rpms
/
util-linux
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2.23-0.1: upgrade to uspream 2.23-rc1 

Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
Karel Zak 2013-03-22 14:10:10 +01:00
parent c2496a27a2
commit 2c19cdfe49
26 changed files with 22 additions and 3419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -22,3 +22,4 @@
/util-linux-2.22.tar.xz
/util-linux-2.22.1.tar.xz
/util-linux-2.22.2.tar.xz
/util-linux-2.23-rc1.tar.xz

34
0001-libmount-don-t-use-umount-optimization-for-l-or-f.patch
View File

@ -1,34 +0,0 @@
From 6eeca6c7170295f325b814ee0cd1576da885cd30 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 15 Oct 2012 11:10:50 +0200
Subject: [PATCH 01/11] libmount: don't use umount optimization for -l or -f
The options -l (lazy) and -f (force) means that the mountpoint may be
unreadable (for example because NFS server is unreadable). So we
should not try to be smart in this case and we should try to minimize
number of situations when stat() or readlink() is used for the
mountpoint.
Signed-off-by: Karel Zak <kzak@redhat.com>
---
libmount/src/context_umount.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
index ce095bf..2c2e64c 100644
--- a/libmount/src/context_umount.c
+++ b/libmount/src/context_umount.c
@@ -83,7 +83,9 @@ static int lookup_umount_fs(struct libmnt_context *cxt)
* where LABEL, UUID or symlinks are to canonicalized. It means that
* it's usable only for canonicalized stuff (e.g. kernel mountinfo).
*/
- if (!cxt->mtab_writable && *tgt == '/') {
+ if (!cxt->mtab_writable && *tgt == '/' &&
+ !mnt_context_is_force(cxt) && !mnt_context_is_lazy(cxt)) {
+
struct stat st;
if (stat(tgt, &st) == 0 && S_ISDIR(st.st_mode)) {
--
1.7.11.7

27
0002-wipefs-use-O_EXCL.patch
View File

@ -1,27 +0,0 @@
From 9faf9c8494cf37fdcf68b1dfe10fd7900e93ec00 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 15 Oct 2012 12:38:09 +0200
Subject: [PATCH 02/11] wipefs: use O_EXCL
Address: https://bugzilla.redhat.com/show_bug.cgi?id=865961
Signed-off-by: Karel Zak <kzak@redhat.com>
---
misc-utils/wipefs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/misc-utils/wipefs.c b/misc-utils/wipefs.c
index cddad8a..0ddc148 100644
--- a/misc-utils/wipefs.c
+++ b/misc-utils/wipefs.c
@@ -309,7 +309,7 @@ static void do_wipe_real(blkid_probe pr, const char *devname, struct wipe_desc *
static struct wipe_desc *
do_wipe(struct wipe_desc *wp, const char *devname, int noact, int all, int quiet)
{
- blkid_probe pr = new_probe(devname, O_RDWR);
+ blkid_probe pr = new_probe(devname, O_RDWR | O_EXCL);
struct wipe_desc *w, *wp0 = clone_offset(wp);
int zap = all ? 1 : wp->zap;
--
1.7.11.7

37
0003-swapon-remove-loop-declaration-smatch-scan.patch
View File

@ -1,37 +0,0 @@
From 10a9cbcf36d43c0d4a13bf5e91315b4ffd29e636 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Mon, 8 Oct 2012 08:08:20 +0100
Subject: [PATCH 03/11] swapon: remove loop declaration [smatch scan]
sys-utils/swapon.c:677:2: error: 'for' loop initial declarations are
only allowed in C99 mode
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
sys-utils/swapon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys-utils/swapon.c b/sys-utils/swapon.c
index c9cabc1..0e1ab66 100644
--- a/sys-utils/swapon.c
+++ b/sys-utils/swapon.c
@@ -642,6 +642,7 @@ static int swapon_all(void)
static void __attribute__ ((__noreturn__)) usage(FILE * out)
{
+ size_t i;
fputs(USAGE_HEADER, out);
fprintf(out, _(" %s [options] [<spec>]\n"), program_invocation_short_name);
@@ -674,7 +675,7 @@ static void __attribute__ ((__noreturn__)) usage(FILE * out)
" <file> name of file to be used\n"), out);
fputs(_("\nAvailable columns (for --show):\n"), out);
- for (size_t i = 0; i < NCOLS; i++)
+ for (i = 0; i < NCOLS; i++)
fprintf(out, " %4s %s\n", infos[i].name, _(infos[i].help));
fprintf(out, USAGE_MAN_TAIL("swapon(8)"));
--
1.7.11.7

