MSVSphere Packaging Team
5 months ago
parent
f994d089a0
commit
b3abaf7673
GPG Key ID:
B2B0B9F29E528FE8
@ -1,2 +1,2 @@
|
||||
SOURCES/libguestfs.keyring
|
||||
SOURCES/nbdkit-1.36.2.tar.gz
|
||||
SOURCES/nbdkit-1.38.3.tar.gz
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
cc1b37b9cfafa515aab3eefd345ecc59aac2ce7b SOURCES/libguestfs.keyring
|
||||
ca7c103dc96a65bfa5f6263bb5df8478f8038948 SOURCES/nbdkit-1.36.2.tar.gz
|
||||
442637a8da4527c50f9bac0762c31276c2d00796 SOURCES/nbdkit-1.38.3.tar.gz
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
From ac87babe2d1652e3f37715efe9f29ad6f16eb9df Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 4 Dec 2023 10:23:29 +0000
|
||||
Subject: [PATCH] configure: Fix initialization from incompatible pointer type
|
||||
|
||||
With GCC 14:
|
||||
|
||||
configure:20816: checking if environ is declared in header files
|
||||
configure:20833: gcc -c -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grec
|
||||
ord-gcc-switches -pipe -Wall -Werror=format-security
|
||||
-Werror=implicit-function-declaration -Werror=implicit-int
|
||||
-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS
|
||||
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
|
||||
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
|
||||
-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
|
||||
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer conftest.c >&5
|
||||
conftest.c: In function 'test':
|
||||
conftest.c:62:22: error: initialization of 'const char **' from incompatible p
|
||||
ointer type 'char **'
|
||||
62 | const char **env = environ;
|
||||
| ^~~~~~~
|
||||
|
||||
Thanks: Florian Weimer
|
||||
(cherry picked from commit 32a9ee6650654469cd591a3ae26842c54f898392)
|
||||
---
|
||||
configure.ac | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 3b12e357..beab4674 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -335,7 +335,7 @@ AC_LANG_SOURCE([[
|
||||
static int
|
||||
test (void)
|
||||
{
|
||||
- const char **env = environ;
|
||||
+ char **env = environ;
|
||||
return env ? 1 : 0; // this just forces env to be used
|
||||
}
|
||||
]])
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -0,0 +1,46 @@
|
||||
From 14a2646d4221d50b4b194d5dd2d6010808ea642b Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sun, 14 Jul 2024 09:50:31 +0100
|
||||
Subject: [PATCH] nbdkit 1.38: Fix inclusion of <gnutls/socket.h> with old
|
||||
gnutls
|
||||
|
||||
Development branch commit 8ce65bac5a ("build: Move to minimum gnutls
|
||||
>= 3.5.18") changed the way that <gnutls/socket.h> is included. I
|
||||
didn't cherry pick this commit to the stable-1.38 branch since we
|
||||
don't want to force people to update gnutls.
|
||||
|
||||
However when I cherry picked commit 47987e43bd ("server/crypto.c:
|
||||
Check <gnutls/socket.h> works before including it"), I missed that
|
||||
there was still a place where <gnutls/socket.h> was included (which
|
||||
would have been fixed by the commit above).
|
||||
|
||||
The upshot is that compilation of nbdkit 1.38.3 fails on mingw:
|
||||
|
||||
In file included from ../../server/crypto.c:69:
|
||||
/usr/i686-w64-mingw32/sys-root/mingw/include/gnutls/socket.h:32:10: fatal error: sys/socket.h: No such file or directory
|
||||
32 | #include <sys/socket.h>
|
||||
| ^~~~~~~~~~~~~~
|
||||
compilation terminated.
|
||||
|
||||
Fixes: commit f889d822dd96bcf8c0427bd541d730d58b166d83
|
||||
---
|
||||
server/crypto.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/server/crypto.c b/server/crypto.c
|
||||
index 83970282..86843192 100644
|
||||
--- a/server/crypto.c
|
||||
+++ b/server/crypto.c
|
||||
@@ -65,9 +65,6 @@
|
||||
#else
|
||||
#define TRY_KTLS 0
|
||||
#endif
|
||||
-#if TRY_KTLS
|
||||
-#include <gnutls/socket.h>
|
||||
-#endif
|
||||
|
||||
static int crypto_auth;
|
||||
#define CRYPTO_AUTH_CERTIFICATES 1
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -1,58 +0,0 @@
|
||||
From 054798ca11b9f0b71fbad302edf66b52519f5aa2 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 14 Dec 2023 17:47:10 +0000
|
||||
Subject: [PATCH] file: Rework documentation for dir= parameter
|
||||
|
||||
The existing documentation tended towards jargon and lacked examples.
|
||||
|
||||
(cherry picked from commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e)
|
||||
---
|
||||
plugins/file/nbdkit-file-plugin.pod | 23 +++++++++++++++++------
|
||||
1 file changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
|
||||
index 857ad21e..e47eae97 100644
|
||||
--- a/plugins/file/nbdkit-file-plugin.pod
|
||||
+++ b/plugins/file/nbdkit-file-plugin.pod
|
||||
@@ -64,13 +64,23 @@ symbolic links. Other special files in the directory (such as
|
||||
subdirectories, pipes, or Unix sockets) are ignored.
|
||||
|
||||
When this mode is used, the file to be served is chosen by the export
|
||||
-name passed by the client, where the client can request a list of
|
||||
-available exports using NBD_OPT_LIST. A client that requests the
|
||||
-default export (C<"">) will be rejected. However, you can use
|
||||
-L<nbdkit-exportname-filter(1)> to adjust what export names the client
|
||||
-sees or uses as a default. For security, when using directory mode,
|
||||
+name passed by the client. For security, when using directory mode,
|
||||
this plugin will not accept export names containing slash (C</>).
|
||||
|
||||
+To list exports, use L<nbdinfo(1)> I<--list> option, for example:
|
||||
+
|
||||
+ nbdinfo --list nbd://localhost
|
||||
+
|
||||
+An NBD client can request a list of available exports using
|
||||
+C<NBD_OPT_LIST>.
|
||||
+
|
||||
+A client that requests the default export (C<"">) will be rejected.
|
||||
+However, you can use L<nbdkit-exportname-filter(1)> to adjust what
|
||||
+export names the client sees, and which one the client uses as a
|
||||
+default. For example to make F</dir/file> be the default export:
|
||||
+
|
||||
+ nbdkit file dir=/dir --filter=exportname default-export=file
|
||||
+
|
||||
=item B<dirfd=>FILE_DESCRIPTOR
|
||||
|
||||
(nbdkit E<ge> 1.34, not Windows)
|
||||
@@ -262,7 +272,8 @@ L<nbdkit-tmpdisk-plugin(1)>,
|
||||
L<nbdkit-exportname-filter(1)>,
|
||||
L<nbdkit-fua-filter(1)>,
|
||||
L<nbdkit-luks-filter(1)>,
|
||||
-L<nbdkit-noextents-filter(1)>.
|
||||
+L<nbdkit-noextents-filter(1)>,
|
||||
+L<nbdinfo(1)>.
