aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2021-11-11pseudo_fix_path: do not expand symlinks in /procoe-coreMatt Cowell
Some symlinks in /proc, such as those under /proc/[pid]/fd, /proc/[pid]/cwd, and /proc/[pid]/exe that are not real and should not have readlink called on them. These look like symlinks, but behave like hardlinks. Readlink does not return actual paths. Previously pseudo_fix_path would expand files such as /dev/stdin to paths such as /proc/6680/fd/pipe:[1270830076] which do not exist. This issue affects: - deleted files - deleted directories - fifos - sockets - anon_inodes (epoll, eventfd, inotify, signalfd, timerfd, etc) Testing: - run_tests: all tests passed (3 tests check the new code path). Checked test output to make sure the new codepath gets executed. - perftest: measured time before and after applying the patch had insignificant differences (roughly ~1%) - world build: completed without warning/errors Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-10-30ports/linux: Add wrapper for fcntl64()Richard Purdie
Add a wrapper for the fcntl64 glibc function based on the fcntl wrapper which is effectively the same. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-25pseudo_db: Flush DB if there is a shutdown requestRichard Purdie
We have some challenges in ensuring the pseudo database is flushed to disk in things like docker containers since the processes can be killed with no warning at container termination. Rightly or wrongly, we need to handle this better. There is no current way to flush the DB but there is a shutdoen request mechanism. Whilst we can't force a shutdown from bitbake due to the multiple connected clients and the existing 3s shutdown isn't enough, we can take the hint to flush the DB at this time. Further writes are unlikely. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-10fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZMike Crowe
[Add tests accidentally missed in previous commit] Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-10ports/linux/guts: Add closefrom support for glibc 2.34Richard Purdie
glibc 2.34 adds a closefrom() function call to close a range of file descriptors. This one is problematic for us since pseudo can have its own fds open in the close range. To handle this we add a specific client side op, OP_CLOSEFROM, similar to OP_CLOSE which closes the fds in the range which aren't pseudo fds. This means manually closing some of the fds ourselves and then modifying the call to closefrom for the rest. Not pretty but I'm struggling to see a better way. It does mean msg/result is used in a new case to let the caller know which fds to close as the range needs to change. This is allowed after the previous static change. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-09pseudo_client: Make msg static in pseudo_op_clientRichard Purdie
The address of msg is returned by the function in the OP_CHROOT case. Whilst the way it is used means it is just a way of saying true/false, the compiler doesn't know this and can warn and this isn't really allowed. The other pseudo funcitons in this area already use a static msg so make this function match the others. There wouldn't be re-enterancy in this context. Need to be careful about clearing the data upon each function entry and not just once at init. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-09ports/linux/guts: Add close_range wrapper for glibc 2.34Richard Purdie
glibc 2.34 adds a close_range() function call. This one is straight forward as it allows ENOSYS to be returned and the caller has to handle it so lets do that. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-09pseudo_client: Do not pass null argument to pseudo_diag()Damian Wrobel
Fixes the following warning: pseudo_client.c: In function ‘pseudo_root_path’: pseudo_client.c:848:17: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 848 | pseudo_diag("couldn't allocate absolute path for '%s'.\n", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 849 | path); | ~~~~~ Signed-off-by: Damian Wrobel <dwrobel@ertelnet.rybnik.pl> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-09test-openat: Consider device as well as inode numberMike Crowe
It just so happens that my /home/mac and /home directories have the same inode number but on different filesystems. This means that test-openat fails with "Recursion failed!" even when run without pseudo. Let's consider both the device number and the inode number before assuming that we've found the same directory again. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-09test: Add missing test-statx test casePhilip Lorenz
Adding this test case was erroneously omitted in 7c722296879906fe093e1e7c4b7537e150d492cd. Signed-off-by: Philip Lorenz <philip@bithub.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-09-09fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZMike Crowe
When running the test suite on my Debian 11 box I see many occurrences of: unknown fcntl argument 1032, assuming long argument. (for example from test-execl.sh.) It appears that this is F_GETPIPE_SZ and it takes no arguments. Let's add it and the corresponding F_SETPIPE_SZ too to avoid the warning messages. F_SETPIPE_SZ accepts an int argument, which strictly speaking isn't the same as the long that the wrapper expects. However, this is also true for F_DUPFD which seems to be working correctly on all the targets that people care about. We need to define the command constants if the system headers don't provide them to ensure that a binary built on an old system works without the new commands works correctly only a newer one that tries to use them. If the system values differ from the expected ones then such a binary would also be incompatible, so fail the build in that case too. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-07-11Revert "client: Fix some compiler warnings"Richard Purdie
This change seems to cause faults in OE builds, not investigated why but revert until we can debug. "bitbake linux-libc-headers" reproduces all the time. This reverts commit 04bca0f85d57da1d0ed0419780df296f8b0ff81d.
