| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce the ability to dump the state of the no-new-privs flag, which
states whethere it is allowed to grant new privileges.
function old new delta
setpriv_main 419 467 +48
.rodata 145926 145969 +43
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
setpriv from util-linux has an option to dump the current state
regarding privilege settings via '--dump'. It prints out information on
the real and effective user and group IDs, supplementary groups, the
no-new-privs flag, the capability sets as well as secure bits.
This patch is the start of supporting this mode. To make introduction of
the '--dump' easier to reason about, its introduction has been split
into multiple patches. This particular one introduces the ability to
print out user and group information of the current process.
function old new delta
setpriv_main 89 322 +233
getresuid - 41 +41
getresgid - 41 +41
static.setpriv_longopts 22 29 +7
packed_usage 31675 31669 -6
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 2/1 up/down: 322/-6) Total: 316 bytes
Patch by Patrick Steinhardt <ps@pks.im>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current option parsing logic of setpriv only supports the case where
we want to execute a sub-program and have at most one argument. Refactor
handling of options to solve these shortcomings to make it easy to
support 'setpriv --dump', which does not accept any additional
arguments, as well as the case where additional options are passed to
setpriv. This is done by handling 'argc' ourselves, throwing an error
when no program is specified, as well as introducing an enum for the
different option bitmasks.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By default, the 'getopt32' call will continue parsing the command line
even after hitting a non-option string. But in setpriv, this should be
avoided, as all parameters following the initial non-option argument are
in fact arguments to the binary that is to be executed by setpriv.
Otherwise, calling e.g. 'busybox setpriv ls -l' would result in an error
due to the unknown parameter "-l".
Fix the issue by passing "+" as the first character in the options
string. This will cause 'getopt32' to stop processing after hitting the
first non-option.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a minimal 'setpriv' implementation supporting the NO_NEW_PRIVS bit.
Typical usage:
$ busybox setpriv sudo uname
Linux
$ busybox setpriv --nnp sudo uname
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with
the 'nosuid' option set or an NFS file system without root privileges?
function old new delta
packed_usage 31580 31685 +105
setpriv_main - 87 +87
prctl - 53 +53
static.setpriv_longopts - 22 +22
applet_names 2620 2628 +8
applet_main 1516 1520 +4
------------------------------------------------------------------------------
(add/remove: 5/0 grow/shrink: 3/0 up/down: 279/0) Total: 279 bytes
Signed-off-by: Assaf Gordon <assafgordon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
By klemens <ka7@github.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
No code changes
Surprisingly, nice and renice are coming from different packages :)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| | |
No code changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NAME
fallocate - preallocate or deallocate space to a file
SYNOPSIS
fallocate [-c|-p|-z] [-o offset] -l length [-n] filename
fallocate -d [-o offset] [-l length] filename
DESCRIPTION
fallocate is used to manipulate the allocated disk space for a file,
either to deallocate or preallocate it. For filesystems which support
the fallocate system call, preallocation is done quickly by allocating
blocks and marking them as uninitialized, requiring no IO to the data
blocks. This is much faster than creating a file by filling it with
zeroes.
function old new delta
fallocate_main - 179 +179
applet_names 2597 2606 +9
applet_main 1504 1508 +4
applet_suid 94 95 +1
applet_install_loc 188 189 +1
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NAME
fsfreeze - suspend access to a filesystem (Ext3/4, ReiserFS, JFS, XFS)
SYNOPSIS
fsfreeze --freeze|--unfreeze mountpoint
DESCRIPTION
fsfreeze suspends or resumes access to a filesystem.
fsfreeze halts any new access to the filesystem and creates a stable
image on disk.
AVAILABILITY
The fsfreeze command is part of the util-linux 2.28
function old new delta
fsfreeze_main - 81 +81
applet_names 2597 2606 +9
applet_main 1504 1508 +4
applet_suid 94 95 +1
applet_install_loc 188 189 +1
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Busybox is very often used in initramfs at the end of which usually
there is a switch_root to the actual rootfs. There are many cases where
the console kernel argument is either just a placeholder (for example
RaspberryPi uses serial0 and serial1) or configured as null to avoid any
console messages - usually you would see such of a setup in production
environments.
Currently busybox bails out if can't open the console argument. If this
happenes in initramfs and if the console=null for example, you get in a
blind kernel panic. Avoid this by only warning instead of dying.
function old new delta
switch_root_main 371 368 -3
Signed-off-by: Andrei Gherzan <andrei@gherzan.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 86a03bee1d3d6990c03bf500836b19ec8a1c1f12.
Since now our "mount -oloop" creates AUTOCLEARed loopdevs, we no longer
need our umount to destroy loopdevs to match the usual util-linux behaviour.
Now this revert fixes another, opposite bug: "explicit" mount /dev/loopN
and then umount must not drop loopdevs!