|
||||
|
||||
=head1 AUTHORS
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -0,0 +1,151 @@
|
||||
From f39c63a79ffb888bd565eb49b0ee2590fad8fbb9 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 23 Jul 2024 14:46:41 +0100
|
||||
Subject: [PATCH] server: log: Move preserve errno to log_verror function
|
||||
|
||||
This neutral code refactoring just moves the place where we preserve
|
||||
errno out one layer, but should have no other effect.
|
||||
|
||||
(cherry picked from commit f2c644d4495d5e75883ff729936102c90489e8d8)
|
||||
---
|
||||
server/internal.h | 8 ++++----
|
||||
server/log-stderr.c | 9 ++-------
|
||||
server/log-syslog.c | 13 ++++---------
|
||||
server/log.c | 12 ++++++++----
|
||||
4 files changed, 18 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/server/internal.h b/server/internal.h
|
||||
index 7eba3bce..57e777e9 100644
|
||||
--- a/server/internal.h
|
||||
+++ b/server/internal.h
|
||||
@@ -339,10 +339,10 @@ extern void free_debug_flags (void);
|
||||
extern void log_verror (const char *fs, va_list args);
|
||||
|
||||
/* log-*.c */
|
||||
-extern void log_stderr_verror (const char *fs, va_list args)
|
||||
- ATTRIBUTE_FORMAT_PRINTF (1, 0);
|
||||
-extern void log_syslog_verror (const char *fs, va_list args)
|
||||
- ATTRIBUTE_FORMAT_PRINTF (1, 0);
|
||||
+extern void log_stderr_verror (int orig_errno, const char *fs, va_list args)
|
||||
+ ATTRIBUTE_FORMAT_PRINTF (2, 0);
|
||||
+extern void log_syslog_verror (int orig_errno, const char *fs, va_list args)
|
||||
+ ATTRIBUTE_FORMAT_PRINTF (2, 0);
|
||||
|
||||
/* vfprintf.c */
|
||||
#if !HAVE_VFPRINTF_PERCENT_M
|
||||
diff --git a/server/log-stderr.c b/server/log-stderr.c
|
||||
index 8a55f5df..4d8b09da 100644
|
||||
--- a/server/log-stderr.c
|
||||
+++ b/server/log-stderr.c
|
||||
@@ -43,12 +43,9 @@
|
||||
|
||||
#include "internal.h"
|
||||
|
||||
-/* Note: preserves the previous value of errno. */
|
||||
void
|
||||
-log_stderr_verror (const char *fs, va_list args)
|
||||
+log_stderr_verror (int orig_errno, const char *fs, va_list args)
|
||||
{
|
||||
- int err = errno; /* must be first line of function */
|
||||
-
|
||||
const char *name = threadlocal_get_name ();
|
||||
size_t instance_num = threadlocal_get_instance_num ();
|
||||
int tty;
|
||||
@@ -69,7 +66,7 @@ log_stderr_verror (const char *fs, va_list args)
|
||||
}
|
||||
|
||||
fprintf (stderr, "error: ");
|
||||
- errno = err; /* must restore in case fs contains %m */
|
||||
+ errno = orig_errno; /* must restore in case fs contains %m */
|
||||
vfprintf (stderr, fs, args);
|
||||
fprintf (stderr, "\n");
|
||||
|
||||
@@ -78,6 +75,4 @@ log_stderr_verror (const char *fs, va_list args)
|
||||
#ifdef HAVE_FUNLOCKFILE
|
||||
funlockfile (stderr);
|
||||
#endif
|
||||
-
|
||||
- errno = err; /* must be last line of function */
|
||||
}
|
||||
diff --git a/server/log-syslog.c b/server/log-syslog.c
|
||||
index 76c5035b..29a7a825 100644
|
||||
--- a/server/log-syslog.c
|
||||
+++ b/server/log-syslog.c
|
||||
@@ -45,11 +45,9 @@
|
||||
/* Tempted to use LOG_FTP instead of LOG_DAEMON! */
|
||||
static const int PRIORITY = LOG_DAEMON|LOG_ERR;
|
||||
|
||||
-/* Note: preserves the previous value of errno. */
|
||||
void
|
||||
-log_syslog_verror (const char *fs, va_list args)
|
||||
+log_syslog_verror (int orig_errno, const char *fs, va_list args)
|
||||
{
|
||||
- int err = errno;
|
||||
const char *name = threadlocal_get_name ();
|
||||
size_t instance_num = threadlocal_get_instance_num ();
|
||||
CLEANUP_FREE char *msg = NULL;
|
||||
@@ -59,9 +57,9 @@ log_syslog_verror (const char *fs, va_list args)
|
||||
fp = open_memstream (&msg, &len);
|
||||
if (fp == NULL) {
|
||||
/* Fallback to logging using fs, args directly. */
|
||||
- errno = err; /* Must restore in case fs contains %m */
|
||||
+ errno = orig_errno; /* must restore in case fs contains %m */
|
||||
vsyslog (PRIORITY, fs, args);
|
||||
- goto out;
|
||||
+ return;
|
||||
}
|
||||
|
||||
if (name) {
|
||||
@@ -71,12 +69,9 @@ log_syslog_verror (const char *fs, va_list args)
|
||||
fprintf (fp, ": ");
|
||||
}
|
||||
|
||||
- errno = err; /* Must restore in case fs contains %m */
|
||||
+ errno = orig_errno; /* must restore in case fs contains %m */
|
||||
vfprintf (fp, fs, args);
|
||||
close_memstream (fp);
|
||||
|
||||
syslog (PRIORITY, "%s", msg);
|
||||
-
|
||||
- out:
|
||||
- errno = err;
|
||||
}
|
||||
diff --git a/server/log.c b/server/log.c
|
||||
index 464e4f9a..9c1f667a 100644
|
||||
--- a/server/log.c
|
||||
+++ b/server/log.c
|
||||
@@ -46,23 +46,27 @@
|
||||
void
|
||||
log_verror (const char *fs, va_list args)
|
||||
{
|
||||
+ int orig_errno = errno;
|
||||
+
|
||||
switch (log_to) {
|
||||
case LOG_TO_DEFAULT:
|
||||
if (forked_into_background)
|
||||
- log_syslog_verror (fs, args);
|
||||
+ log_syslog_verror (orig_errno, fs, args);
|
||||
else
|
||||
- log_stderr_verror (fs, args);
|
||||
+ log_stderr_verror (orig_errno, fs, args);
|
||||
break;
|
||||
case LOG_TO_SYSLOG:
|
||||
- log_syslog_verror (fs, args);
|
||||
+ log_syslog_verror (orig_errno, fs, args);
|
||||
break;
|
||||
case LOG_TO_STDERR:
|
||||
- log_stderr_verror (fs, args);
|
||||
+ log_stderr_verror (orig_errno, fs, args);
|
||||
break;
|
||||
case LOG_TO_NULL:
|
||||
/* nothing */
|
||||
break;
|
||||
}
|
||||
+
|
||||
+ errno = orig_errno; /* Restore errno before leaving the function. */
|
||||
}
|
||||
|
||||
/* Note: preserves the previous value of errno. */
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
From 596f97316e65c151741e6ee42893023f6e945c01 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 16 Dec 2023 18:08:37 +0000
|
||||
Subject: [PATCH] file: Fix markup when referencing dir= option from dirfd=
|
||||
docs
|
||||
|
||||
Fixes: commit dd28b005430d020ccd1825437937c317332d3007
|
||||
(cherry picked from commit 5b8c9c49cc352e9b0fba4dde9e0f57c53c9c2457)
|
||||
---
|
||||
plugins/file/nbdkit-file-plugin.pod | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
|
||||
index e47eae97..5feb8ea9 100644
|
||||
--- a/plugins/file/nbdkit-file-plugin.pod
|
||||
+++ b/plugins/file/nbdkit-file-plugin.pod
|
||||
@@ -85,7 +85,7 @@ default. For example to make F</dir/file> be the default export:
|
||||
|
||||
(nbdkit E<ge> 1.34, not Windows)
|
||||
|
||||
-This is like the I<dir> option, but instead of specifying the
|
||||
+This is like the C<dir=> option, but instead of specifying the
|
||||
directory by name, the parent process should open the directory and
|
||||
pass this file descriptor by inheritance to nbdkit.