2021-07-10ports/linux: Always build statx supportRichard Purdie
We want a pseudo which can build on a system without statx support but work on one with statx support. By adding a copy of the struct we can do this and then work correclty with OE's uninative again. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-05-18makewrappers: Handle parameters marked as nonnullPhilip Lorenz
Commit 60e25a36558f1f07dcce1a044fe976b475bec42b started dereferencing the "path" parameter which for some functions is annotated with the "nonnull" attribute. While the commit explicitly checks for NULL pointers before dereferencing it, GCC (at optimization level 1 and above) removes the check due to the "nonnull" attribute being set for some parameters in the glibc headers (e.g. statx()). However, the statx() man page explicitly allows calling with NULL pointers (in which case the EFAULT is returned) and this behaviour is used in the wild (e.g. in Rust) to determine whether the statx() system call is supported. Disabling the optimization is not possible ([1]) so prevent the compiler optimization by referencing the parameter in a noop inline assembly instruction instead. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100404 Signed-off-by: Philip Lorenz <philip@bithub.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-05-18client: Fix some compiler warningsPhilip Lorenz
Fix some warnings reported by GCC 10.2.0: * NULL pointer passed to '%s' format string parameter: pseudo_client.c: In function ‘pseudo_root_path’: pseudo_client.c:848:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 848 | pseudo_diag("couldn't allocate absolute path for '%s'.\n", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 849 | path); * Return of variable with local storage duration: pseudo_client.c: In function ‘pseudo_client_op’: cc1: warning: function may return address of local variable [-Wreturn-local-addr] pseudo_client.c:1592:15: note: declared here 1592 | pseudo_msg_t msg = { .type = PSEUDO_MSG_OP }; Signed-off-by: Philip Lorenz <philip@bithub.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-05-18wrappers: Avoid -Wcast-function-type warningPhilip Lorenz
GCC emits this warning for mismatched function types unless the generic void (*) (void) signature is used ([1]) - e.g.: warning: cast between incompatible function types from ‘int (*)(const char *)’ to ‘int (*)(void)’ [-Wcast-function-type] [1] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wcast-function-type Signed-off-by: Philip Lorenz <philip@bithub.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-04-09client: strip trailing slashes when opening an ignored pathRoss Burton
The pseudo client path map stores paths that have been sanitised, but in the ignored-path (PSEUDO_IGNORE_PATHS) codepath for open() calls this sanitising wasn't performed so it is possible for paths that end with a trailing slash to be entered. This then subsequently interacts badly with path manipulation, resulting in the situation where doing: fd = open("/some/path/") parent_fd = openat(fd, "../) results in parent_fd actually pointing at /some/path still. Solve this by ensuring that any trailing slashes are removed from the path when adding to the map in the ignore short-circuit. Also add a test case for this to ensure that it doesn't regress in the future. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-15makewrappers: Fix glibc 2.33 fstatat usage issuesRichard Purdie
In glibc 2.33 it makes calls like: fstatat64 (pathfd, "", &st, AT_EMPTY_PATH); where pathfd may be a symlink. This interacts badly with pseudo_root_path() since the empty path is replaced with a pathname from the open fd but AT_SYMLINK_NOFOLLOW is not set, hence the link is resolved and pseudo throws an abort() due to inode mismatch. Where the path is empty, an fd is passed and AT_EMPTY_PATH is set, we can imply that AT_SYMLINK_NOFOLLOW is also effectly set. Adjust the wrapper functions to ensure this, allowing the functions to behave correctly in the AT_EMPTY_PATH case. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-15ports/linux: Add wrapper for fstatat/fstatat64 in glibc 2.33Richard Purdie
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-11ports/rename/renameat: Avoid race when renaming filesRichard Purdie
We're seeing failures where a file is renamed under pseudo but an access appears to be made to the old filename before the OP_RENAME has hit the database but after the real_rename has applied in the kernel. This is effectively the MAY_UNLINK problem for the original filename. There were protections for the newpath but not the oldpath. To try and avoid these aborts(), mark the original path as MAY_UNLINK however we need to be careful not to trigger the DID_UNLINK but instead update the deleting entry in the database as the rename completes. To do this, we no clear the deleting flag during the database rename operation in SQL. Also, we have to stop removing the by_ino matches where by_ino.deleting is set, else we may lose the renamed file's attributes that way. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-11ports/unix: Add faccessat and faccessat2Richard Purdie