35
0004-libblkid-fix-compiler-warning-Wstrict-aliasing.patch
View File

@ -1,35 +0,0 @@
From 9f6c8591eeffb6591dc6a18512e618f0acf09890 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 15 Oct 2012 17:01:30 +0200
Subject: [PATCH 04/11] libblkid: fix compiler warning [-Wstrict-aliasing]
libblkid/src/superblocks/befs.c: In function 'get_uuid':
libblkid/src/superblocks/befs.c:353:6: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
Signed-off-by: Karel Zak <kzak@redhat.com>
---
libblkid/src/superblocks/befs.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libblkid/src/superblocks/befs.c b/libblkid/src/superblocks/befs.c
index a7f4317..452da1e 100644
--- a/libblkid/src/superblocks/befs.c
+++ b/libblkid/src/superblocks/befs.c
@@ -348,9 +348,11 @@ static int get_uuid(blkid_probe pr, const struct befs_super_block *bs,
&& FS16_TO_CPU(sd->name_size, fs_le) == strlen(KEY_NAME)
&& FS16_TO_CPU(sd->data_size, fs_le) == KEY_SIZE
&& strcmp(sd->name, KEY_NAME) == 0) {
- *uuid = *(uint64_t *) ((uint8_t *) sd->name
- + FS16_TO_CPU(sd->name_size, fs_le)
- + 3);
+
+ memcpy(uuid,
+ sd->name + FS16_TO_CPU(sd->name_size, fs_le) + 3,
+ sizeof(uint64_t));
+
break;
} else if (FS32_TO_CPU(sd->type, fs_le) == 0
&& FS16_TO_CPU(sd->name_size, fs_le) == 0
--
1.7.11.7

31
0005-mount-add-c-abbreviation-for-no-canonicalize-to-man-.patch
View File

@ -1,31 +0,0 @@
From 532116d4dd16632806ed4a036c2e89b966221031 Mon Sep 17 00:00:00 2001
From: Bill Pemberton <wfp5p@virginia.edu>
Date: Wed, 10 Oct 2012 16:54:01 -0400
Subject: [PATCH 05/11] mount: add -c abbreviation for --no-canonicalize to
man page
The --no-canonicalize option can also be set using -c. The --help for
mount shows this option but the man page did not. Add -c to the man
page.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
---
sys-utils/mount.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index dce4b8c..83a4518 100644
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -552,7 +552,7 @@ Mount without writing in
This is necessary for example when
.I /etc
is on a read-only filesystem.
-.IP "\fB\-\-no\-canonicalize\fP"
+.IP "\fB\-c, \-\-no\-canonicalize\fP"
Don't canonicalize paths. The mount command canonicalizes all paths
(from command line or fstab) and stores canonicalized paths to the
.IR /etc/mtab
--
1.7.11.7

33
0006-mount-add-long-options-for-L-and-U-to-man-page.patch
View File

@ -1,33 +0,0 @@
From b426209c5ba2126a9038363a269fec884af470fb Mon Sep 17 00:00:00 2001
From: Bill Pemberton <wfp5p@virginia.edu>
Date: Wed, 10 Oct 2012 16:54:02 -0400
Subject: [PATCH 06/11] mount: add long options for -L and -U to man page
The -L and -U flags both have long options too (--label and --uuid).
The usage() function will show them but the man page didn't list them.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
---
sys-utils/mount.8 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index 83a4518..0b40bf7 100644
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -586,10 +586,10 @@ set the block device to read-only mode, see command
.IP "\fB\-w, \-\-rw\fP"
Mount the filesystem read/write. This is the default. A synonym is
.BR "\-o rw" .
-.IP "\fB\-L \fIlabel\fP"
+.IP "\fB\-L, \-\-label \fIlabel\fP"
Mount the partition that has the specified
.IR label .
-.IP "\fB\-U \fIuuid\fP"
+.IP "\fB\-U, \-\-uuid \fIuuid\fP"
Mount the partition that has the specified
.IR uuid .
These two options require the file
--
1.7.11.7

