewrappers to recognize that oldpath should use olddirfd if it exists is enough to get us fully canonicalized paths when needed.
2011-11-02Rework the clone wrapper to add an intermediate function to resolve a defect.Mark Hatle
Previously the clone(2) wrapper unconditionallity restored the system environment. It also invokes the checks to see if the user has requested pseudo to be disabled or unloaded. Due to the semantics of clone, this caused both the parent and child processes to be disabled or unloaded. The new code adds an intermediate function, wrap_clone_child, that only runs within the child context. This way we can be sure to only disable/unload pseudo from within the child process. In addition, we avoid mucking with the environment if CLONE_VM is set, since this will affect both parent and child. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2011-11-02Implement PSEUDO_UNLOAD, replacing existing PSEUDO_RELOADED semantics.Mark Hatle
Change from internal PSEUDO_RELOADED to external PSEUDO_UNLOAD environment variable. Enable external programs to have a safe and reliable way to unload pseudo on the next exec*. PSEUDO_UNLOAD also will disable pseudo if we're in a fork/clone situation in the same way PSEUDO_DISABLED=1 would. Rename the PSEUDO_DISABLED tests, and create a similar set for the new PSEUDO_UNLOAD. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2011-06-09Fix realpath(name, NULL) when PSEUDO_DISABLED=1Peter Seebach
On some Linux systems, dlsym("realpath", RTLD_NEXT) prefers for reasons of its own to give a symbol that is also known as old_realpath, which fails and yields EINVAL when called with a null pointer as the second argument. This can be avoided, on some systems, by using dlvsym() to request the GLIBC_2.3 version of the symbol. The wrapper logic is enhanced to allow for specifying versions, although this currently only works for Linux (Darwin has no dlvsym, apparently?). The test case is a trivial program which calls realpath(name, NULL) run with PSEUDO_DISABLED=1.
2011-06-06Improve system()Peter Seebach
2011-06-02Add system() wrapper to force setup of the pseudo environment. NotePeter Seebach
that we add an extra fork() so we can do the setup in a child process, but still just pass the command string to the standard system() call.
2011-05-31Change logic on file creation/chmod so that we only secretly mask inPeter Seebach
the 0100 bit for directories. The reason is that otherwise we create plain files which are 0700 on disk, which means they're non-zero &0111, which breaks euidaccess(X_OK).
2011-05-25Make ulckpwdf() report failuresSeebs
2011-04-16Fix oldclone port, which had bit-rotted since it was developed.Peter Seebach
2011-03-25Make subports/preports executable.Peter Seebach
2011-03-25Merge in ports workPeter Seebach
This is a spiffied-up rebase of a bunch of intermediate changes, presented as a whole because it is, surprisingly, less confusing that way. The basic idea is to separate the guts code into categories ranging from generic stuff that can be the same everywhere and specific variants. The big scary one is the Darwin support, which actually seems to run okay on 64-bit OS X 10.6. (No other variants were tested.) The other example given is support for the old clone() syscall on RHEL 4, which affects some wrlinux use cases. There's a few minor cleanup bits here, such as a function with inconsistent calling conventions, but nothing really exciting.