From 37cb5e28813f30836bd5710895b1ff261c3ba49b Mon Sep 17 00:00:00 2001 From: Anita Zhang Date: Nov 02 2022 23:22:18 +0000 Subject: Merge branch 'c8s' into c8s-sig-hyperscale Fix conflicts and merge with C8s's 2.32.1-38 --- diff --git a/SOURCES/0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch b/SOURCES/0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch new file mode 100644 index 0000000..62ff51f --- /dev/null +++ b/SOURCES/0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch @@ -0,0 +1,52 @@ +From 7ad815523618c2a053d28061054a44ae9108ceb0 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 12 Apr 2021 09:39:59 +0200 +Subject: [PATCH 57/63] mesg: use only stat() to get the current terminal + status + +open()+stat() does not work for example after su(1) (from root to +non-root). It seems better to use only stat() to get the current +terminal status. + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1906157 +Upstream: http://github.com/karelzak/util-linux/commit/c0246ce059503bbc078122a50d564ca36a66f348 +Signed-off-by: Karel Zak +--- + term-utils/mesg.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/term-utils/mesg.c b/term-utils/mesg.c +index 8714ad1aa..21a4a8581 100644 +--- a/term-utils/mesg.c ++++ b/term-utils/mesg.c +@@ -123,13 +123,10 @@ int main(int argc, char *argv[]) + + if ((tty = ttyname(STDERR_FILENO)) == NULL) + err(MESG_EXIT_FAILURE, _("ttyname failed")); +- if ((fd = open(tty, O_RDONLY)) < 0) +- err(MESG_EXIT_FAILURE, _("cannot open %s"), tty); +- if (fstat(fd, &sb)) +- err(MESG_EXIT_FAILURE, _("stat of %s failed"), tty); + + if (!*argv) { +- close(fd); ++ if (stat(tty, &sb)) ++ err(MESG_EXIT_FAILURE, _("stat of %s failed"), tty); + if (sb.st_mode & (S_IWGRP | S_IWOTH)) { + puts(_("is y")); + return IS_ALLOWED; +@@ -138,6 +135,11 @@ int main(int argc, char *argv[]) + return IS_NOT_ALLOWED; + } + ++ if ((fd = open(tty, O_RDONLY)) < 0) ++ err(MESG_EXIT_FAILURE, _("cannot open %s"), tty); ++ if (fstat(fd, &sb)) ++ err(MESG_EXIT_FAILURE, _("stat of %s failed"), tty); ++ + switch (rpmatch(argv[0])) { + case RPMATCH_YES: + #ifdef USE_TTY_GROUP +-- +2.31.1 + diff --git a/SOURCES/0058-findmnt-add-option-to-list-all-fs-independent-flags.patch b/SOURCES/0058-findmnt-add-option-to-list-all-fs-independent-flags.patch new file mode 100644 index 0000000..827ab0c --- /dev/null +++ b/SOURCES/0058-findmnt-add-option-to-list-all-fs-independent-flags.patch @@ -0,0 +1,212 @@ +From 2f04609de018013a36396e6a10b317607fb0b625 Mon Sep 17 00:00:00 2001 +From: Roberto Bergantinos Corpas +Date: Tue, 12 Jan 2021 11:58:53 +0100 +Subject: [PATCH 58/63] findmnt: add option to list all fs-independent flags + +It might be useful for security auditing purposes list all possible +mount flags/options including default set which are normally not listed. + +This patch adds "--vfs-all" option to list all fs-independent flags +on VFS-OPTIONS column, as well as libmount funcionality to accomplish +it. + +i.e.: + +$ findmnt -o VFS-OPTIONS +VFS-OPTIONS +rw,relatime +rw,nosuid,nodev,noexec,relatime +rw,nosuid,nodev,noexec,relatime +ro,nosuid,nodev,noexec +... + +$ findmnt --vfs-all -o VFS-OPTIONS +VFS-OPTIONS +rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow +rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow +rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow +ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow +... + +[kzak@redhat.com: - cleanup coding style and comments] + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1917852 +Upstream: http://github.com/karelzak/util-linux/commit/ff21f476f85ac9855452f4aac43a231c3c1e2ebc +Signed-off-by: Roberto Bergantinos Corpas +Signed-off-by: Karel Zak +--- + libmount/docs/libmount-sections.txt | 1 + + libmount/src/fs.c | 32 +++++++++++++++++++++++++++++ + libmount/src/libmount.h.in | 1 + + libmount/src/libmount.sym | 4 ++++ + misc-utils/findmnt.8 | 6 ++++++ + misc-utils/findmnt.c | 15 +++++++++++--- + misc-utils/findmnt.h | 2 ++ + 7 files changed, 58 insertions(+), 3 deletions(-) + +diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt +index dea724b2f..f296c0611 100644 +--- a/libmount/docs/libmount-sections.txt ++++ b/libmount/docs/libmount-sections.txt +@@ -224,6 +224,7 @@ mnt_fs_get_usedsize + mnt_fs_get_userdata + mnt_fs_get_user_options + mnt_fs_get_vfs_options ++mnt_fs_get_vfs_options_all + mnt_fs_is_kernel + mnt_fs_is_netfs + mnt_fs_is_pseudofs +diff --git a/libmount/src/fs.c b/libmount/src/fs.c +index aae4961c3..34c09d66b 100644 +--- a/libmount/src/fs.c ++++ b/libmount/src/fs.c +@@ -924,6 +924,38 @@ const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs) + return fs ? fs->vfs_optstr : NULL; + } + ++/** ++ * mnt_fs_get_vfs_options_all: ++ * @fs: fstab/mtab entry pointer ++ * ++ * Returns: pointer to newlly allocated string (can be freed by free(3)) or ++ * NULL in case of error. The string contains all (including defaults) mount ++ * options. ++ */ ++char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs) ++{ ++ const struct libmnt_optmap *map = mnt_get_builtin_optmap(MNT_LINUX_MAP); ++ const struct libmnt_optmap *ent; ++ const char *opts = mnt_fs_get_options(fs); ++ char *result = NULL; ++ unsigned long flags = 0; ++ ++ if (!opts || mnt_optstr_get_flags(opts, &flags, map)) ++ return NULL; ++ ++ for (ent = map ; ent && ent->name ; ent++){ ++ if (ent->id & flags) { /* non-default value */ ++ if (!