107
0007-lib-loopdev-improve-debug-messages.patch
View File

@ -1,107 +0,0 @@
From deb0e659451d4ade29df3dbb842607edd6080c0d Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 17 Oct 2012 11:42:21 +0200
Subject: [PATCH 07/11] lib/loopdev: improve debug messages
Signed-off-by: Karel Zak <kzak@redhat.com>
---
lib/loopdev.c | 22 ++++++++++++++++++----
sys-utils/losetup.c | 2 --
2 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/lib/loopdev.c b/lib/loopdev.c
index a9f6df2..0e6033a 100644
--- a/lib/loopdev.c
+++ b/lib/loopdev.c
@@ -87,8 +87,10 @@ int loopcxt_set_device(struct loopdev_cxt *lc, const char *device)
if (!lc)
return -EINVAL;
- if (lc->fd >= 0)
+ if (lc->fd >= 0) {
close(lc->fd);
+ DBG(lc, loopdev_debug("closing old open fd"));
+ }
lc->fd = -1;
lc->mode = 0;
lc->has_info = 0;
@@ -158,19 +160,26 @@ int loopcxt_init(struct loopdev_cxt *lc, int flags)
memcpy(lc, &dummy, sizeof(dummy));
lc->flags = flags;
+ if (getenv("LOOPDEV_DEBUG"))
+ loopcxt_enable_debug(lc, TRUE);
+
rc = loopcxt_set_device(lc, NULL);
if (rc)
return rc;
if (!(lc->flags & LOOPDEV_FL_NOSYSFS) &&
- get_linux_version() >= KERNEL_VERSION(2,6,37))
+ get_linux_version() >= KERNEL_VERSION(2,6,37)) {
/*
* Use only sysfs for basic information about loop devices
*/
lc->flags |= LOOPDEV_FL_NOIOCTL;
+ DBG(lc, loopdev_debug("init: ignore ioctls"));
+ }
- if (!(lc->flags & LOOPDEV_FL_CONTROL) && !stat(_PATH_DEV_LOOPCTL, &st))
+ if (!(lc->flags & LOOPDEV_FL_CONTROL) && !stat(_PATH_DEV_LOOPCTL, &st)) {
lc->flags |= LOOPDEV_FL_CONTROL;
+ DBG(lc, loopdev_debug("init: loop-control detected "));
+ }
return 0;
}
@@ -272,7 +281,9 @@ int loopcxt_get_fd(struct loopdev_cxt *lc)
if (lc->fd < 0) {
lc->mode = lc->flags & LOOPDEV_FL_RDWR ? O_RDWR : O_RDONLY;
lc->fd = open(lc->device, lc->mode);
- DBG(lc, loopdev_debug("open %s", lc->fd < 0 ? "failed" : "ok"));
+ DBG(lc, loopdev_debug("open %s [%s]: %s", lc->device,
+ lc->flags & LOOPDEV_FL_RDWR ? "rw" : "ro",
+ lc->fd < 0 ? "failed" : "ok"));
}
return lc->fd;
}
@@ -576,6 +587,7 @@ int loopcxt_next(struct loopdev_cxt *lc)
* of loop devices). This is enough for 99% of all cases.
*/
if (iter->default_check) {
+ DBG(lc, loopdev_debug("iter: next: default check"));
for (++iter->ncur; iter->ncur < LOOPDEV_DEFAULT_NNODES;
iter->ncur++) {
char name[16];
@@ -590,6 +602,7 @@ int loopcxt_next(struct loopdev_cxt *lc)
/* C) the worst possibility, scan whole /dev or /dev/loop/<N>
*/
if (!iter->minors) {
+ DBG(lc, loopdev_debug("iter: next: scan /dev"));
iter->nminors = (lc->flags & LOOPDEV_FL_DEVSUBDIR) ?
loop_scandir(_PATH_DEV_LOOP, &iter->minors, 0) :
loop_scandir(_PATH_DEV, &iter->minors, 1);
@@ -1150,6 +1163,7 @@ int loopcxt_setup_device(struct loopdev_cxt *lc)
DBG(lc, loopdev_debug("setup: backing file open: OK"));
if (lc->fd != -1 && lc->mode != mode) {
+ DBG(lc, loopdev_debug("closing already open device (mode mismatch)"));
close(lc->fd);
lc->fd = -1;
lc->mode = 0;
diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c
index fdcc0be..a8381a8 100644
--- a/sys-utils/losetup.c
+++ b/sys-utils/losetup.c
@@ -250,8 +250,6 @@ int main(int argc, char **argv)
if (loopcxt_init(&lc, 0))
err(EXIT_FAILURE, _("failed to initialize loopcxt"));
- loopcxt_enable_debug(&lc, getenv("LOOPDEV_DEBUG") ? TRUE : FALSE);
-
while ((c = getopt_long(argc, argv, "ac:d:De:E:fhj:o:p:PrvV",
longopts, NULL)) != -1) {
--
1.7.11.7

35
0008-lib-loopdev-check-for-sys.patch
View File

@ -1,35 +0,0 @@
From 939636dd664cc608232c272de77be96e6f089235 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 17 Oct 2012 11:43:39 +0200
Subject: [PATCH 08/11] lib/loopdev: check for /sys
The current loopdev code prefers /sys to get information about
loop devices. The old methods like scan /dev are fallback solution
only. Unfortunately, the code does not check if /sys is mounted.
Addresses: http://blog.flameeyes.eu/2012/10/sophistication-can-be-bad
Signed-off-by: Karel Zak <kzak@redhat.com>
---
lib/loopdev.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/loopdev.c b/lib/loopdev.c
index 0e6033a..f62af83 100644
--- a/lib/loopdev.c
+++ b/lib/loopdev.c
@@ -167,6 +167,12 @@ int loopcxt_init(struct loopdev_cxt *lc, int flags)
if (rc)
return rc;
+ if (stat(_PATH_SYS_BLOCK, &st) || !S_ISDIR(st.st_mode)) {
+ lc->flags |= LOOPDEV_FL_NOSYSFS;
+ lc->flags &= ~LOOPDEV_FL_NOIOCTL;
+ DBG(lc, loopdev_debug("init: disable /sys usage"));
+ }
+
if (!(lc->flags & LOOPDEV_FL_NOSYSFS) &&
get_linux_version() >= KERNEL_VERSION(2,6,37)) {
/*
--
1.7.11.7

