Age | Commit message (Collapse) | Author |
|
Two little bug fixes.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When I trimmed the spurious free()s for the new lower-allocation
path strategy, I forgot to look for cases where I was relying on
the allocation, such as realpath(path, NULL).
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
lstat can fail on XFS if the inode number won't fit in a 32-bit value.
Use base_lstat. Also, just in case, don't call it if it's not initialized
yet (which should never happen).
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Performance cleanups including the experimental xattrdb feature.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
gcc is better about warnings and spotted variables being assigned but
not used. Clever gcc. Cleaned up the old bits.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Add some debug messages useful for tracking down xattr behaviors.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When xattr emulation is used to store extended attributes, dummy
entries get made in the db using whatever UID/GID were in the real
stat buffer if no entry already existed. Change these to -1, and
treat -1 uid/gid as a missing entry for stat purposes.
xattrdb was not merging existing uid/gid values. Change this by
loading existing values to merge them in when executing chown/chmod
commands.
Newly-created files could end up with a filesystem mode of 0 if
you used umask, but this breaks xattrdb.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When setting an extended attribute using the database, we create a
dummy entry for the file (so there will be a file row corresponding
to that path name for later lookups). But this entry was coming in
with host UID/GID values in some cases. Instead, use -1 uid/gid,
and have STAT report those as failures rather than as existing
values. (Other cases should not be copying them. I think.)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Dropping the alloc from file paths meant that pseudo_exec_path
could end up just returning its original argument, which was
const-qualified, meaning its return should also be const-qualified.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
OP_OPEN and OP_EXEC are used only when logging. The server can now
tell the client (in response to initial ping) whether or not it is
logging, and if it isn't, the client doesn't send those messages.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
This is a moderately experimental feature which stores values in an
extended attribute called 'user.pseudo_data' instead of in the database.
Still missing: Database<->filesystem synchronization for this.
For at least some workloads, this can dramatically improve performance.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Instead of allocating (and then freeing) these paths all the time,
use a rotating selection of buffers of fixed but probably large enough
size (the same size that would have been the maximum anyway in
general). With the exception of fts_open, there's no likely way to
end up needing more than two or three such paths at a time. fts_open
dups the paths since it could have a large number and need them for
a while. This dramatically reduces (in principle) the amount of allocation
and especially reallocation going on.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
A partially-implemented profiler for client time, which basically just
inserts (optional) gettimeofday calls in various places and stashes data
in a flat file containing one data block per pid.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Worked for trivial cases, but spuriously closed fd 0 and had
other issues. Separated implementations out.
|
|
|
|
Some years back, there was a historical reason (lost to the mists of
time) for which we had problems if we allowed actual creation of fifos,
but so far as we know we don't expect any problems with them now,
and there's a bitbake change which would like to be able to use fifos
for logging, so let's try enabling them and see what happens.
|
|
In the case where an "oldpath" is actually the data for an xattr
operation, don't truncate it. Trailing slashes should only be removed
from things which are actually filenames.
|
|
There was supposed to be a check for filenames showing up
with a trailing slash when the file was not a directory. What
actually made it in was a check for a mismatch between "is
a directory" and "has trailing slash", which produced spurious
messages saying the path had a trailing slash whenever a
directory path did *not* have a trailing slash. But that's
valid and should not produce diagnostics. Let alone thousands
of diagnostics.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
|
|
The (cd $prefix; pwd) only works when the prefix already exists.
Check for prefix existing before doing that.
|
|
|
|
Having the same logic twice was sorta bugging me. Now the
function-like-macro is sorta bugging me, and I'll just let
it.
|
|
This is derived in significant part from contributions to oe-core
by Peter A. Bigot. I reworked the path routine a bit to use an
already duplicated string instead of allocating copies of parts of
it.
The first issue was just that there was a missing antimagic() around
some of the path operations. The second is that we wanted to have
a way to provide a fallback password file which isn't the host's,
but which can be used in the case where the target filesystem hasn't
got a password yet, for bootstrapping purposes. (So there's a minimal
password file that just has root, basically.)