(ent->mask & MNT_INVERT)) ++ mnt_optstr_append_option(&result, ent->name, NULL); ++ else ++ continue; ++ } else if (ent->mask & MNT_INVERT) ++ mnt_optstr_append_option(&result, ent->name, NULL); ++ } ++ ++ return result; ++} ++ + /** + * mnt_fs_get_user_options: + * @fs: fstab/mtab entry pointer +diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in +index c61514b59..1d9a053e0 100644 +--- a/libmount/src/libmount.h.in ++++ b/libmount/src/libmount.h.in +@@ -452,6 +452,7 @@ extern int mnt_fs_get_option(struct libmnt_fs *fs, const char *name, + extern const char *mnt_fs_get_fs_options(struct libmnt_fs *fs); + extern const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs); + extern const char *mnt_fs_get_user_options(struct libmnt_fs *fs); ++extern char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs); + + extern const char *mnt_fs_get_attributes(struct libmnt_fs *fs); + extern int mnt_fs_set_attributes(struct libmnt_fs *fs, const char *optstr); +diff --git a/libmount/src/libmount.sym b/libmount/src/libmount.sym +index ca16cafa1..636c564eb 100644 +--- a/libmount/src/libmount.sym ++++ b/libmount/src/libmount.sym +@@ -322,3 +322,7 @@ MOUNT_2.30 { + mnt_context_enable_rwonly_mount; + mnt_context_get_excode; + } MOUNT_2.28; ++ ++MOUNT_2_37 { ++ mnt_fs_get_vfs_options_all; ++} MOUNT_2.30; +diff --git a/misc-utils/findmnt.8 b/misc-utils/findmnt.8 +index 58dd38625..41a37cb5f 100644 +--- a/misc-utils/findmnt.8 ++++ b/misc-utils/findmnt.8 +@@ -249,6 +249,12 @@ It's possible to specify source (device) or target (mountpoint) to filter mount + .TP + .BR "\-\-verbose" + Force findmnt to print more information (\fB\-\-verify\fP only for now). ++.TP ++.B \-\-vfs-all ++When used with ++.BR VFS-OPTIONS ++column, print all VFS (fs-independent) flags. This option is designed for auditing purposes to ++list also default VFS kernel mount options which are normally not listed. + .SH EXAMPLES + .IP "\fBfindmnt \-\-fstab \-t nfs\fP" + Prints all NFS filesystems defined in +diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c +index 184b6f7d7..a7b3af4f4 100644 +--- a/misc-utils/findmnt.c ++++ b/misc-utils/findmnt.c +@@ -542,7 +542,10 @@ static char *get_data(struct libmnt_fs *fs, int num) + str = xstrdup(mnt_fs_get_options(fs)); + break; + case COL_VFS_OPTIONS: +- str = xstrdup(mnt_fs_get_vfs_options(fs)); ++ if (flags & FL_VFS_ALL) ++ str = mnt_fs_get_vfs_options_all(fs); ++ else if (mnt_fs_get_vfs_options(fs)) ++ str = xstrdup(mnt_fs_get_vfs_options(fs)); + break; + case COL_FS_OPTIONS: + str = xstrdup(mnt_fs_get_fs_options(fs)); +@@ -1243,6 +1246,7 @@ static void __attribute__((__noreturn__)) usage(void) + fputc('\n', out); + fputs(_(" -x, --verify verify mount table content (default is fstab)\n"), out); + fputs(_(" --verbose print more details\n"), out); ++ fputs(_(" --vfs-all print all VFS options\n"), out); + + fputs(USAGE_SEPARATOR, out); + printf(USAGE_HELP_OPTIONS(24)); +@@ -1271,8 +1275,9 @@ int main(int argc, char *argv[]) + struct libscols_table *table = NULL; + + enum { +- FINDMNT_OPT_VERBOSE = CHAR_MAX + 1, +- FINDMNT_OPT_TREE ++ FINDMNT_OPT_VERBOSE = CHAR_MAX + 1, ++ FINDMNT_OPT_TREE, ++ FINDMNT_OPT_VFS_ALL + }; + + static const struct option longopts[] = { +@@ -1313,6 +1318,7 @@ int main(int argc, char *argv[]) + { "version", no_argument, NULL, 'V' }, + { "verbose", no_argument, NULL, FINDMNT_OPT_VERBOSE }, + { "tree", no_argument, NULL, FINDMNT_OPT_TREE }, ++ { "vfs-all", no_argument, NULL, FINDMNT_OPT_VFS_ALL }, + { NULL, 0, NULL, 0 } + }; + +@@ -1479,6 +1485,9 @@ int main(int argc, char *argv[]) + case FINDMNT_OPT_TREE: + force_tree = 1; + break; ++ case FINDMNT_OPT_VFS_ALL: ++ flags |= FL_VFS_ALL; ++ break; + default: + errtryhelp(EXIT_FAILURE); + } +diff --git a/misc-utils/findmnt.h b/misc-utils/findmnt.h +index fbaa38e82..9a277b68a 100644 +--- a/misc-utils/findmnt.h ++++ b/misc-utils/findmnt.h +@@ -19,6 +19,8 @@ enum { + FL_STRICTTARGET = (1 << 15), + FL_VERBOSE = (1 << 16), + ++ FL_VFS_ALL = (1 << 19), ++ + /* basic table settings */ + FL_ASCII = (1 << 20), + FL_RAW = (1 << 21), +-- +2.31.1 + diff --git a/SOURCES/0059-nologin-Prevent-error-from-su-c.patch b/SOURCES/0059-nologin-Prevent-error-from-su-c.patch new file mode 100644 index 0000000..9dd8b4a --- /dev/null +++ b/SOURCES/0059-nologin-Prevent-error-from-su-c.patch @@ -0,0 +1,83 @@ +From ae227f0eb3500b49fb78623f51ec9bd4366346ef Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Thu, 10 Oct 2019 01:08:25 +0200 +Subject: [PATCH 59/63] nologin: Prevent error from su -c + +"su -c" can pass "-c" to nologin. It causes ugly error: + +su -c "echo OK" - man +-nologin: invalid option -- 'c' +Try '-nologin --help' for more information. + +Accept -c to prevent this error. + +Upstream: http://github.com/karelzak/util-linux/commit/a174eefb41a2ce8b467bb7e1546953c8bd1223dd +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1922299 +Signed-off-by: Josef Cejka +Signed-off-by: Stanislav Brabec +--- + login-utils/nologin.8 | 11 +++++++++-- + login-utils/nologin.c | 9 +++++++-- + 2 files changed, 16 insertions(+), 4 deletions(-) + +diff --git a/login-utils/nologin.8 b/login-utils/nologin.8 +index ee5948443..9389a86c6 100644 +--- a/login-utils/nologin.8 ++++ b/login-utils/nologin.8 +@@ -18,9 +18,16 @@ The exit code returned by + is always 1. + .PP + .SH OPTIONS +-.IP "\fB\-h, \-\-help\fP" ++ ++ ++.TP ++.IP "\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR" ++Ignored. For compatibility with ++.I su -c "command" - user ++that would cause error otherwise. ++.IP "\fB\-h\fR, \fB\-\-help\fR" + Display help text and exit. +-.IP "\fB-V, \-\-version" ++.IP "\fB-V\fR, \fB\-\-version\fR" + Display version information and exit. + .SH NOTES + .B nologin +diff --git a/login-utils/nologin.c b/login-utils/nologin.c +index b0b6a721c..293f568c1 100644 +--- a/login-utils/nologin.c ++++ b/login-utils/nologin.c +@@ -30,7 +30,8 @@ static void __attribute__((__noreturn__)) usage(void) + fputs(_("Politely refuse a login.