49
0009-fsck.cramfs-compile-with-DINCLUDE_FS_TESTS-for-make-.patch
View File

@ -1,49 +0,0 @@
From 75f03f036011003c2a9e8e634ca3ce7930873318 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 22 Oct 2012 10:10:55 +0200
Subject: [PATCH 09/11] fsck.cramfs: compile with -DINCLUDE_FS_TESTS for make
check
make check
sudo su -
cd tests
./run.sh cramfs
Signed-off-by: Karel Zak <kzak@redhat.com>
---
disk-utils/Makemodule.am | 5 +++++
tests/commands.sh | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/disk-utils/Makemodule.am b/disk-utils/Makemodule.am
index f2360bf..b329a99 100644
--- a/disk-utils/Makemodule.am
+++ b/disk-utils/Makemodule.am
@@ -97,6 +97,11 @@ fsck_cramfs_LDADD = $(LDADD) -lz libcommon.la
sbin_PROGRAMS += mkfs.cramfs
mkfs_cramfs_SOURCES = disk-utils/mkfs.cramfs.c $(cramfs_common_sources)
mkfs_cramfs_LDADD = $(LDADD) -lz libcommon.la
+
+check_PROGRAMS += test_fsck.cramfs
+test_fsck_cramfs_SOURCES = $(fsck_cramfs_SOURCES)
+test_fsck_cramfs_LDADD = $(fsck_cramfs_LDADD)
+test_fsck_cramfs_CFLAGS = $(AM_CFLAGS) -DINCLUDE_FS_TESTS
endif
diff --git a/tests/commands.sh b/tests/commands.sh
index 8a1577e..db1d4ac 100644
--- a/tests/commands.sh
+++ b/tests/commands.sh
@@ -37,7 +37,7 @@ TS_CMD_LOSETUP=${TS_CMD_LOSETUP:-"$top_builddir/losetup"}
TS_CMD_MKSWAP=${TS_CMD_MKSWAP:-"$top_builddir/mkswap"}
TS_CMD_MKCRAMFS=${TS_CMD_MKCRAMFS:-"$top_builddir/mkfs.cramfs"}
TS_CMD_MKMINIX=${TS_CMD_MKMINIX:-"$top_builddir/mkfs.minix"}
-TS_CMD_FSCKCRAMFS=${TS_CMD_FSCKCRAMFS:-"$top_builddir/fsck.cramfs"}
+TS_CMD_FSCKCRAMFS=${TS_CMD_FSCKCRAMFS:-"$top_builddir/test_fsck.cramfs"}
TS_CMD_FSCKMINIX=${TS_CMD_FSCKMINIX:-"$top_builddir/fsck.minix"}
TS_CMD_IPCS=${TS_CMD_IPCS:-"$top_builddir/ipcs"}
--
1.7.11.7

44
0010-login-fix-compiler-warning-Wunused-result.patch
View File

@ -1,44 +0,0 @@
From ed68f1e2f5609a3f42492df407d62b8fc006ea17 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 22 Oct 2012 13:13:02 +0200
Subject: [PATCH 10/11] login: fix compiler warning [-Wunused-result]
It's probably unnecessary paranoia, but let's check if we're able to
restore the original IDs after ~/.hushlogin file check.
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/login.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/login-utils/login.c b/login-utils/login.c
index 8ae5266..f5896da 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -1031,13 +1031,17 @@ static int get_hushlogin_status(struct passwd *pwd)
gid_t egid = getegid();
sprintf(buf, "%s/%s", pwd->pw_dir, file);
- setregid(-1, pwd->pw_gid);
- setreuid(0, pwd->pw_uid);
- ok = effective_access(buf, O_RDONLY) == 0;
- setuid(0); /* setreuid doesn't do it alone! */
- setreuid(ruid, 0);
- setregid(-1, egid);
+ if (setregid(-1, pwd->pw_gid) == 0 &&
+ setreuid(0, pwd->pw_uid) == 0)
+ ok = effective_access(buf, O_RDONLY) == 0;
+
+ if (setuid(0) != 0 ||
+ setreuid(ruid, 0) != 0 ||
+ setregid(-1, egid) != 0) {
+ syslog(LOG_ALERT, _("hush login status: restore original IDs failed"));
+ exit(EXIT_FAILURE);
+ }
if (ok)
return 1; /* enabled by user */
}
--
1.7.11.7