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -0,0 +1,177 @@
|
||||
From 179227c7d6b0677dcd1dced55881e0d024745424 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Wed, 24 Jul 2024 10:29:13 +0100
|
||||
Subject: [PATCH] server: Rename threadlocal_{set,get}_error to .._errno
|
||||
|
||||
A simple mechanical change, to avoid confusion with
|
||||
threadlocal_{set,get}_last_error introduced in the following commit.
|
||||
|
||||
(cherry picked from commit 1d7f655726ad3483d0e8086741182aada7ae8595)
|
||||
---
|
||||
server/internal.h | 4 ++--
|
||||
server/plugins.c | 27 +++++++++++++--------------
|
||||
server/protocol.c | 5 +++--
|
||||
server/threadlocal.c | 4 ++--
|
||||
4 files changed, 20 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/server/internal.h b/server/internal.h
|
||||
index 57e777e9..6549c87b 100644
|
||||
--- a/server/internal.h
|
||||
+++ b/server/internal.h
|
||||
@@ -568,8 +568,8 @@ extern void threadlocal_set_name (const char *name)
|
||||
extern const char *threadlocal_get_name (void);
|
||||
extern void threadlocal_set_instance_num (size_t instance_num);
|
||||
extern size_t threadlocal_get_instance_num (void);
|
||||
-extern void threadlocal_set_error (int err);
|
||||
-extern int threadlocal_get_error (void);
|
||||
+extern void threadlocal_set_errno (int err);
|
||||
+extern int threadlocal_get_errno (void);
|
||||
extern void *threadlocal_buffer (size_t size);
|
||||
extern void threadlocal_set_conn (struct connection *conn);
|
||||
extern struct connection *threadlocal_get_conn (void);
|
||||
diff --git a/server/plugins.c b/server/plugins.c
|
||||
index ca89ac7a..3c7df0d2 100644
|
||||
--- a/server/plugins.c
|
||||
+++ b/server/plugins.c
|
||||
@@ -633,15 +633,14 @@ plugin_can_cache (struct context *c)
|
||||
NBDKIT_DLL_PUBLIC void
|
||||
nbdkit_set_error (int err)
|
||||
{
|
||||
- threadlocal_set_error (err);
|
||||
+ threadlocal_set_errno (err);
|
||||
}
|
||||
|
||||
-/* Grab the appropriate error value.
|
||||
- */
|
||||
+/* Grab the appropriate error value. */
|
||||
static int
|
||||
-get_error (struct backend_plugin *p)
|
||||
+get_errno (struct backend_plugin *p)
|
||||
{
|
||||
- int ret = threadlocal_get_error ();
|
||||
+ int ret = threadlocal_get_errno ();
|
||||
|
||||
if (!ret && p->plugin.errno_is_preserved != 0)
|
||||
ret = errno;
|
||||
@@ -664,7 +663,7 @@ plugin_pread (struct context *c,
|
||||
else
|
||||
r = p->plugin._pread_v1 (c->handle, buf, count, offset);
|
||||
if (r == -1)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -685,7 +684,7 @@ plugin_flush (struct context *c,
|
||||
return -1;
|
||||
}
|
||||
if (r == -1)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -715,7 +714,7 @@ plugin_pwrite (struct context *c,
|
||||
if (r != -1 && need_flush)
|
||||
r = plugin_flush (c, 0, err);
|
||||
if (r == -1 && !*err)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -744,7 +743,7 @@ plugin_trim (struct context *c,
|
||||
if (r != -1 && need_flush)
|
||||
r = plugin_flush (c, 0, err);
|
||||
if (r == -1 && !*err)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -782,7 +781,7 @@ plugin_zero (struct context *c,
|
||||
else
|
||||
emulate = true;
|
||||
if (r == -1)
|
||||
- *err = emulate ? EOPNOTSUPP : get_error (p);
|
||||
+ *err = emulate ? EOPNOTSUPP : get_errno (p);
|
||||
if (r == 0 || (*err != EOPNOTSUPP && *err != ENOTSUP))
|
||||
goto done;
|
||||
}
|
||||
@@ -794,7 +793,7 @@ plugin_zero (struct context *c,
|
||||
}
|
||||
|
||||
flags &= ~NBDKIT_FLAG_MAY_TRIM;
|
||||
- threadlocal_set_error (0);
|
||||
+ threadlocal_set_errno (0);
|
||||
*err = 0;
|
||||
|
||||
while (count) {
|
||||
@@ -814,7 +813,7 @@ plugin_zero (struct context *c,
|
||||
if (r != -1 && need_flush)
|
||||
r = plugin_flush (c, 0, err);
|
||||
if (r == -1 && !*err)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -839,7 +838,7 @@ plugin_extents (struct context *c,
|
||||
r = -1;
|
||||
}
|
||||
if (r == -1)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -859,7 +858,7 @@ plugin_cache (struct context *c,
|
||||
|
||||
r = p->plugin.cache (c->handle, count, offset, flags);
|
||||
if (r == -1)
|
||||
- *err = get_error (p);
|
||||
+ *err = get_errno (p);
|
||||
return r;
|
||||
}
|
||||
|
||||
diff --git a/server/protocol.c b/server/protocol.c
|
||||
index 9b63f789..677da05c 100644
|
||||
--- a/server/protocol.c
|
||||
+++ b/server/protocol.c
|
||||
@@ -235,8 +235,9 @@ handle_request (uint16_t cmd, uint16_t flags, uint64_t offset, uint32_t count,
|
||||
int err = 0;
|
||||
|
||||
/* Clear the error, so that we know if the plugin calls
|
||||
- * nbdkit_set_error() or relied on errno. */
|
||||
- threadlocal_set_error (0);
|
||||
+ * nbdkit_set_error() or relied on errno.