\n"), out); + + fputs(USAGE_OPTIONS, out); +- printf(USAGE_HELP_OPTIONS(16)); ++ fputs(_(" -c, --command does nothing (for compatibility with su -c)\n"), out); ++ printf(USAGE_HELP_OPTIONS(26)); + + printf(USAGE_MAN_TAIL("nologin(8)")); + exit(EXIT_FAILURE); +@@ -41,6 +42,7 @@ int main(int argc, char *argv[]) + int c, fd = -1; + struct stat st; + static const struct option longopts[] = { ++ { "command", required_argument, NULL, 'c' }, + { "help", 0, NULL, 'h' }, + { "version", 0, NULL, 'V' }, + { NULL, 0, NULL, 0 } +@@ -50,8 +52,11 @@ int main(int argc, char *argv[]) + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + +- while ((c = getopt_long(argc, argv, "hV", longopts, NULL)) != -1) { ++ while ((c = getopt_long(argc, argv, "c:hV", longopts, NULL)) != -1) { + switch (c) { ++ case 'c': ++ /* Ignore the command, just don't print unknown option error. */ ++ break; + case 'h': + usage(); + break; +-- +2.31.1 + diff --git a/SOURCES/0060-nologin-silently-ignore-well-known-shell-command-lin.patch b/SOURCES/0060-nologin-silently-ignore-well-known-shell-command-lin.patch new file mode 100644 index 0000000..03983d6 --- /dev/null +++ b/SOURCES/0060-nologin-silently-ignore-well-known-shell-command-lin.patch @@ -0,0 +1,124 @@ +From bfa7d299f8a497a835bc250bd765094ee06b8a01 Mon Sep 17 00:00:00 2001 +From: Sami Kerola +Date: Sun, 17 Nov 2019 08:33:04 +0000 +Subject: [PATCH 60/63] nologin: silently ignore well known shell command-line + options + +nologin is typically used in /etc/passwd as a shell replacement. Hence it +is reasonable to ignore well known command-line options silently to avoid +unwanted ugly error messages. + +Addresses: https://github.com/karelzak/util-linux/issues/895 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1922299 +Upstream: http://github.com/karelzak/util-linux/commit/beb61b07c20ab902fec883a4bd087c45d2742dea +Requested-by: Lennart Poettering +Signed-off-by: Sami Kerola +--- + login-utils/nologin.8 | 32 ++++++++++++++++++++++++-------- + login-utils/nologin.c | 33 ++++++++++++++++++++++++++++----- + 2 files changed, 52 insertions(+), 13 deletions(-) + +diff --git a/login-utils/nologin.8 b/login-utils/nologin.8 +index 9389a86c6..d3882e2b1 100644 +--- a/login-utils/nologin.8 ++++ b/login-utils/nologin.8 +@@ -1,4 +1,4 @@ +-.TH NOLOGIN 8 "September 2013" "util-linux" "System Administration" ++.TH NOLOGIN 8 "November 2019" "util-linux" "System Administration" + .SH NAME + nologin \- politely refuse a login + .SH SYNOPSIS +@@ -18,13 +18,29 @@ The exit code returned by + is always 1. + .PP + .SH OPTIONS +- +- +-.TP +-.IP "\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR" +-Ignored. For compatibility with +-.I su -c "command" - user +-that would cause error otherwise. ++\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR ++.br ++\fB\-\-init-file\fR ++.br ++\fB\-i\fR \fB\-\-interactive\fR ++.br ++\fB\-\-init-file\fR \fIfile\fR ++.br ++\fB\-i\fR, \fB\-\-interactive\fR ++.br ++\fB\-l\fR, \fB\-\-login\fR ++.br ++\fB\-\-noprofile\fR ++.br ++\fB\-\-norc\fR ++.br ++\fB\-\-posix\fR ++.br ++\fB\-\-rcfile\fR \fIfile\fR ++.br ++\fB\-r\fR, \fB\-\-restricted\fR ++.IP ++These shell command-line options are ignored to avoid nologin error. + .IP "\fB\-h\fR, \fB\-\-help\fR" + Display help text and exit. + .IP "\fB-V\fR, \fB\-\-version\fR" +diff --git a/login-utils/nologin.c b/login-utils/nologin.c +index 293f568c1..567a9a2ca 100644 +--- a/login-utils/nologin.c ++++ b/login-utils/nologin.c +@@ -41,10 +41,25 @@ int main(int argc, char *argv[]) + { + int c, fd = -1; + struct stat st; ++ enum { ++ OPT_INIT_FILE = CHAR_MAX + 1, ++ OPT_NOPROFILE, ++ OPT_NORC, ++ OPT_POSIX, ++ OPT_RCFILE ++ }; + static const struct option longopts[] = { +- { "command", required_argument, NULL, 'c' }, +- { "help", 0, NULL, 'h' }, +- { "version", 0, NULL, 'V' }, ++ { "command", required_argument, NULL, 'c' }, ++ { "init-file", required_argument, NULL, OPT_INIT_FILE }, ++ { "interactive", no_argument, NULL, 'i' }, ++ { "login", no_argument, NULL, 'l' }, ++ { "noprofile", no_argument, NULL, OPT_NOPROFILE }, ++ { "norc", no_argument, NULL, OPT_NORC }, ++ { "posix", no_argument, NULL, OPT_POSIX }, ++ { "rcfile", required_argument, NULL, OPT_RCFILE }, ++ { "restricted", no_argument, NULL, 'r' }, ++ { "help", no_argument, NULL, 'h' }, ++ { "version", no_argument, NULL, 'V' }, + { NULL, 0, NULL, 0 } + }; + +@@ -52,10 +67,18 @@ int main(int argc, char *argv[]) + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + +- while ((c = getopt_long(argc, argv, "c:hV", longopts, NULL)) != -1) { ++ while ((c = getopt_long(argc, argv, "c:ilrhV", longopts, NULL)) != -1) { + switch (c) { + case 'c': +- /* Ignore the command, just don't print unknown option error. */ ++ case OPT_INIT_FILE: ++ case 'i': ++ case 'l': ++ case OPT_NOPROFILE: ++ case OPT_NORC: ++ case OPT_POSIX: ++ case OPT_RCFILE: ++ case 'r': ++ /* Ignore well known shell command-line options */ + break; + case 'h': + usage(); +-- +2.31.1 + diff --git a/SOURCES/0061-libsmartcols-introduce-default-sort-column.patch b/SOURCES/0061-libsmartcols-introduce-default-sort-column.patch new file mode 100644 index 0000000..861d5b6 --- /dev/null +++ b/SOURCES/0061-libsmartcols-introduce-default-sort-column.patch @@ -0,0 +1,213 @@ +From 543e87865c5b9b7cb08ce8d55da1ef414154d213 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 24 Mar 2021 12:43:17 +0100 +Subject: [PATCH 61/63] libsmartcols: introduce default sort column + +* add default sort column, set by scols_sort_table() + +* sort tree according to default sort column also in scols_sort_table_by_tree() + +The function scols_sort_table() does not sort tree branches if tree +is not enabled. The function scols_sort_table_by_tree() does not care +if tree is enabled and it always follows parent->child relations. For +scols_sort_table_by_tree() we need to follow order in branches if +previously scols_sort_table() has been called. + +For example lsblk calls + + scols_sort_table(tb, cl); + scols_sort_table_by_tree(tb); + +for list-like output (for example lsblk -P) and users assume the +same order as for tree (lsblk --tree). + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1940607 +Upstream: http://github.com/karelzak/util-linux/commit/529b51706ef06611a8165023f14e6593e06901de +Signed-off-by: Karel Zak +--- + libsmartcols/src/smartcolsP.h | 3 ++ + libsmartcols/src/table.c | 60 ++++++++++++++++++++++++---------- + libsmartcols/src/table_print.c | 6 ++-- + misc-utils/lsblk.c | 6 ++-- + 4 files changed, 52 insertions(+), 23 deletions(-) + +diff --git a/libsmartcols/src/smartcolsP.h b/libsmartcols/src/smartcolsP.h +index 510e7a980..8037fb9f5 100644 +--- a/libsmartcols/src/smartcolsP.h ++++ b/libsmartcols/src/smartcolsP.h +@@ -160,6 +160,9 @@ struct libscols_table { + + struct list_head tb_columns; + struct list_head tb_lines; ++ ++ struct libscols_column *dflt_sort_column; /* default sort column, set by scols_sort_table() */ ++ + struct libscols_symbols *symbols; + struct libscols_cell title; /* optional table title (for humans) */ + +diff --git a/libsmartcols/src/table.c b/libsmartcols/src/table.c +index 979a09a39..bbabc0817 100644 +--- a/libsmartcols/src/table.c ++++ b/libsmartcols/src/table.c +@@ -224,6 +224,8 @@ int scols_table_remove_column(struct libscols_table *tb, + + if (cl->flags & SCOLS_FL_TREE) + tb->ntreecols--; ++ if (tb->dflt_sort_column == cl) ++ tb->dflt_sort_column = NULL; + + DBG(TAB, ul_debugobj(tb, "remove column")); + list_del_init(&cl->cl_columns); +@@ -1362,41 +1364,63 @@ static int sort_line_children(struct libscols_line *ln, struct libscols_column * + return 0; + } + ++static int __scols_sort_tree(struct libscols_table *tb, struct libscols_column *cl) ++{ ++ struct libscols_line *ln; ++ struct libscols_iter itr; ++ ++ if (!tb || !cl || !cl->cmpfunc) ++ return -EINVAL; ++ ++ scols_reset_iter(&itr, SCOLS_ITER_FORWARD); ++ while (scols_table_next_line(tb, &itr, &ln) == 0) ++ sort_line_children(ln, cl); ++ return 0; ++} ++ + /** + * scols_sort_table: + * @tb: table +- * @cl: order by this column ++ * @cl: order by this column or NULL + * + * Orders the table by the column. See also scols_column_set_cmpfunc(). If the + * tree output is enabled then children in the tree are recursively sorted too. + * ++ * The column @cl is saved as the default sort column to the @tb and the next time ++ * is possible to call scols_sort_table(tb, NULL). The saved column is also used by ++ * scols_sort_table_by_tree(). ++ * + * Returns: 0, a negative value in case of an error. + */ + int scols_sort_table(struct libscols_table *tb, struct libscols_column *cl) + { +- if (!tb || !cl || !cl->cmpfunc) ++ if (!tb) ++ return -EINVAL; ++ if (!cl) ++ cl = tb->dflt_sort_column; ++ if (!cl || !cl->cmpfunc) + return -EINVAL; + +- DBG(TAB, ul_debugobj(tb, "sorting table")); ++ DBG(TAB, ul_debugobj(tb, "sorting table by %zu column", cl->seqnum)); + list_sort(&tb->tb_lines, cells_cmp_wrapper_lines, cl); + +- if (scols_table_is_tree(tb)) { +- struct libscols_line *ln; +- struct libscols_iter itr; ++ if (scols_table_is_tree(tb)) ++ __scols_sort_tree(tb, cl); + +- scols_reset_iter(&itr, SCOLS_ITER_FORWARD); +- while (scols_table_next_line(tb, &itr, &ln) == 0) +- sort_line_children(ln, cl); +- } ++ if (cl && cl != tb->dflt_sort_column) ++ tb->dflt_sort_column = cl; + + return 0; + } + ++/* ++ * Move all @ln's children after @ln in the table. ++ */ + static struct libscols_line *move_line_and_children(struct libscols_line *ln, struct libscols_line *pre) + { + if (pre) { + list_del_init(&ln->ln_lines); /* remove from old position */ +- list_add(&ln->ln_lines, &pre->ln_lines); /* add to the new place (behind @pre) */ ++ list_add(&ln->ln_lines, &pre->ln_lines); /* add to the new place (after @pre) */ + } + pre = ln; + +@@ -1418,7 +1442,10 @@ static struct libscols_line *move_line_and_children(struct libscols_line *ln, st + * @tb: table + * + * Reorders lines in the table by parent->child relation. Note that order of +- * the lines in the table is independent on the tree hierarchy. ++ * the lines in the table is independent on the tree hierarchy by default. ++ * ++ * The children of the lines are sorted according to the default sort column ++ * if scols_sort_table() has been previously called. + * + * Since: 2.30 + * +@@ -1434,13 +1461,12 @@ int scols_sort_table_by_tree(struct libscols_table *tb) + + DBG(TAB, ul_debugobj(tb, "sorting table by tree")); + +- scols_reset_iter(&itr, SCOLS_ITER_FORWARD); +- while (scols_table_next_line(tb, &itr, &ln) == 0) { +- if (ln->parent) +- continue; ++ if (tb->dflt_sort_column) ++ __scols_sort_tree(tb, tb->dflt_sort_column); + ++ scols_reset_iter(&itr, SCOLS_ITER_FORWARD); ++ while (scols_table_next_line(tb, &itr, &ln) == 0) + move_line_and_children(ln, NULL); +- } + + return 0; + } +diff --git a/libsmartcols/src/table_print.c b/libsmartcols/src/table_print.c +index 8ecfc30e2..337dbbd84 100644 +--- a/libsmartcols/src/table_print.c ++++ b/libsmartcols/src/table_print.c +@@ -585,11 +585,9 @@ static int cell_to_buffer(struct libscols_table *tb, + + ce = scols_line_get_cell(ln, cl->seqnum); + data = ce ? scols_cell_get_data(ce) : NULL; +- if (!data) +- return 0; + + if (!scols_column_is_tree(cl)) +- return buffer_set_data(buf, data); ++ return data ? buffer_set_data(buf, data) : 0; + + /* + * Tree stuff +@@ -605,7 +603,7 @@ static int cell_to_buffer(struct libscols_table *tb, + buffer_set_art_index(buf); + } + +- if (!rc) ++ if (!rc && data) + rc = buffer_append_data(buf, data); + return rc; + } +diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c +index d0369d3e7..cc7894ecf 100644 +--- a/misc-utils/lsblk.c ++++ b/misc-utils/lsblk.c +@@ -1894,10 +1894,12 @@ int main(int argc, char *argv[]) + * /sys is no more sorted */ + lsblk->sort_id = COL_MAJMIN; + +- /* For --inverse --list we still follow parent->child relation */ +- if (lsblk->inverse && !