63
0011-misc-make-readlink-usage-more-robust.patch
View File

@ -1,63 +0,0 @@
From a3528342bc716ecdabdd86609ae5a3198f560870 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 23 Oct 2012 12:40:39 +0200
Subject: [PATCH 11/11] misc: make readlink() usage more robust
Signed-off-by: Karel Zak <kzak@redhat.com>
---
misc-utils/lsblk.c | 4 ++--
misc-utils/lslocks.c | 2 +-
sys-utils/eject.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c
index cc97c05..9c25dd0 100644
--- a/misc-utils/lsblk.c
+++ b/misc-utils/lsblk.c
@@ -962,7 +962,7 @@ static int get_wholedisk_from_partition_dirent(DIR *dir, const char *dirname,
int len;
if ((len = readlink_at(dirfd(dir), dirname,
- d->d_name, path, sizeof(path))) < 0)
+ d->d_name, path, sizeof(path) - 1)) < 0)
return 0;
path[len] = '\0';
@@ -1075,7 +1075,7 @@ static char *devno_to_sysfs_name(dev_t devno, char *devname, char *buf, size_t b
return NULL;
}
- len = readlink(path, buf, buf_size);
+ len = readlink(path, buf, buf_size - 1);
if (len < 0) {
warn(_("%s: failed to read link"), path);
return NULL;
diff --git a/misc-utils/lslocks.c b/misc-utils/lslocks.c
index 45fb6de..495eb80 100644
--- a/misc-utils/lslocks.c
+++ b/misc-utils/lslocks.c
@@ -196,7 +196,7 @@ static char *get_filename_sz(ino_t inode, pid_t pid, size_t *size)
continue;
if ((len = readlink_at(fd, path, dp->d_name,
- sym, sizeof(path))) < 1)
+ sym, sizeof(sym) - 1)) < 1)
goto out;
*size = sb.st_size;
diff --git a/sys-utils/eject.c b/sys-utils/eject.c
index 1a5b834..6d0da18 100644
--- a/sys-utils/eject.c
+++ b/sys-utils/eject.c
@@ -837,7 +837,7 @@ static char *get_subsystem(char *chain, char *buf, size_t bufsz)
memcpy(chain + len, SUBSYSTEM_LINKNAME, sizeof(SUBSYSTEM_LINKNAME));
/* try if subsystem symlink exists */
- sz = readlink(chain, buf, bufsz);
+ sz = readlink(chain, buf, bufsz - 1);
/* remove last subsystem from chain */
chain[len] = '\0';
--
1.7.11.7