Add wrappers for the faccessat and faccessat2 glibc functions matching the way access.c works. faccessat2 was added in glibc 2.33. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-11ports/access.c: Use EACCES, not EPERMRichard Purdie
The man page for access() does not allow for a return value of EPERM, should be EACCES. Fix. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-05linux/portdefs.h: Fix pseudo to work with glibc 2.33Richard Purdie
In glibc 2.33, they've removed the _STAT_VER and _MKNOD_VER definitions from public headers. They have no plans to add these back so pseudo needs to attempt its own definitions. There is some protection as if they were wrong and there was a mismatch, we'd get an error art runtime. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-28pseudo_client: Ensure renames update open fd file pathsRichard Purdie
There is an issue in pseudo where if you open a file, rename the file, then call fstat on the open fd, pseudo would thrown an abort. This is because it needs to track the open fd mappings to files and it doesn't update in the case of a rename. Add code in pseudo to update the fd mappings in the case of a rename call. Also add a test case. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-26pseudo_client.c: Rebuild passwd paths after chrootMichael Ho
Pseudo will calculate the search paths used for passwd operations such as lckpwdf and ulckpwdf using build_passwd_paths when it initiates. This takes into account the chroot at the time. The problem is that after a chroot is performed, pseudo continues to use the search paths calculated from the start for lckpwdf and ulckpwdf. This makes it write the pwd.lock files to a different sysroot if a chroot is called during runtime. This commit resolves that by calling build_passwd_paths again after intercepting chroot calls so the search paths are up to date. This bug manifests in Yocto when shadow is installed into an SDK target rootfs. The postinst triggered will call shadow-native with -R to point to the SDK target rootfs which in turn makes shadow call chroot to the SDK target rootfs before it perform its actions including lckpwdf() and ulckpwdf(). The lock files however will write instead to the normal image target rootfs because it was specified in PSEUDO_PASSWD and was the first path set when the pseudo environment was initiated. By rebuilding the search path after chroot is applied, the lockfiles appear in the correct rootfs. Signed-off-by: Michael Ho <Michael.Ho@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09ports/linux/xattr: add arm64 versions for xattr callsRoss Burton
The xattr functions need to use a specific version of the symbols to avoid calling into libattr.so, which on Tumbleweed causes failures[1]. However on arm64 systems the glibc version is different. This means that searching for llistattr(GLIBC_2.3) fails to initially match the symbol in libc.so, and instead if libattr.so is linked then the symbol in that library is used. This is simply a wrapper that is intended to call the symbol in libc.so but instead calls the symbol in pseudo, so infinite loops. Using the just-added architecture overrides, add the right versions for arm64 systems so the correct symbols in libc.so are found. [ YOCTO #14133 ] [1] b94fa2fc81cde25865ee223ca437d07377229a53 Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09makewrappers: support architecture-overrides in wrapper modifiersRoss Burton
Pseudo allows wrappers to define special comments in the wrapper lists to pass extra arguments such as version=GLIBC_2.3 to control which symbol version to search for. However, these arguments can be architecture-specific. When parsing the arguments, check for flags that end in the architecture name (as returned by platform.machine()) and use those values instead. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09makewrappers: fix Python 2 hangoverRoss Burton
An except statement was still using Python 2 syntax so caused SyntaxErrors if the exception was raised. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09Fix some memory leaksRoss Burton
pseudo_get_value() returns newly allocated memory that the caller must free, so add some free() calls. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09Disable deprecated function warningsRoss Burton
Pseudo has to call deprecated functions because it is wrapping them, so disable deprecation warnings. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09Silence switch block warningsRoss Burton
Slightly alter a fallthrough comment so that GCC recognises it, and add a default: case to a switch which explicitly only handles a few values. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-09pseudo_util: don't overrun strings when looking for keysRoss Burton