(lsblk->flags & LSBLK_TREE)) ++ /* For --{inverse,raw,pairs} --list we still follow parent->child relation */ ++ if (!(lsblk->flags & LSBLK_TREE) ++ && (lsblk->inverse || lsblk->flags & LSBLK_EXPORT || lsblk->flags & LSBLK_RAW)) + lsblk->force_tree_order = 1; + ++ + if (lsblk->sort_id >= 0 && column_id_to_number(lsblk->sort_id) < 0) { + /* the sort column is not between output columns -- add as hidden */ + add_column(lsblk->sort_id); +-- +2.31.1 + diff --git a/SOURCES/0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch b/SOURCES/0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch new file mode 100644 index 0000000..5a02957 --- /dev/null +++ b/SOURCES/0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch @@ -0,0 +1,120 @@ +From 8681757ee08361d78e4c74da8abae9d6df8623e7 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 28 May 2018 15:46:28 +0200 +Subject: [PATCH 62/63] libmount: accept another flags on MS_REMOUNT|MS_BIND + +The current libmount MS_REMOUNT|MS_BIND support is restricted to +MS_RDONLY (read-only bind mount). This is too restrictive as Linux +kernel supports bind-remount for arbitrary VFS flags. + +After this update you can use + + # mount /dev/sdc1 /mnt/A + # mount --bind -onosuid,noexec /mnt/A /mnt/B + + # findmnt /dev/sdc1 -oTARGET,SOURCE,FS-OPTIONS,VFS-OPTIONS + TARGET SOURCE FS-OPTIONS VFS-OPTIONS + /mnt/A /dev/sdc1 rw,stripe=512,data=ordered rw,relatime + /mnt/B /dev/sdc1 rw,stripe=512,data=ordered rw,nosuid,noexec,relatime + +The "mount --bind" is composed from two syscalls of course (1st is +bind, 2nd is bind,remount,nosuid,noexec). + +Addresses: https://github.com/karelzak/util-linux/issues/637 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1919529 +Upstream: http://github.com/karelzak/util-linux/commit/e82b77e9696a6dada96a7f3ea3ec20a63e8e7b9e +Signed-off-by: Karel Zak +--- + libmount/src/context_mount.c | 22 ++++++++-------------- + libmount/src/mountP.h | 3 +++ + sys-utils/mount.8 | 5 +++-- + 3 files changed, 14 insertions(+), 16 deletions(-) + +diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c +index a6de36178..b88e60507 100644 +--- a/libmount/src/context_mount.c ++++ b/libmount/src/context_mount.c +@@ -107,22 +107,16 @@ static int init_propagation(struct libmnt_context *cxt) + } + + /* +- * add additional mount(2) syscall request to implement "ro,bind", the first regular +- * mount(2) is the "bind" operation, the second is "remount,ro,bind" call. +- * +- * Note that we don't remove "ro" from the first syscall (kernel silently +- * ignores this flags for bind operation) -- maybe one day kernel will support +- * read-only binds in one step and then all will be done by the first mount(2) and the +- * second remount will be noop... ++ * add additional mount(2) syscall request to implement "bind,", the first regular ++ * mount(2) is the "bind" operation, the second is "remount,bind," call. + */ +-static int init_robind(struct libmnt_context *cxt) ++static int init_bind_remount(struct libmnt_context *cxt) + { + struct libmnt_addmount *ad; + int rc; + + assert(cxt); + assert(cxt->mountflags & MS_BIND); +- assert(cxt->mountflags & MS_RDONLY); + assert(!(cxt->mountflags & MS_REMOUNT)); + + DBG(CXT, ul_debugobj(cxt, "mount: initialize additional ro,bind mount")); +@@ -131,9 +125,9 @@ static int init_robind(struct libmnt_context *cxt) + if (!ad) + return -ENOMEM; + +- ad->mountflags = MS_REMOUNT | MS_BIND | MS_RDONLY; +- if (cxt->mountflags & MS_REC) +- ad->mountflags |= MS_REC; ++ ad->mountflags = cxt->mountflags; ++ ad->mountflags |= (MS_REMOUNT | MS_BIND); ++ + rc = mnt_context_append_additional_mount(cxt, ad); + if (rc) + return rc; +@@ -254,9 +248,9 @@ static int fix_optstr(struct libmnt_context *cxt) + return rc; + } + if ((cxt->mountflags & MS_BIND) +- && (cxt->mountflags & MS_RDONLY) ++ && (cxt->mountflags & MNT_BIND_SETTABLE) + && !(cxt->mountflags & MS_REMOUNT)) { +- rc = init_robind(cxt); ++ rc = init_bind_remount(cxt); + if (rc) + return rc; + } +diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h +index 52a238ef3..64a507e61 100644 +--- a/libmount/src/mountP.h ++++ b/libmount/src/mountP.h +@@ -363,6 +363,9 @@ struct libmnt_context + /* default flags */ + #define MNT_FL_DEFAULT 0 + ++/* Flags usable with MS_BIND|MS_REMOUNT */ ++#define MNT_BIND_SETTABLE (MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_NODIRATIME|MS_RELATIME|MS_RDONLY) ++ + /* lock.c */ + extern int mnt_lock_use_simplelock(struct libmnt_lock *ml, int enable); + +diff --git a/sys-utils/mount.8 b/sys-utils/mount.8 +index a4d7de2c0..291e65cb1 100644 +--- a/sys-utils/mount.8 ++++ b/sys-utils/mount.8 +@@ -410,8 +410,9 @@ will be writable, but the + will be read-only. + + It's also possible to change nosuid, nodev, noexec, noatime, nodiratime and +-relatime VFS entry flags by "remount,bind" operation. It's impossible to change +-mount options recursively (for example with \fB-o rbind,ro\fR). ++relatime VFS entry flags by "remount,bind" operation. The another (for example ++filesystem specific flags) are silently ignored. It's impossible to change mount ++options recursively (for example with \fB-o rbind,ro\fR). + + .BR mount (8) + since v2.31 ignores the \fBbind\fR flag from +-- +2.31.1 + diff --git a/SOURCES/0063-libmount-improve-MS_REC-usage.patch b/SOURCES/0063-libmount-improve-MS_REC-usage.patch new file mode 100644 index 0000000..467f70b --- /dev/null +++ b/SOURCES/0063-libmount-improve-MS_REC-usage.patch @@ -0,0 +1,135 @@ +From 9f7fe1b83fcc508dc3e05815d03dbbb752a1cfba Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Fri, 1 Jun 2018 12:16:19 +0200 +Subject: [PATCH 