203
0200-su-add-group-and-supp-group-options.patch
View File

@ -1,203 +0,0 @@
From 6273784aa4f40121b3963b41df0986044eeaced0 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 28 Aug 2012 16:32:28 +0200
Subject: [PATCH 200/208] su: add --group and --supp-group options
These options allow to specify alternative groups. The command
su(1) has to be executed by root. The implementation is based on
Fedora runuser(1) command.
For example:
# su --group=kzak --supp-group=uuidd -
# id
uid=0(root) gid=1000(kzak) groups=0(root),985(uuidd),1000(kzak)
non-root user:
$ su --group=kzak -
su: only root can specify alternative groups
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/su.1 | 6 +++++
login-utils/su.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 75 insertions(+), 4 deletions(-)
diff --git a/login-utils/su.1 b/login-utils/su.1
index 598cebd..59e1731 100644
--- a/login-utils/su.1
+++ b/login-utils/su.1
@@ -59,6 +59,12 @@ Pass
to the shell which may or may not be useful depending on the
shell.
.TP
+\fB\-g\fR, \fB\-\-group\fR=\fIgroup\fR\fR
+specify the primary group, this option is allowed for root user only
+.TP
+\fB\-G\fR, \fB\-\-supp-group\fR=\fIgroup\fR\fR
+specify a supplemental group, this option is allowed for root user only
+.TP
\fB\-\fR, \fB\-l\fR, \fB\-\-login\fR
Starts the shell as login shell with an environment similar to a real
login:
diff --git a/login-utils/su.c b/login-utils/su.c
index c6b8bce..f11c757 100644
--- a/login-utils/su.c
+++ b/login-utils/su.c
@@ -110,6 +110,8 @@ static struct option const longopts[] =
{"login", no_argument, NULL, 'l'},
{"preserve-environment", no_argument, NULL, 'p'},
{"shell", required_argument, NULL, 's'},
+ {"group", required_argument, NULL, 'g'},
+ {"supp-group", required_argument, NULL, 'G'},
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'V'},
{NULL, 0, NULL, 0}
@@ -424,11 +426,18 @@ modify_environment (const struct passwd *pw, const char *shell)
/* Become the user and group(s) specified by PW. */
static void
-init_groups (const struct passwd *pw)
+init_groups (const struct passwd *pw, gid_t *groups, int num_groups)
{
int retval;
+
errno = 0;
- if (initgroups (pw->pw_name, pw->pw_gid) == -1)
+
+ if (num_groups)
+ retval = setgroups (num_groups, groups);
+ else
+ retval = initgroups (pw->pw_name, pw->pw_gid);
+
+ if (retval == -1)
{
cleanup_pam (PAM_ABORT);
err (EXIT_FAILURE, _("cannot set groups"));
@@ -535,6 +544,8 @@ usage (int status)
-c, --command <command> pass a single command to the shell with -c\n\
--session-command <command> pass a single command to the shell with -c\n\
and do not create a new session\n\
+ -g --group=group specify the primary group\n\
+ -G --supp-group=group specify a supplemental group\n\
-f, --fast pass -f to the shell (for csh or tcsh)\n\
-m, --preserve-environment do not reset environment variables\n\
-p same as -m\n\
@@ -556,6 +567,19 @@ void load_config(void)
logindefs_load_file(_PATH_LOGINDEFS);
}
+/*
+ * Returns 1 if the current user is not root
+ */
+static int
+evaluate_uid(void)
+{
+ uid_t ruid = getuid();
+ uid_t euid = geteuid();
+
+ /* if we're really root and aren't running setuid */
+ return (uid_t) 0 == ruid && ruid == euid ? 0 : 1;
+}
+
int
main (int argc, char **argv)
{
@@ -566,6 +590,11 @@ main (int argc, char **argv)
char *shell = NULL;
struct passwd *pw;
struct passwd pw_copy;
+ struct group *gr;
+ gid_t groups[NGROUPS_MAX];
+ int num_supp_groups = 0;
+ int use_gid = 0;
+ int restricted;
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
@@ -575,7 +604,7 @@ main (int argc, char **argv)
simulate_login = false;
change_environment = true;
- while ((optc = getopt_long (argc, argv, "c:flmps:hV", longopts, NULL)) != -1)
+ while ((optc = getopt_long (argc, argv, "c:fg:G:lmps:hV", longopts, NULL)) != -1)
{
switch (optc)
{
@@ -592,6 +621,26 @@ main (int argc, char **argv)
fast_startup = true;
break;
+ case 'g':
+ gr = getgrnam(optarg);
+ if (!gr)
+ errx(EXIT_FAILURE, _("group %s does not exist"), optarg);
+ use_gid = 1;
+ groups[0] = gr->gr_gid;
+ break;
+
+ case 'G':
+ num_supp_groups++;
+ if (num_supp_groups >= NGROUPS_MAX)
+ errx(EXIT_FAILURE,
+ _("can't specify more than %d supplemental groups"),
+ NGROUPS_MAX - 1);
+ gr = getgrnam(optarg);
+ if (!gr)
+ errx(EXIT_FAILURE, _("group %s does not exist"), optarg);
+ groups[num_supp_groups] = gr->gr_gid;
+ break;
+
case 'l':
simulate_login = true;
break;
@@ -617,6 +666,8 @@ main (int argc, char **argv)
}
}
+ restricted = evaluate_uid ();
+
if (optind < argc && !strcmp (argv[optind], "-"))
{
simulate_login = true;
@@ -625,6 +676,9 @@ main (int argc, char **argv)
if (optind < argc)
new_user = argv[optind++];
+ if ((num_supp_groups || use_gid) && restricted)
+ errx(EXIT_FAILURE, _("only root can specify alternative groups"));
+
logindefs_load_defaults = load_config;
pw = getpwnam (new_user);
@@ -648,6 +702,17 @@ main (int argc, char **argv)
: DEFAULT_SHELL);
endpwent ();
+ if (num_supp_groups && !use_gid)
+ {
+ pw->pw_gid = groups[1];
+ memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
+ }
+ else if (use_gid)
+ {
+ pw->pw_gid = groups[0];
+ num_supp_groups++;
+ }
+
authenticate (pw);
if (request_same_session || !command || !pw->pw_uid)
@@ -666,7 +731,7 @@ main (int argc, char **argv)
}
shell = xstrdup (shell ? shell : pw->pw_shell);
- init_groups (pw);
+ init_groups (pw, groups, num_supp_groups);
create_watching_parent ();
/* Now we're in the child. */
--
1.7.11.7