User complaint is as follows:
It seems LOOP_CLR_FD called on a loop-*partition* removes the mapping of
the whole *device* - which results in the following:
root@LEDE:/# loop=$(losetup -f)
root@LEDE:/# echo ${loop}
/dev/loop2
root@LEDE:/# losetup ${loop} /IMAGE
root@LEDE:/# ls -l ${loop}*
brw------- 1 root root 7, 2 Mar 6 20:09 /dev/loop2
root@LEDE:/# partprobe ${loop}
root@LEDE:/# ls -l ${loop}*
brw------- 1 root root 7, 2 Mar 6 20:09 /dev/loop2
brw------- 1 root root 259, 8 Mar 6 21:59 /dev/loop2p1
brw------- 1 root root 259, 9 Mar 6 21:59 /dev/loop2p2
brw------- 1 root root 259, 10 Mar 6 21:59 /dev/loop2p3
brw------- 1 root root 259, 11 Mar 6 21:59 /dev/loop2p4
brw------- 1 root root 259, 12 Mar 6 21:59 /dev/loop2p5
brw------- 1 root root 259, 13 Mar 6 21:59 /dev/loop2p6
brw------- 1 root root 259, 14 Mar 6 21:59 /dev/loop2p7
brw------- 1 root root 259, 15 Mar 6 21:59 /dev/loop2p8
root@LEDE:/# mount ${loop}p8 /MOUNT # mount loop partition
root@LEDE:/# losetup -a | grep $loop # loop dev mapping still there
/dev/loop2: 0 /mnt/IMAGE
root@LEDE:/# strace umount /MOUNT 2> /log # unmount loop partition
root@LEDE:/# losetup -a | grep ${loop} # loop device mapping is gone
root@LEDE:/# grep -i loop /log
open("/dev/loop2p7", O_RDONLY|O_LARGEFILE) = 3
ioctl(3, LOOP_CLR_FD) = 0
root@LEDE:/#
The strace was done to figure out, if maybe umount wrongly ioctl()'s the
parent device instead of the partition - it doesn't.
I already wasn't a fan of umount implicitly removing the mapping in the
first place (as I usually setup and release loop devices with `losetup`
and scripts needed to call umount differently in order to work and
outside busybox).
However taking above (kernel-)behaviour into account - umount calling
ioctl(LOOP_CLR_FD) unconditionally potentially causes some nasty side
effects
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "autolooped" mount (mount [-oloop] IMAGE /DIR/DIR)
always creates AUTOCLEARed loopdevs, so that umounting
drops them (and this does not require any code in the
umount userspace).
This happens since circa linux-2.6.25:
commit 96c5865559cee0f9cbc5173f3c949f6ce3525581
Date: Wed Feb 6 01:36:27 2008 -0800
Subject: Allow auto-destruction of loop devices
IOW: in this case, umount does not have to use -d
to drop the loopdev.
The explicit loop mount (mount /dev/loopN /DIR/DIR)
does not do this. In this case, umount without -d
should not drop loopdev.
Unfortunately, bbox umount currently always implies -d,
this probably needs fixing.
function old new delta
set_loop 537 597 +60
singlemount 1101 1138 +37
losetup_main 419 432 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 110/0) Total: 110 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| |\| |
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| | |
It confused me more than once
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While at it, tweaked hexdump --help
function old new delta
xxd_main 364 414 +50
packed_usage 31097 31114 +17
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yet Another Hexdumper
function old new delta
xxd_main - 364 +364
packed_usage 31046 31116 +70
applet_names 2560 2564 +4
applet_main 1476 1480 +4
rewrite 1022 1013 -9
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 3/1 up/down: 442/-9) Total: 433 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
function old new delta
packed_usage 31062 31035 -27
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
function old new delta
rdate_main 251 246 -5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
function old new delta
rdate_main 251 254 +3
packed_usage 31029 31023 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
function old new delta
set_termios_to_raw - 116 +116
count_lines 72 74 +2
powertop_main 1458 1430 -28
top_main 943 914 -29
more_main 759 714 -45
fsck_minix_main 2969 2921 -48
conspy_main 1197 1135 -62
rawmode 99 36 -63
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/6 up/down: 118/-275) Total: -157 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
function old new delta
get_wh - 27 +27
tcsetattr_tty_TCSANOW - 18 +18
gotsig 35 27 -8
more_main 835 759 -76
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 0/2 up/down: 45/-84) Total: -39 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Redundant help texts (one which only repeats the description)
are deleted.
Descriptions and help texts are trimmed.
Some config options are moved, even across menus.
No config option _names_ are changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| |\| |
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| |\| |
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
static var
function old new delta
list_table 2335 2373 +38
fill_bounds 131 128 -3
part_array_len 4 - -4
get_boot 1584 1574 -10
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/2 up/down: 38/-17) Total: 21 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| | |
For example, without swapoff, code shrinks by 277 bytes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Alpine Linux stumbled over "more -s":
http://bugs.alpinelinux.org/issues/5190
function old new delta
more_main 857 872 +15
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This makes it possible to use scoped IPv6 addresses:
mount -t cifs -o ip=<ADDR>%<iface_id> //<ADDR>/test test
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Gives "mount -t cifs //fe80::6a05:caff:fe3e:dbf5%eth0/test test"
a chance to work: mount must pass "ip=numeric_IPv6%numeric_iface_id"
in the omunt option string. Currently, it does not.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