63/63] libmount: improve MS_REC usage + +libmount allows to split one library (mount(8)) call to multiple mount(2) +syscalls, for example + + --rbind --make-rslave + +in this case we have to be careful with MS_REC because the flag is +applied to multiple operations. + + # strace -e mount mount --rbind --make-rslave /mnt/A /mnt/B + +Old version: + + mount("/mnt/A", "/mnt/B", 0x13ecac0, MS_MGC_VAL|MS_BIND, NULL) = 0 + mount("none", "/mnt/B", NULL, MS_REC|MS_SLAVE, NULL) = 0 + +Fixed version: + + mount("/mnt/A", "/mnt/B", 0x1f22ac0, MS_MGC_VAL|MS_BIND|MS_REC, NULL) = 0 + mount("none", "/mnt/B", NULL, MS_REC|MS_SLAVE, NULL) = 0 + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1946921 +Upstream: http://github.com/karelzak/util-linux/commit/816773b475900909d42c2c8282a6ac50252cac22 +Signed-off-by: Karel Zak +--- + libmount/src/context.c | 5 +++++ + libmount/src/context_mount.c | 25 ++++++++++++++++++++++--- + libmount/src/optstr.c | 9 ++++++--- + 3 files changed, 33 insertions(+), 6 deletions(-) + +diff --git a/libmount/src/context.c b/libmount/src/context.c +index e7f1ee934..8e00b75a9 100644 +--- a/libmount/src/context.c ++++ b/libmount/src/context.c +@@ -1375,6 +1375,11 @@ struct libmnt_lock *mnt_context_get_lock(struct libmnt_context *cxt) + * + * both of these calls have the same effect. + * ++ * Be careful if you want to use MS_REC flag -- in this case the bit is applied ++ * to all bind/slave/etc. options. If you want to mix more propadation flags ++ * and/or bind, move operations than it's better to specify mount options by ++ * strings. ++ * + * Returns: 0 on success, negative number in case of error. + */ + int mnt_context_set_mflags(struct libmnt_context *cxt, unsigned long flags) +diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c +index b88e60507..a8e84127c 100644 +--- a/libmount/src/context_mount.c ++++ b/libmount/src/context_mount.c +@@ -73,6 +73,7 @@ static int init_propagation(struct libmnt_context *cxt) + char *opts = (char *) mnt_fs_get_vfs_options(cxt->fs); + size_t namesz; + struct libmnt_optmap const *maps[1]; ++ int rec_count = 0; + + if (!opts) + return 0; +@@ -86,9 +87,19 @@ static int init_propagation(struct libmnt_context *cxt) + struct libmnt_addmount *ad; + int rc; + +- if (!mnt_optmap_get_entry(maps, 1, name, namesz, &ent) +- || !ent +- || !(ent->id & MS_PROPAGATION)) ++ if (!mnt_optmap_get_entry(maps, 1, name, namesz, &ent) || !ent) ++ continue; ++ ++ DBG(CXT, ul_debugobj(cxt, " checking %s", ent->name)); ++ ++ /* Note that MS_REC may be used for more flags, so we have to keep ++ * track about number of recursive options to keep the MS_REC in the ++ * mountflags if necessary. ++ */ ++ if (ent->id & MS_REC) ++ rec_count++; ++ ++ if (!(ent->id & MS_PROPAGATION)) + continue; + + ad = mnt_new_addmount(); +@@ -96,13 +107,21 @@ static int init_propagation(struct libmnt_context *cxt) + return -ENOMEM; + + ad->mountflags = ent->id; ++ DBG(CXT, ul_debugobj(cxt, " adding extra mount(2) call for %s", ent->name)); + rc = mnt_context_append_additional_mount(cxt, ad); + if (rc) + return rc; + ++ DBG(CXT, ul_debugobj(cxt, " removing %s from primary mount(2) call", ent->name)); + cxt->mountflags &= ~ent->id; ++ ++ if (ent->id & MS_REC) ++ rec_count--; + } + ++ if (rec_count) ++ cxt->mountflags |= MS_REC; ++ + return 0; + } + +diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c +index 8248f0dee..cc077ffd9 100644 +--- a/libmount/src/optstr.c ++++ b/libmount/src/optstr.c +@@ -800,14 +800,17 @@ int mnt_optstr_apply_flags(char **optstr, unsigned long flags, + if (rc) + goto err; + } +- if (!(ent->mask & MNT_INVERT)) ++ if (!(ent->mask & MNT_INVERT)) { + fl &= ~ent->id; ++ if (ent->id & MS_REC) ++ fl |= MS_REC; ++ } + } + } + } + +- /* add missing options */ +- if (fl) { ++ /* add missing options (but ignore fl if contains MS_REC only) */ ++ if (fl && fl != MS_REC) { + const struct libmnt_optmap *ent; + char *p; + +-- +2.31.1 + diff --git a/SOURCES/0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch b/SOURCES/0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch new file mode 100644 index 0000000..943384e --- /dev/null +++ b/SOURCES/0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch @@ -0,0 +1,49 @@ +From 84009d2236c73efe7dc4b74372734d5b3306670b Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 5 Sep 2018 11:51:22 +0200 +Subject: [PATCH 64/72] script: be sensitive to another SIGCHLD ssi_codes + +The current signalfd handler cares on CLD_EXITED only. It's pretty +insufficient as there is more situations (and codes) when child no +more running. + +Addresses: https://github.com/karelzak/util-linux/issues/686 +Upstream: http://github.com/util-linux/util-linux/commit/27afe5016842c22d256ea9f88b598d637ca0df84 +Signed-off-by: Karel Zak +--- + term-utils/script.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/term-utils/script.c b/term-utils/script.c +index d5ffa27f1..ff5f808de 100644 +--- a/term-utils/script.c ++++ b/term-utils/script.c +@@ -402,10 +402,15 @@ static void handle_signal(struct script_control *ctl, int fd) + + switch (info.ssi_signo) { + case SIGCHLD: +- DBG(SIGNAL, ul_debug(" get signal SIGCHLD")); +- if (info.ssi_code == CLD_EXITED) { ++ DBG(SIGNAL, ul_debug(" get signal SIGCHLD [ssi_code=%d, ssi_status=%d]", ++ info.ssi_code, info.ssi_status)); ++ if (info.ssi_code == CLD_EXITED ++ || info.ssi_code == CLD_KILLED ++ || info.ssi_code == CLD_DUMPED) { + wait_for_child(ctl, 0); + ctl->poll_timeout = 10; ++ ++ /* In case of ssi_code is CLD_TRAPPED, CLD_STOPPED, or CLD_CONTINUED */ + } else if (info.ssi_status == SIGSTOP && ctl->child) { + DBG(SIGNAL, ul_debug(" child stop by SIGSTOP -- stop parent too")); + kill(getpid(), SIGSTOP); +@@ -433,6 +438,7 @@ static void handle_signal(struct script_control *ctl, int