Also, I noticed a design flaw, which is that if you ended up
calling pseudo_pwd_lck_open() twice in a row, the second time
through, pseudo would first check whether it had a path name
for the file (it does), and thus not allocate one, then call
the close routine (which frees it and nulls the pointer), then
open a new one... and not have a file name, so the next attempt
to close it wouldn't unlink the file. This shouldn't ever
come up in real code, but it was bugging me.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
It turns out that "a/" is equivalent to "a/.", and that in particular
it should fail when a is not a directory. Pseudo's been silently stripping
them and this breaks things. Attempt to fix that, lightly tested.
|
|
|
|
Trying to track down problems which sometimes result in files showing
up as nameless files, producing clashes later. Looks like there were two
issues; one is we were creating links for files that we'd already
found by inode. The other is that rename was sending bogus LINK messages
in some cases. Also simplified the find_file_dev path to extract the
path as part of the initial operation, since there wasn't any case where
that wasn't being done immediately afterwards.
|
|
So it turns out that the sanity checks should be skipped on did_unlink,
because otherwise if an inode gets reused for a different file type,
it'll get nuked. This is pretty rare, but appears to bite us occasionally
during debug stripping.
|
|
It turns out that, in the fairly common case where the did-unlink stuff
has saved us from worse problems, pseudo produces probably-spurious
error messages about the path mismatch when the did-unlink shows up.
Change that into a debug message. Also fix a typo in a comment.
|
|
XFS apparently has 64-bit inodes. Our inode data path was
*almost* 64-bit clean. This doesn't require a database format change
because sqlite3 doesn't distinguish, but it will probably
invalidate existing files.db things on XFS. But they were broken
anyway.
|
|
|
|
|
|
The assumption that a host is either x86_64 or x86_32 does not
hold well on target systems.
|
|
We don't want to pick up newer memcpy because pseudo sometimes has to
run host binaries even when built against a newer libc.
|
|
More complicated, because we actually need to make com.apple stuff work
probably.
|
|
The sqlite flags don't need to be present if they don't have
meaningful values. I think.
|
|
strlen(array) isn't a constant expression, even though gcc can sometimes
figure it out at compile time.
|
|
Also for lstat, but that probably never matters because in Linux
you will never actually call lstat without working really hard at
it, because you end up calling __lxstat anyway. (Was already
doing the right thing for Darwin.)
|
|
So it turns out that if you fix a bug inside an #ifdef that hasn't
applied to anything in years, it doesn't actually fix the bug.
|
|
|
|
We used to rely on filesystem operations to apply the umask when
appropriate, but when we started masking out 022, that stopped working.
Start watching umask.
|
|
PSEUDO_DB_MODE restores a proposed mode's 0700 bits, but now that we're
masking 022 out, it should also restore those. Change it to restore
0722 from a proposed mode before sending to database.
|
|
Various wrappers checked for a non-null pseudo_get_value("PSEUDO_UNLOAD") to
determine whether the environment should include the pseudo variables. None
of those checks freed the returned value when it was not null. The new
check function does.
The new check function also sees whether PSEUDO_UNLOAD was defined in the
environment that should be used in the wrapped system call. This allows
pkg_postinst scripts to strip out the LD_PRELOAD setting, for example before
invoking qemu to execute commands in an environment that does not have
libpseudo.so.
[YOCTO #4843]
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Wait until the server has finished processing all of our messages
before exiting. Otherwise, it's possible for a command which sends
a no-response message and then exits to be followed by another
command which assumes the first one's done, and the second command's
messages can get processed first.
|
|
Change the handling of fchmodat(AT_SYMLINK_NOFOLLOW) to reject it
if the host system does, so we preserve host system behavior.
Mask out group/other write bits when actually creating files to
reduce risks to filesystem integrity.
|
|
underlying fchmodat() will just fail, but GNU tar calls it that way
anyway, figuring it'll just retry on failure, but we don't report
the failure. Nor do we want to, because that's expensive and slow
and will result in additional database round trips. But I don't want
to fail out right away, so for now, just strip the flag.
|
|
Turns out the checks for feature support were using plain cc,
not ${CC}, which could break tests. Also add a sanity check to the
xattr support to confirm that <attr/xattr.h> is available.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Clean-up: Allow specification of environment hints for subports
scripts, such as whether xattr support is available. Also make
configure guess at a bit width if none is specified.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
The test case is based on the simple test of doing:
touch foo
getfattr -d foo
setfattr -n "user.dummy" -v "test" foo
getfattr -d foo
# file: foo
user.dummy="test"
setfattr -n "security.dummy" -v "test" foo
getfattr -n "security.dummy" foo
If pseudo is not running, the first part should work as long as extended
attributes are enabled, but the attempt to set "security...."
should result in a failure similar to:
setfattr: foo: Operation not permitted
As long as pseudo is working properly, no errors should be reported, and
the data should come back with the same values as were originally set.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
The "/* flags = AT_SYMLINK_NOFOLLOW */" comment only works if
it comes AFTER the semicolon in wrapfuncs.in. Who knew? Fix
those. Also rename the "flags" arguments for *setxattr() to
"xflags" to avoid any confusion about the flags variable.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Was using the length of the name instead of the length of the
value on insert, but not on update, so initial settings of values
were busted often.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|