|
||||
+ */
|
||||
+ threadlocal_set_errno (0);
|
||||
|
||||
switch (cmd) {
|
||||
case NBD_CMD_READ:
|
||||
diff --git a/server/threadlocal.c b/server/threadlocal.c
|
||||
index 088fe55a..9bb656bc 100644
|
||||
--- a/server/threadlocal.c
|
||||
+++ b/server/threadlocal.c
|
||||
@@ -154,7 +154,7 @@ threadlocal_get_instance_num (void)
|
||||
}
|
||||
|
||||
void
|
||||
-threadlocal_set_error (int err)
|
||||
+threadlocal_set_errno (int err)
|
||||
{
|
||||
struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key);
|
||||
|
||||
@@ -167,7 +167,7 @@ threadlocal_set_error (int err)
|
||||
/* This preserves errno, for convenience.
|
||||
*/
|
||||
int
|
||||
-threadlocal_get_error (void)
|
||||
+threadlocal_get_errno (void)
|
||||
{
|
||||
int err = errno;
|
||||
struct threadlocal *threadlocal = pthread_getspecific (threadlocal_key);
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -1,108 +0,0 @@
|
||||
From 0d080223a8567a5ef673deb6ac49152fd67dd1b7 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 16 Dec 2023 18:03:13 +0000
|
||||
Subject: [PATCH] file: Further rework documentation of dir= parameter
|
||||
|
||||
Move the documentation to a new section, allowing us to expand on this
|
||||
topic. This also makes the HTML documentation linkable.
|
||||
|
||||
Updates: commit 7cbd49ced6414e49fcf4ff1a967929a2b83ab44e
|
||||
(cherry picked from commit 74621ec608d0edd76c2d8de140e7d1d5626c8251)
|
||||
---
|
||||
plugins/file/nbdkit-file-plugin.pod | 66 +++++++++++++++++++++--------
|
||||
1 file changed, 49 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/plugins/file/nbdkit-file-plugin.pod b/plugins/file/nbdkit-file-plugin.pod
|
||||
index 5feb8ea9..de8fbeba 100644
|
||||
--- a/plugins/file/nbdkit-file-plugin.pod
|
||||
+++ b/plugins/file/nbdkit-file-plugin.pod
|
||||
@@ -63,23 +63,7 @@ directory named C<DIRECTORY>, including those found by following
|
||||
symbolic links. Other special files in the directory (such as
|
||||
subdirectories, pipes, or Unix sockets) are ignored.
|
||||
|
||||
-When this mode is used, the file to be served is chosen by the export
|
||||
-name passed by the client. For security, when using directory mode,
|
||||
-this plugin will not accept export names containing slash (C</>).
|
||||
-
|
||||
-To list exports, use L<nbdinfo(1)> I<--list> option, for example:
|
||||
-
|
||||
- nbdinfo --list nbd://localhost
|
||||
-
|
||||
-An NBD client can request a list of available exports using
|
||||
-C<NBD_OPT_LIST>.
|
||||
-
|
||||
-A client that requests the default export (C<"">) will be rejected.
|
||||
-However, you can use L<nbdkit-exportname-filter(1)> to adjust what
|
||||
-export names the client sees, and which one the client uses as a
|
||||
-default. For example to make F</dir/file> be the default export:
|
||||
-
|
||||
- nbdkit file dir=/dir --filter=exportname default-export=file
|
||||
+See L</Serving multiple files and block devices> below.
|
||||
|
||||
=item B<dirfd=>FILE_DESCRIPTOR
|
||||
|
||||
@@ -89,6 +73,8 @@ This is like the C<dir=> option, but instead of specifying the
|
||||
directory by name, the parent process should open the directory and
|
||||
pass this file descriptor by inheritance to nbdkit.
|
||||
|
||||
+See L</Serving multiple files and block devices> below.
|
||||
+
|
||||
=item B<fadvise=normal>
|
||||
|
||||
=item B<fadvise=random>
|
||||
@@ -140,6 +126,52 @@ L<https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file#win32-devi
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
+=head2 Serving multiple files and block devices
|
||||
+
|
||||
+Using C<dir=DIRECTORY> (or C<dirfd=DIRFD>) you can serve all regular
|
||||
+files and block devices located directly inside the directory named
|
||||
+C<DIRECTORY>, including those found by following symbolic links.
|
||||
+Other special files in the directory (such as subdirectories, pipes,
|
||||
+or Unix sockets) are ignored.
|
||||
+
|
||||
+When this mode is used, the file to be served is chosen by the export
|
||||
+name passed by the client. For security, when using directory mode,
|
||||
+this plugin will not accept export names containing slash (C</>).
|
||||
+
|
||||
+For example:
|
||||
+
|
||||
+ $ ls -l /var/tmp/exports
|
||||
+ total 0
|
||||
+ -rw-r--r--. 1 rjones rjones 1048576 Dec 14 15:34 disk1
|
||||
+ -rw-r--r--. 1 rjones rjones 2097152 Dec 14 15:34 disk2
|
||||
+ lrwxrwxrwx. 1 rjones rjones 9 Dec 14 15:35 sda1 -> /dev/sda1
|
||||
+ $ nbdkit file dir=/var/tmp/exports
|
||||
+
|
||||
+will serve three exports called C<"disk1">, C<"disk2"> and C<"sda1">.
|
||||
+The first two are regular files and the last is a block device. You
|
||||
+can add or remove files or symbolic links from the directory while
|
||||
+nbdkit is running.
|
||||
+
|
||||
+To list exports, use L<nbdinfo(1)> I<--list> option, for example:
|
||||
+
|
||||
+ $ nbdinfo --list nbd://localhost
|
||||
+ protocol: newstyle-fixed without TLS, using structured packets
|
||||
+ export="disk1":
|
||||
+ export-size: 1048576 (1M)
|
||||
+ uri: nbd://localhost:10809/disk1
|
||||
+ [etc]
|
||||
+
|
||||
+An NBD client can request a list of available exports using
|
||||
+C<NBD_OPT_LIST>. For libnbd clients see nbd_opt_list(3).
|
||||
+
|
||||
+A client that requests the default export (C<"">) will be rejected.