fd) + default: + abort(); + } ++ DBG(SIGNAL, ul_debug("signal handle on FD %d done", fd)); + } + + static void do_io(struct script_control *ctl) +-- +2.31.1 + diff --git a/SOURCES/0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch b/SOURCES/0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch new file mode 100644 index 0000000..bcf806c --- /dev/null +++ b/SOURCES/0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch @@ -0,0 +1,60 @@ +From be29de8b5dfe15972455d25e15068dc31d4376ac Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 6 May 2020 13:32:46 +0200 +Subject: [PATCH 65/72] libfdisk: fix partition calculation for BLKPG_* ioctls + +The include/partx.h interface we use in util-linux uses 512-byte +sectors, but libfdisk uses real sector sizes. + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2016229 +Upstream: http://github.com/util-linux/util-linux/commit/6a4d53ce6466fc97c0ee13846cd1bf7bdd7bfef0 +Signed-off-by: Karel Zak +--- + libfdisk/src/context.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/libfdisk/src/context.c b/libfdisk/src/context.c +index 779a9a889..fe7eb9e7e 100644 +--- a/libfdisk/src/context.c ++++ b/libfdisk/src/context.c +@@ -813,6 +813,7 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org) + struct fdisk_partition **rem = NULL, **add = NULL, **upd = NULL; + int change, rc = 0, err = 0; + size_t nparts, i, nadds = 0, nupds = 0, nrems = 0; ++ unsigned int ssf; + + DBG(CXT, ul_debugobj(cxt, "rereading changes")); + +@@ -845,6 +846,9 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org) + goto done; + } + ++ /* sector size factor -- used to recount from real to 512-byte sectors */ ++ ssf = cxt->sector_size / 512; ++ + for (i = 0; i < nrems; i++) { + pa = rem[i]; + DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_DEL_PARTITION", pa->partno)); +@@ -856,7 +860,8 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org) + for (i = 0; i < nupds; i++) { + pa = upd[i]; + DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_RESIZE_PARTITION", pa->partno)); +- if (partx_resize_partition(cxt->dev_fd, pa->partno + 1, pa->start, pa->size) != 0) { ++ if (partx_resize_partition(cxt->dev_fd, pa->partno + 1, ++ pa->start * ssf, pa->size * ssf) != 0) { + fdisk_warn(cxt, _("Failed to update system information about partition %zu"), pa->partno + 1); + err++; + } +@@ -864,7 +869,8 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org) + for (i = 0; i < nadds; i++) { + pa = add[i]; + DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_ADD_PARTITION", pa->partno)); +- if (partx_add_partition(cxt->dev_fd, pa->partno + 1, pa->start, pa->size) != 0) { ++ if (partx_add_partition(cxt->dev_fd, pa->partno + 1, ++ pa->start * ssf, pa->size * ssf) != 0) { + fdisk_warn(cxt, _("Failed to add partition %zu to system"), pa->partno + 1); + err++; + } +-- +2.31.1 + diff --git a/SOURCES/0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch b/SOURCES/0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch new file mode 100644 index 0000000..da0b864 --- /dev/null +++ b/SOURCES/0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch @@ -0,0 +1,48 @@ +From aecaffc55dd763c34f61937b2047f0aaaeb4e6fc Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 6 Aug 2020 11:32:33 +0200 +Subject: [PATCH 66/74] libfdisk: fix fdisk_reread_changes() for extended + partitions + +Linux kernel assumes only 1KiB extended partition to avoid overlapping +with nested logical partitions. We need to follow this rule for +BLKPG_ADD_PARTITION. + +Addresses: https://github.com/karelzak/util-linux/issues/1112 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2041498 +Upstream: http://github.com/util-linux/util-linux/commit/33f50706fd7c1c5e53f8f355f12b685c6935f5a4 +Signed-off-by: Karel Zak +--- + libfdisk/src/context.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/libfdisk/src/context.c b/libfdisk/src/context.c +index fe7eb9e7e..114101980 100644 +--- a/libfdisk/src/context.c ++++ b/libfdisk/src/context.c +@@ -867,10 +867,21 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org) + } + } + for (i = 0; i < nadds; i++) { ++ uint64_t sz; ++ + pa = add[i]; ++ sz = pa->size * ssf; ++ + DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_ADD_PARTITION", pa->partno)); ++ ++ if (fdisk_is_label(cxt, DOS) && fdisk_partition_is_container(pa)) ++ /* Let's follow the Linux kernel and reduce ++ * DOS extended partition to 1 or 2 sectors. ++ */ ++ sz = min(sz, (uint64_t) 2); ++ + if (partx_add_partition(cxt->dev_fd, pa->partno + 1, +- pa->start * ssf, pa->size * ssf) != 0) { ++ pa->start * ssf, sz) != 0) { + fdisk_warn(cxt, _("Failed to add partition %zu to system"), pa->partno + 1); + err++; + } +-- +2.31.1 + diff --git a/SOURCES/0067-logger-fix-size-use-for-stdin.patch b/SOURCES/0067-logger-fix-size-use-for-stdin.patch new file mode 100644 index 0000000..987a4f9 --- /dev/null +++ b/SOURCES/0067-logger-fix-size-use-for-stdin.patch @@ -0,0 +1,76 @@ +From 7cc5bcfcb2340266a6b42370c9c4c02d8a325d5f Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Oct 2021 18:47:40 +0200 +Subject: [PATCH 67/74] logger: fix --size use for stdin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The stdin version counts log header into the message size, but +for example when it reads message from argv[] it counts only message +itself. + + $ logger --stderr --size 3 "abcd" + <13>Oct 21 18:48:29 kzak: abc + + $ echo "abcd" | logger --stderr --size 3 + logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2011602 +Upstream: http://github.com/util-linux/util-linux/commit/58e4ee082bca100034791a4a74481f263bb30a25 +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index ebdc56ec2..c20ef05f1 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -957,11 +957,9 @@ static void logger_stdin(struct