Age | Commit message (Collapse) | Author |
|
This is a rework which replaces a previous patch. In this version,
files created with O_TMPFILE don't get recorded in the database
at all, but if we get a link request for /proc/self/fd/N, and the
corresponding file is not in the database, we send a CREAT request
for it instead of a LINK, and that appears to work with a MUCH
reduced chance of database leakage.
Also the O_TMPFILE won't be creating bogus database entries
anymore.
Signed-off-by: Seebs <seebs@seebs.net>
linkat fix
|
|
file. Before setting a file's capabilities with cap_set_file() (which uses
setxattr()) it calls cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag,
CAP_SET). cap_set_flag() uses the capset syscall to raise the process'
effective capability. In most cases if the process isn't running as root
this will fail and setcap will exit with an error. Because setxattr is
intercepted by pseudo it's unnecessary for setcap to call capset().
Override capset with a pseudo function that does nothing and always
returns 0.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
Signed-off-by: Seebs <seebs@seebs.net>
|
|
So a recent change to ld.so behavior revealed that pseudo was not
always correctly detecting that a function hadn't been found by the
RTLD_NEXT search. This only happened for functions which genuinely
didn't exist and wouldn't get called (like mknod on Linux, which
is actually always done as an inline function that calls __xmknod),
but when the diagnostics started showing up, it broke things. Fix it
so the diagnostics would have shown up when things were originally
broken, also fix the resulting diagnostics.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
mknod(2) automatically defaults to S_IFREG if not given an explicit
file type, so pseudo should too. Otherwise, GNU tar can (for some
reason, it mostly does this when extracting xattrs?) invoke mknod
instead of open with O_CREAT to create a file, and just provide the
permission bits, and pseudo creates a "weird file" with no type bits
in the database, which is unhelpful.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
The f{re,}open{64,} functions use a default mode of 0666 & ~umask,
and defaulting to 0600 for the post-open chmod was breaking some use
cases. Problem and solution identified by Ross Burton, I just made the
local copy of the patch.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
There's some changes to allow things to work even if umask is 0700;
originally this was just regarded as a broken state, but it became
necessary to fix it in order for the xattrdb code to work, only the
fix could result in files having a raw filesystem mode that lacked
execute bits it should have had.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
When xattr emulation is used to store extended attributes, dummy
entries get made in the db using whatever UID/GID were in the real
stat buffer if no entry already existed. Change these to -1, and
treat -1 uid/gid as a missing entry for stat purposes.
xattrdb was not merging existing uid/gid values. Change this by
loading existing values to merge them in when executing chown/chmod
commands.
Newly-created files could end up with a filesystem mode of 0 if
you used umask, but this breaks xattrdb.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
Instead of allocating (and then freeing) these paths all the time,
use a rotating selection of buffers of fixed but probably large enough
size (the same size that would have been the maximum anyway in
general). With the exception of fts_open, there's no likely way to
end up needing more than two or three such paths at a time. fts_open
dups the paths since it could have a large number and need them for
a while. This dramatically reduces (in principle) the amount of allocation
and especially reallocation going on.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
A partially-implemented profiler for client time, which basically just
inserts (optional) gettimeofday calls in various places and stashes data
in a flat file containing one data block per pid.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
We used to rely on filesystem operations to apply the umask when
appropriate, but when we started masking out 022, that stopped working.
Start watching umask.
|
|
Initial, incomplete, support for extended attributes. Extended
attributes are implemented fairly naively, using a second table
in the file database using the primary file table's id as a
foreign key. The ON DELETE CASCADE behavior requires sqlite 3.6.19
or later with foreign key and trigger support compiled in.
To reduce round-trips, the client does not check for existing
attributes, but rather, sends three distinct set messages;
OP_SET_XATTR, OP_CREATE_XATTR, OP_REPLACE_XATTR. A SET message
always succeeds, a CREATE fails if the attribute already
exists, and a REPLACE fails if the attribute does not already
exist.
The /* flags */ feature of makewrappers is used to correct
path names appropriately, so all functions are already working
with complete paths, and can always use functions that work
on links; if they were supposed to dereference, the path
fixup code got that.