|
||||
+However, you can use L<nbdkit-exportname-filter(1)> to adjust the
|
||||
+default export as well as other transformations of export names. For
|
||||
+example to make F</var/tmp/exports/disk1> be the default export:
|
||||
+
|
||||
+ nbdkit file dir=/var/tmp/exports \
|
||||
+ --filter=exportname default-export=disk1
|
||||
+
|
||||
=head2 Optimizing for random or sequential access
|
||||
|
||||
If you know in advance that the NBD client will access the file
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
From c155987ee521c2d6a163d2814dc869ec1e89fd90 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Sat, 16 Dec 2023 18:32:50 +0000
|
||||
Subject: [PATCH] exportname: Fix markup for linking to other man pages
|
||||
|
||||
Fixes: commit 7623b2cc45078cca88fdd2d96c70c7f82a0db49d
|
||||
(cherry picked from commit 6104f55f3851f3b82dc69f7e78c32e9c7a93dbc9)
|
||||
---
|
||||
filters/exportname/nbdkit-exportname-filter.pod | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/filters/exportname/nbdkit-exportname-filter.pod b/filters/exportname/nbdkit-exportname-filter.pod
|
||||
index 1d69f7d4..f95a37be 100644
|
||||
--- a/filters/exportname/nbdkit-exportname-filter.pod
|
||||
+++ b/filters/exportname/nbdkit-exportname-filter.pod
|
||||
@@ -10,8 +10,8 @@ nbdkit-exportname-filter - adjust export names between client and plugin
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
-Some plugins (such as C<nbdkit-file-plugin(1)> and filters (such as
|
||||
-C<nbdkit-ext2-filter(1)> are able to serve different content based on
|
||||
+Some plugins (such as L<nbdkit-file-plugin(1)> and filters (such as
|
||||
+L<nbdkit-ext2-filter(1)> are able to serve different content based on
|
||||
the export name requested by the client. The NBD protocol allows a
|
||||
server to advertise the set of export names it is serving. However,
|
||||
the list advertised (or absent) from the plugin may not always match
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -0,0 +1,95 @@
|
||||
From a0e3f9d58142b8c5e7bcc9b73da60778e6503d0b Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 23 Jul 2024 15:28:06 +0100
|
||||
Subject: [PATCH] server: Take a thread-local copy of the last call to
|
||||
nbdkit_error
|
||||
|
||||
nbdkit_error has traditionally been a "fancy wrapper around fprintf"
|
||||
(kind of, don't take that literally). It is encouraged that plugins
|
||||
and filters do something like:
|
||||
|
||||
if (error) {
|
||||
nbdkit_error ("oops, a bad thing happened");
|
||||
return -1;
|
||||
}
|
||||
|
||||
but we don't enforce this. Plugins might call nbdkit_error more than
|
||||
once or not at all.
|
||||
|
||||
The point where we get to sending an error back over the wire to the
|
||||
NBD client is long after the plugin returned above, and after
|
||||
nbdkit_error was called.
|
||||
|
||||
Therefore in order to send errors back to the NBD client, we must keep
|
||||
the last error message around.
|
||||
|
||||
This change simply modifies nbdkit_error to make a best-effort attempt
|
||||
to save the last error message in thread-local storage.
|
||||
|
||||
We also clear the last error when a new request starts, to ensure that
|
||||
we don't leak errors across different callbacks or connections.
|
||||
|
||||
(cherry picked from commit bfa6d4064cb74f429149d14ab4025b258fc95ec4)
|
||||
---
|
||||
server/log.c | 21 +++++++++++++++++++++
|
||||
server/protocol.c | 5 +++++
|
||||
2 files changed, 26 insertions(+)
|
||||
|
||||
diff --git a/server/log.c b/server/log.c
|
||||
index 9c1f667a..acf14d57 100644
|
||||
--- a/server/log.c
|
||||
+++ b/server/log.c
|
||||
@@ -40,6 +40,25 @@
|
||||
|
||||
#include "internal.h"
|
||||
|
||||
+/* Copy the error message to threadlocal. This is sent to callers
|
||||
+ * which are using structured replies, but is for extra information
|
||||
+ * only so don't fail if we are unable to copy it.
|
||||
+ */
|
||||
+static void
|
||||
+copy_error_to_threadlocal (int orig_errno, const char *fs, va_list args)
|
||||
+{
|
||||
+ va_list args_copy;
|
||||
+ char *msg;
|
||||
+ int r;
|
||||
+
|
||||
+ va_copy (args_copy, args);
|
||||
+ errno = orig_errno; /* must restore in case fs contains %m */
|
||||
+ r = vasprintf (&msg, fs, args_copy);
|
||||
+ va_end (args_copy);
|
||||
+ if (r != -1 && msg)
|
||||
+ threadlocal_set_last_error (msg); /* ownership passed to threadlocal */
|
||||
+}
|
||||
+
|
||||
/* Call the right log_*_verror function depending on log_sink.
|
||||
* Note: preserves the previous value of errno.
|
||||
*/
|
||||
@@ -48,6 +67,8 @@ log_verror (const char *fs, va_list args)
|
||||
{
|
||||
int orig_errno = errno;
|
||||
|
||||
+ copy_error_to_threadlocal (orig_errno, fs, args);
|
||||
+
|
||||
switch (log_to) {
|
||||
case LOG_TO_DEFAULT:
|
||||
if (forked_into_background)
|
||||
diff --git a/server/protocol.c b/server/protocol.c
|
||||
index 677da05c..d428bfc8 100644
|
||||
--- a/server/protocol.c
|
||||
+++ b/server/protocol.c
|
||||
@@ -239,6 +239,11 @@ handle_request (uint16_t cmd, uint16_t flags, uint64_t offset, uint32_t count,
|
||||
*/
|
||||
threadlocal_set_errno (0);
|
||||
|
||||
+ /* Also clear the last error in this thread so we will only save
|
||||
+ * nbdkit_error() from this request.
|
||||
+ */
|
||||
+ threadlocal_clear_last_error ();
|
||||
+
|
||||
switch (cmd) {
|
||||
case NBD_CMD_READ:
|
||||
if (backend_pread (c, buf, count, offset, 0, &err) == -1)
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From b8eb91e9102a2ae6cb96b0f2ffdb96b724cbb1b7 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Wed, 20 Dec 2023 10:38:27 +0000
|
||||
Subject: [PATCH] partition: Don't call nbdkit_error twice on error path
|
||||
|
||||
Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662
|
||||
(cherry picked from commit 036b178a4affd00b8bbdb6cb140e81b62f57a374)
|
||||
---
|
||||
filters/partition/partition-gpt.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/filters/partition/partition-gpt.c b/filters/partition/partition-gpt.c
|
||||
index 80acddb4..930e2081 100644
|
||||
--- a/filters/partition/partition-gpt.c
|
||||
+++ b/filters/partition/partition-gpt.c
|
||||
@@ -92,10 +92,8 @@ find_gpt_partition (nbdkit_next *next,
|
||||
int err;
|
||||
|
||||
if (get_gpt_header (header_bytes,
|
||||
- &nr_partition_entries, &size_partition_entry) == -1) {
|
||||
- nbdkit_error ("cannot support non-standard GPT header");
|
||||
+ &nr_partition_entries, &size_partition_entry) == -1)
|
||||
return -1;
|
||||
- }
|
||||
|
||||
if (partnum > nr_partition_entries) {
|
||||
nbdkit_error ("GPT partition number out of range");
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -0,0 +1,177 @@
|
||||
From 7128144273f5355d7705e09a99aa1b2359e7e823 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 23 Jul 2024 15:45:04 +0100
|
||||
Subject: [PATCH] server: Send the last error to the NBD client
|
||||
|
||||
This sends the last error saved in the connection handle back to the
|
||||
NBD client. This is informational and best effort.
|
||||
|
||||
qemu reports the error already, for example:
|
||||
|
||||
$ nbdkit --log=null \
|
||||
eval open=' echo EPERM Go Away >&2; exit 1 ' get_size=' echo 100 ' \
|
||||
--run 'qemu-img info "$uri"'
|
||||
qemu-img: Could not open 'nbd+unix://?socket=/tmp/nbdkitIDl6iy/socket': Requested export not available
|
||||
server reported: /tmp/nbdkitRDAfXH/open: Go Away
|
||||
|
||||
This goes back to at least qemu 2.12.0 (RHEL 7) and possibly earlier,
|
||||
so we can just assume that qemu does this for the test.
