passt, branch 2023_05_09.96f8d55 Plug A Simple Socket Transport correct -6 option in manpage 2023-05-09T21:29:32+00:00 lemmi lemmi@nerd2nerd.org 2023-05-08T16:05:01+00:00 96f8d55c4f5093fa59c168361c0428b53b6d2d06 Signed-off-by: lemmi <lemmi@nerd2nerd.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Signed-off-by: lemmi <lemmi@nerd2nerd.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
passt: Fix error check for signal(), improve error messages 2023-04-13T17:32:13+00:00 Stefano Brivio sbrivio@redhat.com 2023-04-13T17:32:13+00:00 940bd3eff922c46ac280136e3674ee70ea40f08e Valtteri reports that if SIGPIPE already has a disposition set by the parent process, such as systemd with the default setting of IgnoreSIGPIPE=yes, signal() will return the previous value, not zero, and this is not an error: check for SIG_ERR instead. While at it, split messages for failures of sigaction() and signal(), and report the actual error. Reported-by: Valtteri Vuorikoski <vuori@notcom.org> Fixes: 8534be076c73 ("Catch failures when installing signal handlers") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Valtteri reports that if SIGPIPE already has a disposition set by the
parent process, such as systemd with the default setting of
IgnoreSIGPIPE=yes, signal() will return the previous value, not zero,
and this is not an error: check for SIG_ERR instead.

While at it, split messages for failures of sigaction() and signal(),
and report the actual error.

Reported-by: Valtteri Vuorikoski <vuori@notcom.org>
Fixes: 8534be076c73 ("Catch failures when installing signal handlers")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Enter holder's cwd when changing mount ns with nstool exec 2023-04-07T23:12:12+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:19+00:00 1a3ade90371f7e9490e8f3be0aff83f2e178c327 If we enter a mount namespace with nstool exec our working directory will be changed to / in the new mount ns. This is surprising if we haven't actually altered any mounts yet in the new ns. Instead, change the working directory to match that of the holder process in this situation. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
If we enter a mount namespace with nstool exec our working directory will
be changed to / in the new mount ns.  This is surprising if we haven't
actually altered any mounts yet in the new ns.  Instead, change the working
directory to match that of the holder process in this situation.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Advertise the holder's cwd (in its mountns) across the socket 2023-04-07T23:12:10+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:18+00:00 98031bee73b30ec82a4bc5f078175061d6157b4f This is possible useful in nstool info and has further uses for nstool exec. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This is possible useful in nstool info and has further uses for nstool
exec.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
test: Use "nstool exec" to slightly simplify tests 2023-04-07T23:12:08+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:17+00:00 469b69aaa141a8163a6930e2dd4a25272a85d146 Using this, rather than using "nstool info" to get the pid then manually connecting with nsenter makes things a little simpler. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Using this, rather than using "nstool info" to get the pid then manually
connecting with nsenter makes things a little simpler.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
test: Initialise ${TRACE} properly 2023-04-07T23:12:05+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:16+00:00 3372cd0902f262b591ecb930a12d0049e69ac372 Unlike ${DEBUG} we don't initialize ${TRACE} to 0 if not set, which cases failures when testing it later. That failure acts as though it is false, however it emits spurious errors in script.log, which can make it harder to spot real errors. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Unlike ${DEBUG} we don't initialize ${TRACE} to 0 if not set, which cases
failures when testing it later.  That failure acts as though it is false,
however it emits spurious errors in script.log, which can make it harder to
spot real errors.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Add --keep-caps option to nstool exec 2023-04-07T23:12:03+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:15+00:00 329149d51a7f8132beefcafc688812e2926607e1 This allows you to run commands within a user namespace with the privilege that comes from owning that userns. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This allows you to run commands within a user namespace with the
privilege that comes from owning that userns.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Add nstool exec command to execute commands in an nstool namespace 2023-04-07T23:12:01+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:14+00:00 0b669446482e110719b3935aa4819396dea4d1ab This combines nstool info -pw <sock> with nsenter with various options for a more convenient and less verbose of entering existing nstool managed namespaces. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This combines nstool info -pw <sock> with nsenter with various options for
a more convenient and less verbose of entering existing nstool managed
namespaces.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Helpers to iterate through namespace types 2023-04-07T23:11:59+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:13+00:00 3bcbca5db8547142df54debbe3ca2aba9e807b9c Will make things a bit less verbose in future. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Will make things a bit less verbose in future.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
nstool: Add magic number to advertized information 2023-04-07T23:11:57+00:00 David Gibson david@gibson.dropbear.id.au 2023-04-06T03:28:12+00:00 f6a9ea3af5384ac561b67494073d520145ae2281 So that we'll probably give a better error if you point it at something that's not an nstool hold control socket. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
So that we'll probably give a better error if you point it at something
that's not an nstool hold control socket.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>