1576
0201-su-move-generic-su-code-to-su-common.c.patch
View File

File diff suppressed because it is too large Load Diff

450
0202-runuser-new-command-derived-from-su-1.patch
View File

@ -1,450 +0,0 @@
From d8c2f623ab9d9e7da1490244cb8c77c3017545dc Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 29 Aug 2012 17:34:26 +0200
Subject: [PATCH 202/208] runuser: new command (derived from su(1))
This command is based on su(1), the differences:
- based on Fedora runuser su(1) patch
- not installed with suid rights
- allowed for root users only
- don't ask for password
- uses PAM session, for example:
$ cat /etc/pam.d/runuser
auth sufficient pam_rootok.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session required pam_unix.so
$ cat /etc/pam.d/runuser-l
auth include runuser
session optional pam_keyinit.so force revoke
session include runuser
Signed-off-by: Karel Zak <kzak@redhat.com>
---
.gitignore | 1 +
configure.ac | 9 ++
login-utils/Makemodule.am | 13 +++
login-utils/runuser.1 | 230 ++++++++++++++++++++++++++++++++++++++++++++++
login-utils/runuser.c | 7 ++
login-utils/su-common.c | 51 ++++++++--
6 files changed, 303 insertions(+), 8 deletions(-)
create mode 100644 login-utils/runuser.1
create mode 100644 login-utils/runuser.c
#diff --git a/.gitignore b/.gitignore
#index fbc5636..5be008f 100644
#--- a/.gitignore
#+++ b/.gitignore
#@@ -138,6 +138,7 @@ tests/run.sh.trs
# /resizepart
# /rev
# /rtcwake
#+/runuser
# /sample-mkfs
# /sample-partitions
# /sample-superblocks
diff --git a/configure.ac b/configure.ac
index 87e85fa..83ef6ce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1149,6 +1149,15 @@ UL_REQUIRES_HAVE([su], [security_pam_misc_h], [PAM header file])
AM_CONDITIONAL(BUILD_SU, test "x$build_su" = xyes)
+AC_ARG_ENABLE([runuser],
+ AS_HELP_STRING([--disable-runuser], [do not build runuser]),
+ [], enable_runuser=yes
+)
+UL_BUILD_INIT([runuser])
+UL_REQUIRES_HAVE([runuser], [security_pam_misc_h], [PAM header file])
+AM_CONDITIONAL(BUILD_RUNUSER, test "x$build_runuser" = xyes)
+
+
AC_ARG_ENABLE([schedutils],
AS_HELP_STRING([--disable-schedutils], [do not build chrt, ionice, teskset]),
[], enable_schedutils=yes
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index b918f00..e26d9a7 100644
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -93,6 +93,19 @@ su_LDADD = $(LDADD) -lpam -lpam_misc
endif
+if BUILD_RUNUSER
+bin_PROGRAMS += runuser
+dist_man_MANS += login-utils/runuser.1
+runuser_SOURCES = \
+ login-utils/runuser.c \
+ login-utils/su-common.c \
+ login-utils/su-common.h \
+ login-utils/logindefs.c \
+ login-utils/logindefs.h
+runuser_LDADD = $(LDADD) -lpam -lpam_misc
+endif
+
+
if BUILD_NEWGRP
usrbin_exec_PROGRAMS += newgrp
dist_man_MANS += login-utils/newgrp.1
diff --git a/login-utils/runuser.1 b/login-utils/runuser.1
new file mode 100644
index 0000000..66ad1c4
--- /dev/null
+++ b/login-utils/runuser.1
@@ -0,0 +1,230 @@
+.TH RUNUSER "1" "August 2012" "util-linux" "User Commands"
+.SH NAME
+runuser \- run a command with substitute user and group ID
+.SH SYNOPSIS
+.B runuser
+[options...] [\-] [user [args...]]
+.SH DESCRIPTION
+.B runuser
+allows to run commands with substitute user and group ID.
+The difference between the commands
+.B runuser
+and
+.B su
+is that
+.B runuser
+does not ask for password, because it may be executed by root user only.
+The command
+.B runuser
+does not have to be installed with suid permissions.
+.PP
+When called without arguments
+.B runuser
+defaults to running an interactive shell as
+.IR root .
+.PP
+For backward compatibility
+.B runuser
+defaults to not change the current directory and to only set the
+environment variables
+.B HOME
+and
+.B SHELL
+(plus
+.B USER
+and
+.B LOGNAME
+if the target
+.I user
+is not root). It is recommended to always use the
+.B \-\-login
+option (instead it's shortcut
+.BR \- )
+to avoid side effects caused by mixing environments.
+.PP
+This version of
+.B runuser
+uses PAM for session management.
+.SH OPTIONS
+.TP
+\fB\-c\fR \fIcommand\fR, \fB\-\-command\fR=\fIcommand\fR
+Pass
+.I command
+to the shell with the
+.B \-c
+option.
+.TP
+\fB\-\-session\-command\fR=\fIcommand\fR
+Same as
+.B \-c
+but do not create a new session (discouraged).
+.TP
+\fB\-f\fR, \fB\-\-fast\fR
+Pass
+.B \-f
+to the shell which may or may not be useful depending on the
+shell.
+.TP
+\fB\-g\fR, \fB\-\-group\fR=\fIgroup\fR\fR
+specify the primary group, this option is allowed for root user only
+.TP
+\fB\-G\fR, \fB\-\-supp-group\fR=\fIgroup\fR\fR
+specify a supplemental group, this option is allowed for root user only
+.TP
+\fB\-\fR, \fB\-l\fR, \fB\-\-login\fR