|
||||
|
||||
libnbd requires a patch to display this information.
|
||||
|
||||
(cherry picked from commit 46484ca8e6a35c45fe96b6c972ceba8984d401e8)
|
||||
---
|
||||
server/protocol-handshake-newstyle.c | 43 ++++++++++++++++------
|
||||
tests/Makefile.am | 2 +
|
||||
tests/test-last-error.sh | 55 ++++++++++++++++++++++++++++
|
||||
3 files changed, 88 insertions(+), 12 deletions(-)
|
||||
create mode 100755 tests/test-last-error.sh
|
||||
|
||||
diff --git a/server/protocol-handshake-newstyle.c b/server/protocol-handshake-newstyle.c
|
||||
index 6b3bc76f..c18d32e5 100644
|
||||
--- a/server/protocol-handshake-newstyle.c
|
||||
+++ b/server/protocol-handshake-newstyle.c
|
||||
@@ -57,28 +57,47 @@ send_newstyle_option_reply (uint32_t option, uint32_t reply)
|
||||
{
|
||||
GET_CONN;
|
||||
struct nbd_fixed_new_option_reply fixed_new_option_reply;
|
||||
+ const char *last_error = NULL;
|
||||
+ uint32_t replylen = 0;
|
||||
+
|
||||
+ if (NBD_REP_IS_ERR (reply)) {
|
||||
+ last_error = threadlocal_get_last_error ();
|
||||
+ /* Note that calling nbdkit_error will invalidate last_error, so
|
||||
+ * be careful below.
|
||||
+ */
|
||||
+ if (last_error) {
|
||||
+ size_t len = strlen (last_error);
|
||||
+ if (len <= NBD_MAX_STRING)
|
||||
+ replylen = len;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
fixed_new_option_reply.magic = htobe64 (NBD_REP_MAGIC);
|
||||
fixed_new_option_reply.option = htobe32 (option);
|
||||
fixed_new_option_reply.reply = htobe32 (reply);
|
||||
- fixed_new_option_reply.replylen = htobe32 (0);
|
||||
+ fixed_new_option_reply.replylen = htobe32 (replylen);
|
||||
|
||||
debug ("replying to %s with %s", name_of_nbd_opt (option),
|
||||
name_of_nbd_rep (reply));
|
||||
if (conn->send (&fixed_new_option_reply,
|
||||
- sizeof fixed_new_option_reply, 0) == -1) {
|
||||
- /* The protocol document says that the client is allowed to simply
|
||||
- * drop the connection after sending NBD_OPT_ABORT, or may read
|
||||
- * the reply.
|
||||
- */
|
||||
- if (option == NBD_OPT_ABORT)
|
||||
- debug ("write: %s: %m", name_of_nbd_opt (option));
|
||||
- else
|
||||
- nbdkit_error ("write: %s: %m", name_of_nbd_opt (option));
|
||||
- return -1;
|
||||
- }
|
||||
+ sizeof fixed_new_option_reply,
|
||||
+ replylen > 0 ? SEND_MORE : 0) == -1)
|
||||
+ goto err;
|
||||
+ if (replylen > 0 && conn->send (last_error, replylen, 0) == -1)
|
||||
+ goto err;
|
||||
|
||||
return 0;
|
||||
+
|
||||
+err:
|
||||
+ /* The protocol document says that the client is allowed to simply
|
||||
+ * drop the connection after sending NBD_OPT_ABORT, or may read
|
||||
+ * the reply.
|
||||
+ */
|
||||
+ if (option == NBD_OPT_ABORT)
|
||||
+ debug ("write: %s: %m", name_of_nbd_opt (option));
|
||||
+ else
|
||||
+ nbdkit_error ("write: %s: %m", name_of_nbd_opt (option));
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
/* Reply to NBD_OPT_LIST with the plugin's list of export names.
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index 0664e109..9c321fcb 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -276,6 +276,7 @@ TESTS += \
|
||||
test-read-password-interactive.sh \
|
||||
test-nbd-client.sh \
|
||||
test-nbd-client-tls.sh \
|
||||
+ test-last-error.sh \
|
||||
$(NULL)
|
||||
if !IS_WINDOWS
|
||||
TESTS += \
|
||||
@@ -301,6 +302,7 @@ EXTRA_DIST += \
|
||||
test-plugin-docs.sh \
|
||||
test-ipv4-lo.sh \
|
||||
test-ipv6-lo.sh \
|
||||
+ test-last-error.sh \
|
||||
test-long-name.sh \
|
||||
test-nbd-client.sh \
|
||||
test-nbd-client-tls.sh \
|
||||
diff --git a/tests/test-last-error.sh b/tests/test-last-error.sh
|
||||
new file mode 100755
|
||||
index 00000000..fc720606
|
||||
--- /dev/null
|
||||
+++ b/tests/test-last-error.sh
|
||||
@@ -0,0 +1,55 @@
|
||||
+#!/usr/bin/env bash
|
||||
+# nbdkit
|
||||
+# Copyright Red Hat
|
||||
+#
|
||||
+# Redistribution and use in source and binary forms, with or without
|
||||
+# modification, are permitted provided that the following conditions are
|
||||
+# met:
|
||||
+#
|
||||
+# * Redistributions of source code must retain the above copyright
|
||||
+# notice, this list of conditions and the following disclaimer.
|
||||
+#
|
||||
+# * Redistributions in binary form must reproduce the above copyright
|
||||
+# notice, this list of conditions and the following disclaimer in the
|
||||
+# documentation and/or other materials provided with the distribution.
|
||||
+#
|
||||
+# * Neither the name of Red Hat nor the names of its contributors may be
|
||||
+# used to endorse or promote products derived from this software without
|
||||
+# specific prior written permission.
|
||||
+#
|
||||
+# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
|
||||
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
|
||||
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
|
||||
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
||||
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
+# SUCH DAMAGE.
|
||||
+
|
||||
+source ./functions.sh
|
||||
+set -e
|
||||
+set -x
|
||||
+
|
||||
+# Test informational error messages sent to the NBD client.
|
||||
+# qemu-img supports this since at least 2.12.0.
|
||||
+
|
||||
+requires_run
|
||||
+requires_plugin eval
|
||||
+requires qemu-img --version
|
||||
+
|
||||
+out=last-error.out
|
||||
+rm -f $out
|
||||
+cleanup_fn rm -f $out
|
||||
+
|
||||
+export out
|
||||
+
|
||||
+nbdkit eval \
|
||||
+ open=' echo EPERM Go Away >&2; exit 1 ' get_size=' echo 0 ' \
|
||||
+ --run ' qemu-img info "$uri" > $out 2>&1 ||: '
|
||||
+cat $out
|
||||
+
|
||||
+grep "Go Away" $out
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
From 3b168aa842dc80a6d95b2c1ccb52a8ef664e7aba Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Wed, 20 Dec 2023 10:34:10 +0000
|
||||
Subject: [PATCH] partition: Suggest alternate partition-sectorsize
|
||||
|
||||
When we reach this error it means that we have failed to detect the
|
||||
"EFI PART" signature (indicating GPT) and we've fallen back to parsing
|
||||
MBR, but in doing so we have discovered a GPT protective MBR which
|
||||
should only happen for GPT. A possible cause for missing the
|
||||
signature was because we have the wrong sector size.