logger_ctl *ctl) + * update header timestamps and to reflect possible priority changes. + * The initial header is generated by logger_open(). + */ +- int has_header = 1; + int default_priority = ctl->pri; + int last_pri = default_priority; +- size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- char *const buf = xmalloc(max_usrmsg_size + 2 + 2); ++ char *buf = xmalloc(ctl->max_message_size + 2 + 2); + int pri; + int c; + size_t i; +@@ -988,27 +986,21 @@ static void logger_stdin(struct logger_ctl *ctl) + ctl->pri = default_priority; + + if (ctl->pri != last_pri) { +- has_header = 0; +- max_usrmsg_size = +- ctl->max_message_size - strlen(ctl->hdr); ++ generate_syslog_header(ctl); + last_pri = ctl->pri; + } + if (c != EOF && c != '\n') + c = getchar(); + } + +- while (c != EOF && c != '\n' && i < max_usrmsg_size) { ++ while (c != EOF && c != '\n' && i < ctl->max_message_size) { + buf[i++] = c; + c = getchar(); + } + buf[i] = '\0'; + +- if (i > 0 || !ctl->skip_empty_lines) { +- if (!has_header) +- generate_syslog_header(ctl); ++ if (i > 0 || !ctl->skip_empty_lines) + write_output(ctl, buf); +- has_header = 0; +- } + + if (c == '\n') /* discard line terminator */ + c = getchar(); +-- +2.31.1 + diff --git a/SOURCES/0068-fstrim-improve-timer-setting.patch b/SOURCES/0068-fstrim-improve-timer-setting.patch new file mode 100644 index 0000000..0c4e534 --- /dev/null +++ b/SOURCES/0068-fstrim-improve-timer-setting.patch @@ -0,0 +1,32 @@ +From ebb628f8b6e9564c036fce152f67512e5755dcfc Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 6 Dec 2021 13:20:37 +0100 +Subject: [PATCH 68/74] fstrim: improve timer setting + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1916151 +Signed-off-by: Karel Zak +--- + sys-utils/fstrim.timer | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sys-utils/fstrim.timer b/sys-utils/fstrim.timer +index 3a3762d5c..54b3c18f5 100644 +--- a/sys-utils/fstrim.timer ++++ b/sys-utils/fstrim.timer +@@ -1,11 +1,13 @@ + [Unit] + Description=Discard unused blocks once a week + Documentation=man:fstrim ++ConditionVirtualization=!container + + [Timer] + OnCalendar=weekly + AccuracySec=1h + Persistent=true ++RandomizedDelaySec=6000 + + [Install] + WantedBy=timers.target +-- +2.31.1 + diff --git a/SOURCES/0069-setpriv-implement-option-to-set-parent-death-signal.patch b/SOURCES/0069-setpriv-implement-option-to-set-parent-death-signal.patch new file mode 100644 index 0000000..a4806c2 --- /dev/null +++ b/SOURCES/0069-setpriv-implement-option-to-set-parent-death-signal.patch @@ -0,0 +1,185 @@ +From 0b421290e05862e1abbb5a82654bd2de9829dd58 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Tue, 10 Apr 2018 12:08:21 +0100 +Subject: [PATCH 69/74] setpriv: implement option to set parent death signal + +When a process uses the syscall `prctl(PR_SET_PDEATHSIG, ...)`, it will +get notified with a process-defined signal as soon as its parent process +dies. This is for example being used by unshare(1)'s recently added +"--kill-child" option, causing the forked child to be killed as soon as +unshare itself dies. + +Unfortunately, some LSMs will cause the parent death signal to be reset +when a process changes credentials, with the most important ones being +SELinux and AppArmor. The following command will thus not work as +expected: + + unshare --fork --kill-child setpriv --reuid user + +As soon as setpriv changes UID, the parent death signal is cleared and +the child will never get signalled when unshare gets killed. + +Add a new option "--pdeathsig keep|clear|". Setting this flag +will cause us to either + +- restore the previously active parent death signal as soon as the + setpriv has applied all credential changes +- clear the parent death signal +- set the parent death signal to "" + +Furthermore, print out the currently set signal when dumping process +state. + +[kzak@redhat.com: - small changes in codding style] + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1894192 +Signed-off-by: Patrick Steinhardt +Signed-off-by: Karel Zak +--- + sys-utils/setpriv.1 | 6 ++++++ + sys-utils/setpriv.c | 49 +++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 55 insertions(+) + +diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1 +index b900f6e08..f989bf33c 100644 +--- a/sys-utils/setpriv.1 ++++ b/sys-utils/setpriv.1 +@@ -139,6 +139,12 @@ is cleared by + .BR execve (2) + and is therefore not allowed. + .TP ++.BR "\-\-pdeathsig keep" | clear | ++Keep, clear or set the parent death signal. Some LSMs, most notably SELinux and ++AppArmor, clear the signal when the process' credentials change. Using ++\fB--pdeathsig keep\fR will restore the parent death signal after changing ++credentials to remedy that situation. ++.TP + .BI \-\-selinux\-label " label" + Request a particular SELinux transition (using a transition on exec, not + dyntrans). This will fail and cause +diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c +index 4147978cc..0d3a3b3c9 100644 +--- a/sys-utils/setpriv.c ++++ b/sys-utils/setpriv.c +@@ -38,6 +38,7 @@ + #include "strutils.h" + #include "xalloc.h" + #include "pathnames.h" ++#include "signames.h" + + #ifndef PR_SET_NO_NEW_PRIVS + # define PR_SET_NO_NEW_PRIVS 38 +@@ -102,6 +103,8 @@ struct privctx { + + /* securebits */ + int securebits; ++ /* parent death signal (<0 clear, 0 nothing, >0 signal) */ ++ int pdeathsig; + + /* LSMs */ + const char *selinux_label; +@@ -135,6 +138,8 @@ static void __attribute__((__noreturn__)) usage(void) + fputs(_(" --init-groups initialize supplementary groups\n"), out); + fputs(_(" --groups set supplementary groups\n"), out); + fputs(_(" --securebits set securebits\n"), out); ++ fputs(_(" --pdeathsig keep|clear|\n" ++ " set or clear parent death signal\n"), out); + fputs(_(" --selinux-label