Use strcmp() insead of memcmp() when searching for keys as otherwise the comparison will run off the end of the NULL-terminated string. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-06ports: Add lchmod wrapper on linuxRichard Purdie
Newer versions of glibc have a lchmod function which we need to wrap. Add this, and tweak fchmodat to be able to handle the "no symlink resolution" case rather than duplicate code. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-12-16pseudo_client: Simplify pseudo_client_ignore_path_chroot()Peter Kjellerstedt
This also plugs a memory leak by making sure env is freed. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-12-16pseudo_client: Lessen indentation of pseudo_client_ignore_path_chroot()Peter Kjellerstedt
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-11-29pseudo_client: Print PSEUDO_LOGFILE path in abort message on path mismatchesTomasz Dziendzielski
The logfile path should be more visible so it's easier investigate the error. Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-09ports/linux: Add mksotemp64 wrapperRichard Purdie
Similar to mkstemp64 when oflags=0, therefore move the wrapper and call from mkstemp64. Note that some glibc versions would have one but not the other so ensure fall back to the real function is correct on those versions. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08ports/linux/statx: Fix path name mapping issueRichard Purdie
There is magic in the posts where specific variable names have specific magic. For that magic to work, "path" needs to be used not "pathname" as is currently there. Fix this, which fixes path issues on systems using statx (Ubuntu 20.04 in particular). Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08pseudo_client: Fix dirfd handling with empty pathsRichard Purdie
We're seeing systems in the wild (e.g. ubuntu 20.04) which call with a dirfd set to the full filename and path set to "". Since this seems to be expected to work, handle it accordingly. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08pseudo.c: Improve handling of entries with nlink == 0 in fd opsRichard Purdie
Some operations may call unlink() on an open fd, then call fchown/fchmod/fstat on that fd. This would currently readd its entry to the database, which is necessary to preserve its permissions information however since that file will be lost when it is closed, we don't want the DB entry to persist. Marking it as may_unlink means the code will know its likely been deleted and ignore the entry later, giving improved behaviour that simple path mismatch warnings. We can use an nlink of zero to detect this. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08ports/linux/xattr: Fix NULL pointer dereferenceRichard Purdie
In the xattr handling functions, if result is NULL, which it can be with the path ignore code, there is a NULL pointer dereference and segfault. Everywhere else checks result first, this appears to just be an omission. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08pseudo_client: Improve unlinked file descriptor trackingRichard Purdie
Consider what happens if a program does: fd = fopen("A") link("A", "B") unlink("A") fchown(fd) Assuming we can't use the database, in order to handle this correctly, we need to change the open fd to point at B when A us unlinked. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08pseudo_client: Allow server to tell the client to abort() on path mismatchesRichard Purdie
Rather than mapping mismatched inode entries to paths, thrown an abort() instead. Add a new result type to allow the server to pass back this instruction to the client. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08pseudo: Add support for ignoring pathsRichard Purdie
Currently, pseudo considers any path accessed whist its running to be a valid entry to track in its database. The way OpenEmbedded uses pseudo, there are paths we care about accesses to from a pseudo perspective and paths which we simply don't care about. This patch adds a PSEUDO_IGNORE_PATHS environment variable which is a comma separated list of path prefixes to ignore accesses to. To do this, we add some functions which can check a path argument or a file descriptor argument and use these in the pseudo wrappers where path or fd arguments are present. Where paths are being ignored, we skip straight to the underlying real function. Psuedo needs to keep track of the open fd mappings to files so we still need to allow those cases into the pseudo_op function. Specficially this means OP_CLOSE, OP_OPEN, OP_DUP and OP_CHDIR. Apart from OP_OPEN which could call the server, the other operations are client side only so passed through. We 'tag' the functions using these operations so that the path ignore code isn't