|
||||
|
||||
Therefore check for the current sector size (which should be either
|
||||
512 or 4096) and suggest that the user sets the other sector size.
|
||||
|
||||
Also avoids the case where the user already set partition-sectorsize=4k
|
||||
and we were suggesting that they set it again.
|
||||
|
||||
Reported-by: Ming Xie
|
||||
Fixes: commit 7b9301a4c569456a4f96784229a2cd48e8957662
|
||||
Fixes: https://issues.redhat.com/browse/RHEL-19815
|
||||
(cherry picked from commit cd761c9bf770b23f678fd82f0d1c8d4cce2ed1b5)
|
||||
---
|
||||
filters/partition/partition-mbr.c | 13 ++++++++++---
|
||||
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/filters/partition/partition-mbr.c b/filters/partition/partition-mbr.c
|
||||
index 3927c31f..6a81addb 100644
|
||||
--- a/filters/partition/partition-mbr.c
|
||||
+++ b/filters/partition/partition-mbr.c
|
||||
@@ -87,9 +87,16 @@ find_mbr_partition (nbdkit_next *next,
|
||||
!is_extended (partition.part_type_byte) &&
|
||||
partnum == i+1) {
|
||||
if (partition.part_type_byte == 0xEE) {
|
||||
- nbdkit_error ("rejecting GPT protective entry from MBR, "
|
||||
- "if the underlying storage uses 4K sectors "
|
||||
- "try using partition-sectorsize=4k");
|
||||
+ if (sector_size == 512)
|
||||
+ nbdkit_error ("rejecting GPT protective entry from MBR, "
|
||||
+ "if the underlying storage uses 4K sectors "
|
||||
+ "try using partition-sectorsize=4k");
|
||||
+ else if (sector_size == 4096)
|
||||
+ nbdkit_error ("rejecting GPT protective entry from MBR, "
|
||||
+ "if the underlying storage uses 512 byte sectors "
|
||||
+ "try using partition-sectorsize=512");
|
||||
+ else
|
||||
+ nbdkit_error ("rejecting GPT protective entry from MBR");
|
||||
return -1;
|
||||
}
|
||||
*offset_r = partition.start_sector * (int64_t) sector_size;
|
||||
--
|
||||
2.39.3
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmVjGrARHHJpY2hAYW5u
|
||||
ZXhpYS5vcmcACgkQkXOPc+G3aKD2Kw/8CQVsyhgHBZ/73IRM7hskDVwidNJ9dgaZ
|
||||
5BSsgyr8DU0W3yEgwFGAOb7wzKaFBN5vewAiftBz5sDSbddo7b5kzci4Fm+t+G/5
|
||||
fE5FRzyj9mwOWvympcfdIwK9lDC+0Kr7lBq7WM8QjS4kG67Dxa9hXFKRxaIHjkY7
|
||||
HK2WLUEF8/GU7dE+2aj77CXOo2gwfttCaNdPEv2pqq0ox8TKajWfInsCZ4t7DxUq
|
||||
EoWTuDYlIMxLN8TSA71Am+8m8zmAZQ7WUr4cB3F8Y9EP8CljaFymI+sAv/EoeHTd
|
||||
At9ZrT4Pjx0eO47MrSliincxlFIkFB9Bo316NHQ0c8gjQLgLq3nkjGlmr0P5S/iI
|
||||
VMl4jVp8N2X0gXc78LQy1ARXGUD7IkCm2GePADZb4L8aSewXT6lT3UkONXToZuGE
|
||||
yXLOPKVnvlnRE4DHQnvDYrwZns2Xm0u+na2bFTJgRu1i+dVSCa2a+ON7s+I2g9OI
|
||||
jPAw/ps9PeNEi2F6shbJPskQCHZxZUKgrWPq4elPhFDFn1OPUBHeE/qwI5PhnpcC
|
||||
LL94qWsqI/iXplvcJQ28ioXrbZFygDWheoErMtzt2K36kMDRmCQo4vPf6O+Z3qsb
|
||||
9JfMLO0U7yjTI7+NJOrXa/aFAD+d0/twr177ox76kngbt7Bu+Thc7gEdncgC6w0B
|
||||
8gBSF4OZ0w0=
|
||||
=LFMp
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmaTi9oRHHJpY2hAYW5u
|
||||
ZXhpYS5vcmcACgkQkXOPc+G3aKB97w/9H/Ss3V0yhUPgK6bidlCIBmZcUmw0ItTa
|
||||
PoI42QL+lmJCP4FiLd4aAZRfnosTbi/KFfGC5OI/DhZs/bFvLJPX56Dq+tDfLTo8
|
||||
OlpdWkW2E6tALN5ZlA8zFXLfJ+xofpn9/F7O4XdkW04HIpXx4ly8tCPG27idV9UV
|
||||
jjVzwmo/eqhJTWHJAspD1iB/oXfCVh0VVe3d4G/n32/pLfULwK6iEGMze+51IJoI
|
||||
SdKPKtwFmPn5e0r34+JLyCilugJvl3crJI2CZt9Azi31joCgEEif0Mkn2aiY8Zc9
|
||||
S3/3r9US6VriKYYhilLTgpjbimeNZJGuVPqPS8lhaSmAoyOncG1CcKOk2Tewf8m+
|
||||
vrUHFTWKSP6IgdlGnXYZNQprA1zPUePyMpm3RwnaV8N3Vcy0J4lkL80laSQs5VUn
|
||||
PkzwrSxaegWDnrlBjNQi5cWWVSqUMUsEpCQXu93fvbGi/V2wkVlOx5ubPIIo8ykc
|
||||
dPVG3+9d2PUEVXyJLWmA5jXJW19EnZK8fttUrcshbF375CU7Vuo6Ds6QFdcTqEs/
|
||||
te1c3QxDQav4BeV7VbD5xL1xc931F6fWwa9FpzPf366AhCM/tunw91oIUP2bkw8U
|
||||
B7Z83x9nAuxewQeeI+7nDLKdhdg/bpeMoiUUCYQVS1K61+4D+J6bmc2lvsvhj3Pp
|
||||
gMcCwZR9wF0=
|
||||
=SuJ6
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -0,0 +1,3 @@
|
||||
/usr/sbin/nbdkit -- gen_context(system_u:object_r:nbdkit_exec_t,s0)
|
||||
|
||||
/usr/lib/systemd/system/nbdkit.* gen_context(system_u:object_r:nbdkit_unit_file_t,s0)
|
||||
@ -0,0 +1,207 @@
|
||||
## <summary>policy for nbdkit</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute nbdkit_exec_t in the nbdkit domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nbdkit_domtrans',`
|
||||
gen_require(`
|
||||
type nbdkit_t, nbdkit_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1, nbdkit_exec_t, nbdkit_t)
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Execute nbdkit in the caller domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nbdkit_exec',`
|
||||
gen_require(`
|
||||
type nbdkit_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
can_exec($1, nbdkit_exec_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute nbdkit in the nbdkit domain, and
|
||||
## allow the specified role the nbdkit domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed the nbdkit domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nbdkit_run',`
|
||||
gen_require(`
|
||||
type nbdkit_t;
|
||||
attribute_role nbdkit_roles;
|
||||
')
|
||||
|
||||
nbdkit_domtrans($1)
|
||||
roleattribute $2 nbdkit_roles;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Role access for nbdkit
|
||||
## </summary>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## User domain for the role
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nbdkit_role',`
|
||||
gen_require(`
|
||||
type nbdkit_t;
|
||||
attribute_role nbdkit_roles;
|
||||
')
|
||||
|
||||
roleattribute $1 nbdkit_roles;
|
||||
|
||||
nbdkit_domtrans($2)
|
||||
|
||||
ps_process_pattern($2, nbdkit_t)
|
||||
allow $2 nbdkit_t:process { signull signal sigkill };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow attempts to connect to nbdkit
|
||||
## with a unix stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`nbdkit_stream_connect',`
|
||||
gen_require(`
|
||||
type nbdkit_t;
|
||||
')
|
||||
|
||||
allow $1 nbdkit_t:unix_stream_socket connectto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow nbdkit_exec_t to be an entrypoint
|
||||
## of the specified domain
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`nbdkit_entrypoint',`
|
||||
gen_require(`
|
||||
type nbdkit_exec_t;
|
||||
')
|
||||
allow $1 nbdkit_exec_t:file entrypoint;
|
||||
')
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# RWMJ: See:
|
||||
# https://issues.redhat.com/browse/RHEL-5174?focusedId=23387259&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-23387259