The xattr support is enabled, for now, conditional on
whether getfattr --help succeeds.
Not yet implemented: Translation for system.posix_acl_access,
which is used by "cp -a" (or "cp --preserve-all") on some
systems to try to copy modes.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
|
|
This is a moderately intrusive change. The basic overall effect:
Debugging messages are now controlled, not by a numeric "level",
but by a series of flags, which are expressed as a string of
letters. Each flag has a single-letter form used for string
specifications, a name, a description, a numeric value (1 through N),
and a flag value (which is 1 << the numeric value). (This does mean
that no flag has the value 1, so we only have 31 bits available.
Tiny violins play.)
The other significant change is that the pseudo_debug calls
are now implemented with a do/while macro containing a conditional,
so that computationally-expensive arguments are never evaluated
if the corresponding debug flags weren't set. The assumption is
that in the vast majority of cases (specifically, all of them
so far) the debug flags for a given call are a compile-time constant,
so the nested conditional will never actually show up in code
when compiled with optimization; we'll just see the appropriate
conditional test.
The VERBOSE flag is magical, in that if the VERBOSE flag is
used in a message, the debug flags have to have both VERBOSE and
at least one other flag for the call to be made.
This should dramatically improve performance for a lot of cases
without as much need for PSEUDO_NDEBUG, and improve the ability of
users to get coherent debugging output that means something and is
relevant to a given case.
It's also intended to set the stage for future development work
involving improving the clarity and legibility of pseudo's diagnostic
messages in general.
Old things which used numeric values for PSEUDO_DEBUG will sort
of continue to work, though they will almost always be less verbose
than they used to. There should probably be a pass through adding
"| PDBGF_CONSISTENCY" to a lot of the messages that are specific
to some other type.
|
|
The openembedded build, at least with RPM or SMART, is heavily affected
by the cost of calling fsync or fdatasync on package databases all the
time. Gosh, wouldn't it be nice if we could suppress that without making
dozens of highly intrusive and risky changes into RPM, various database
packages, and so on?
Yes, yes it would. If only there were a program which could intercept
system calls and change their behavior!
Enter --enable-force-async. There are now wrappers for fsync, fdatasync,
and a few related functions. If --enable-force-async is set, these wrappers
instantly return 0, even if PSEUDO_DISABLED is set. And with any luck,
bitbake will now perform a bit better.
Credit for this insight goes to Richard Purdie. I've reimplemented
this to add the configure option, and make the fsync suppression work
even when PSEUDO_DISABLED is set.
|
|
The PSEUDO_STATBUF change (allowing operations on files over
2GB even on 32-bit systems) introduced a subtle bug; by calling
stat64() rather than real_stat(), pseudo stopped handling
chrooted paths well. In most cases, this was fine, but in the
specific case of a rename, where the stat buffers for the various
parts were actually used, it wasn't. Of particular note, pseudo
could end up creating links which had stack garbage for their
stat buffs, because it assumed that if the rename operation
succeeded, the stat operations must have succeeded.
Of course, there is no real_stat64 in the Linux port, because
there's no need for it; most code is calling __xstat64 or some
relative thereof, and even if you did really call stat64, it'd
end up routed there anyway. So we add that so that it can be
used for calls and we don't have to encode Linux-specific
magic about __xstat into the generic header.
|
|
ignored) rather than flags (where it was needed), meaning that the
open64 type functions didn't work as intended on 32-bit hosts.
|
|
the 0100 bit for directories. The reason is that otherwise we create
plain files which are 0700 on disk, which means they're non-zero &0111,
which breaks euidaccess(X_OK).
|
|
|
|
This is a spiffied-up rebase of a bunch of intermediate changes, presented
as a whole because it is, surprisingly, less confusing that way. The basic
idea is to separate the guts code into categories ranging from generic
stuff that can be the same everywhere and specific variants. The big scary
one is the Darwin support, which actually seems to run okay on 64-bit OS X
10.6. (No other variants were tested.) The other example given is support
for the old clone() syscall on RHEL 4, which affects some wrlinux use cases.
There's a few minor cleanup bits here, such as a function with inconsistent
calling conventions, but nothing really exciting.
|