triggered. For OP_OPEN we exit early and skip the server op. We also have a catch all in client_op to ensure any operatings we didn't manage to skip early still get skipped correctly. OP_CHROOT is a special case. Where ignored path prefixes are used as a chroot, for the lifetime of the chroot, the path is effectively dropped from the PSEUDO_IGNORE_PATHS list. Whilst slightly counter intuaitive, this turned out to be the most effective way to do things due to commands like useradd and their use of chroots. For sqlite3 and appropriate path filtering in OE, this took the database from 45,000 entries to about 180. For dbus this was 88,000 down to 760. Given the number of client to server trips these numbers of paths involves, the win is seemingly worthwhile. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-08pseudo.c: Stop using data from matching inodes but mismatched pathsRichard Purdie
When we see cases where the inode no longer matches the file path, pseudo notices but currently reuses the database entry. This can happen where for example, a file is deleted and a new file created outside of pseudo where the inode number is reused. Change this to ignore the likely stale database entry instead. We're seeing bugs where inode reuse for deleted files causes permission corruption. (See bug #14057 for example). We don't want to delete the database entry as the permissions may need to be applied to that file (and testing shows we do need the path matching code which handles that). I appreciate this should never happen under the original design of pseudo where all file accesses are monitored by pseudo. The reality is to do that, we'd have to run pseudo: a) for all tasks b) as one pseudo database for all of TMPDIR Neither of these is realistically possible for performance reasons. I believe pseudo to be much better at catching all accesses than it might once have been. As such, these "fixups" are in the cases I've seen in the logs, always incorrect. It therefore makes more sense to ignore the database data rather than corrupt the file permissions or worse. Looking at the pseudo logs in my heavily reused build directories, the number of these errors is staggering. This issue would explain many weird bugs we've seen over the years. There is a risk that we could not map permissions in some case where we currently would. I have not seen evidence of this in any logs I've read though. This change, whilst going against the original design, is in my view the safer option for the project at this point given we don't use pseudo as originally designed and never will be able to. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-27pseudo: fix renaming to selfJoe Slater
The pseudo rename guts test for an item being renamed to itself, only after information about it has been deleted. We move the test to before we play with the database. Note that pseudo does not support renameat2(). Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-07-31db: Use WAL mode for on-disk databaseJoshua Watt
If the in-memory database is not being used, enable WAL mode on the database to ensure that the database is resilient to pseudo shutting down unexpectedly (or being terminated by the OS). This allows projects to make the reliability vs. performance tradeoff: If they want performance they can use the in-memory database; if they want resilience they can disable the in-memory database and WAL will prevent database corruption. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-07-20Handle OFD lock flagsStefan Agner
Linux 3.15 and newer introduced new open file description locks. Currently pseudo prints a warning if fcntl is used with OFD locks: unknown fcntl argument 37, assuming long argument. However, calls to fcntl with a OFC lock set need a struct flock pointer. Treat F_OFD_GETLK (and friends) like F_GETLK (and friends). This issue has been observed with ostree. Comparing strace output between two runs with/without this patch shows the same fcntl calls, hence it seems not to matter in practice. Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-06-26test: Added ACL testsJohannes Beisswenger
Signed-off-by: Johannes Beisswenger <johannes.beisswenger@cetitec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-06-26xattr: Fixed corrupting UID&GID when running setfacl -m on a directoryJohannes Beisswenger
The file mode was accidentally overwritten with only the permission bits, causing the server to falsely assume that the database was corrupted (because the msg_header.mode did not contain S_IFDIR anymore) even though it was the client doing the corruption. In practice that had the effect of leaking the UID of the user, into the pseudo environment. This fixes Bug 13959 -- https://bugzilla.yoctoproject.org/show_bug.cgi?id=13959 Signed-off-by: Johannes Beisswenger <johannes.beisswenger@cetitec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>