|
||||
# Remove this when virt.if gets updated.
|
||||
|
||||
########################################
|
||||
#
|
||||
# Interface compatibility blocks
|
||||
#
|
||||
# The following definitions ensure compatibility with distribution policy
|
||||
# versions that do not contain given interfaces (epel, or older Fedora
|
||||
# releases).
|
||||
# Each block tests for existence of given interface and defines it if needed.
|
||||
#
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write to svirt_image dirs.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
ifndef(`virt_rw_svirt_image_dirs',`
|
||||
interface(`virt_rw_svirt_image_dirs',`
|
||||
gen_require(`
|
||||
type svirt_image_t;
|
||||
')
|
||||
|
||||
allow $1 svirt_image_t:dir rw_dir_perms;
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create svirt_image sock_files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
ifndef(`virt_create_svirt_image_sock_files',`
|
||||
interface(`virt_create_svirt_image_sock_files',`
|
||||
gen_require(`
|
||||
type svirt_image_t;
|
||||
')
|
||||
|
||||
allow $1 svirt_image_t:sock_file create_sock_file_perms;
|
||||
')
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write virtlogd pipes.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
ifndef(`virtlogd_rw_pipes',`
|
||||
interface(`virtlogd_rw_pipes',`
|
||||
gen_require(`
|
||||
type virtlogd_t;
|
||||
')
|
||||
|
||||
allow $1 virtlogd_t:fifo_file rw_fifo_file_perms;
|
||||
')
|
||||
')
|
||||
@ -0,0 +1,100 @@
|
||||
policy_module(nbdkit, 1.0.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
gen_require(`
|
||||
type unconfined_t;
|
||||
')
|
||||
|
||||
type nbdkit_t;
|
||||
type nbdkit_exec_t;
|
||||
application_domain(nbdkit_t, nbdkit_exec_t)
|
||||
mcs_constrained(nbdkit_t)
|
||||
role system_r types nbdkit_t;
|
||||
|
||||
type nbdkit_home_t;
|
||||
userdom_user_home_content(nbdkit_home_t)
|
||||
|
||||
type nbdkit_tmp_t;
|
||||
files_tmp_file(nbdkit_tmp_t)
|
||||
|
||||
type nbdkit_unit_file_t;
|
||||
systemd_unit_file(nbdkit_unit_file_t)
|
||||
|
||||
permissive nbdkit_t;
|
||||
|
||||
########################################
|
||||
#
|
||||
# nbdkit local policy
|
||||
#
|
||||
allow nbdkit_t self:capability { setgid setuid };
|
||||
allow nbdkit_t self:fifo_file rw_fifo_file_perms;
|
||||
allow nbdkit_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||
allow nbdkit_t self:process { fork setsockcreate signal_perms };
|
||||
allow nbdkit_t self:tcp_socket create_stream_socket_perms;
|
||||
allow nbdkit_t self:udp_socket create_socket_perms;
|
||||
|
||||
manage_dirs_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
|
||||
manage_files_pattern(nbdkit_t, nbdkit_tmp_t, nbdkit_tmp_t)
|
||||
userdom_user_tmp_filetrans(nbdkit_t, nbdkit_tmp_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
|
||||
manage_files_pattern(nbdkit_t, nbdkit_home_t, nbdkit_home_t)
|
||||
userdom_user_home_dir_filetrans(nbdkit_t, nbdkit_home_t, { dir file })
|
||||
|
||||
corenet_tcp_connect_http_port(nbdkit_t)
|
||||
corenet_tcp_connect_ssh_port(nbdkit_t)
|
||||
corenet_tcp_connect_tftp_port(nbdkit_t)
|
||||
corenet_tcp_bind_generic_port(nbdkit_t)
|
||||
corenet_tcp_bind_generic_node(nbdkit_t)
|
||||
|
||||
domain_use_interactive_fds(nbdkit_t)
|
||||
|
||||
files_read_etc_files(nbdkit_t)
|
||||
|
||||
init_abstract_socket_activation(nbdkit_t)
|
||||
init_ioctl_stream_sockets(nbdkit_t)
|
||||
init_rw_stream_sockets(nbdkit_t)
|
||||
|
||||
optional_policy(`
|
||||
auth_use_nsswitch(nbdkit_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
logging_send_syslog_msg(nbdkit_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
miscfiles_read_localization(nbdkit_t)
|
||||
miscfiles_read_generic_certs(nbdkit_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
sysnet_dns_name_resolve(nbdkit_t)
|
||||
sysnet_read_config(nbdkit_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
userdom_read_user_home_content_files(nbdkit_t)
|
||||
userdom_use_inherited_user_ptys(nbdkit_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
virt_create_svirt_image_sock_files(nbdkit_t)
|
||||
virt_read_qemu_pid_files(nbdkit_t)
|
||||
virtlogd_rw_pipes(nbdkit_t)
|
||||
virt_rw_svirt_image(nbdkit_t)
|
||||
virt_rw_svirt_image_dirs(nbdkit_t)
|
||||
virt_search_lib(nbdkit_t)
|
||||
virt_stream_connect_svirt(nbdkit_t)
|
||||
')
|
||||
|
||||
|
||||
# FIXME: It would be nice to allow libvirt to transition nbdkit_exec_t to
|
||||
# nbdkit_t when libvirtd was started manually from the commandline (i.e. in
|
||||
# unconfined_t), but we don't want this transition to happen automatically
|
||||
# when starting directly from the shell. I'm not sure how to achieve this...
|
||||
#nbdkit_domtrans(unconfined_t, nbdkit_exec_t, nbdkit_t)
|
||||
Loading…
Reference in new issue