+Starts the shell as login shell with an environment similar to a real
+login:
+.RS 10
+.TP
+o
+clears all environment variables except for
+.B TERM
+.TP
+o
+initializes the environment variables
+.BR HOME ,
+.BR SHELL ,
+.BR USER ,
+.BR LOGNAME ,
+.B PATH
+.TP
+o
+changes to the target user's home directory
+.TP
+o
+sets argv[0] of the shell to
+.RB ' \- '
+in order to make the shell a login shell
+.RE
+.TP
+\fB\-m\fR, \fB\-p\fR, \fB\-\-preserve-environment\fR
+Preserves the whole environment, ie does not set
+.BR HOME ,
+.BR SHELL ,
+.B USER
+nor
+.BR LOGNAME .
+.TP
+\fB\-s\fR \fISHELL\fR, \fB\-\-shell\fR=\fISHELL\fR
+Runs the specified shell instead of the default. The shell to run is
+selected according to the following rules in order:
+.RS 10
+.TP
+o
+the shell specified with
+.B \-\-shell
+.TP
+o
+The shell specified in the environment variable
+.B SHELL
+if the
+.B \-\-preserve-environment
+option is used.
+.TP
+o
+the shell listed in the passwd entry of the target user
+.TP
+o
+/bin/sh
+.RE
+.IP
+If the target user has a restricted shell (i.e. not listed in
+/etc/shells) the
+.B \-\-shell
+option and the
+.B SHELL
+environment variables are ignored unless the calling user is root.
+.TP
+\fB\-\-help\fR
+Display help text and exit.
+.TP
+\fB\-\-version\fR
+Display version information and exit.
+.SH CONFIG FILES
+.B runuser
+reads the
+.I /etc/default/runuser
+and
+.I /etc/login.defs
+configuration files. The following configuration items are relevant
+for
+.BR runuser :
+.PP
+.B ENV_PATH
+(string)
+.RS 4
+Defines the PATH environment variable for a regular user. The
+default value is
+.IR /usr/local/bin:\:/bin:\:/usr/bin .
+.RE
+.PP
+.B ENV_ROOTPATH
+(string)
+.br
+.B ENV_SUPATH
+(string)
+.RS 4
+Defines the PATH environment variable for root. The default value is
+.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
+.RE
+.PP
+.B ALWAYS_SET_PATH
+(boolean)
+.RS 4
+If set to
+.I yes
+and \-\-login and \-\-preserve\-environment were not specified
+.B runuser
+initializes
+.BR PATH .
+.RE
+.SH EXIT STATUS
+.B runuser
+normally returns the exit status of the command it executed. If the
+command was killed by a signal,
+.B runuser
+returns the number of the signal plus 128.
+.PP
+Exit status generated by
+.B runuser
+itself:
+.RS 10
+.TP
+1
+Generic error before executing the requested command
+.TP
+126
+The requested command could not be executed
+.TP
+127
+The requested command could was not found
+.RE
+.SH FILES
+.PD 0
+.TP 17
+/etc/pam.d/runuser
+default PAM configuration file
+.TP
+/etc/pam.d/runuser-l
+PAM configuration file if \-\-login is specified
+.TP
+/etc/default/runuser
+runuser specific logindef config file
+.TP
+/etc/login.defs
+global logindef config file
+.PD 1
+.SH "SEE ALSO"
+.BR pam (8),
+.BR shells (5),
+.BR login.defs (5),
+.BR su (1)
+.SH AUTHOR
+Derived from coreutils' su which was based on an implemenation from
+David MacKenzie and Fedora runuser command from Dan Walsh.
+.SH AVAILABILITY
+The runuser command is part of the util-linux package and is
+available from
+.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
+Linux Kernel Archive
+.UE .
diff --git a/login-utils/runuser.c b/login-utils/runuser.c
new file mode 100644
index 0000000..d4f37f4
--- /dev/null
+++ b/login-utils/runuser.c
@@ -0,0 +1,7 @@
+
+#include "su-common.h"
+
+int main(int argc, char **argv)
+{
+ return su_main(argc, argv, RUNUSER_MODE);
+}
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index f1f46aa..770f455 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -65,8 +65,14 @@ enum
#include "env.h"
/* name of the pam configuration files. separate configs for su and su - */
-#define PAM_SERVICE_NAME "su"
-#define PAM_SERVICE_NAME_L "su-l"
+#define PAM_SRVNAME_SU "su"
+#define PAM_SRVNAME_SU_L "su-l"
+
+#define PAM_SRVNAME_RUNUSER "runuser"
+#define PAM_SRVNAME_RUNUSER_L "runuser-l"
+
+#define _PATH_LOGINDEFS_SU "/etc/defaults/su"
+#define _PATH_LOGINDEFS_RUNUSER "/etc/defaults/runuser"
#define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS)
@@ -106,6 +112,8 @@ static bool _pam_cred_established;
static sig_atomic_t volatile caught_signal = false;
static pam_handle_t *pamh = NULL;
+static int restricted = 1; /* zero for root user */
+
static struct option const longopts[] =
{
{"command", required_argument, NULL, 'c'},
@@ -146,7 +154,8 @@ log_su (struct passwd const *pw, bool successful)
openlog (program_invocation_short_name, 0 , LOG_AUTH);
syslog (LOG_NOTICE, "%s(to %s) %s on %s",
- successful ? "" : "FAILED SU ",
+ successful ? "" :
+ su_mode == RUNUSER_MODE ? "FAILED RUNUSER " : "FAILED SU ",
new_user, old_user, tty);
closelog ();
}
@@ -315,11 +324,19 @@ static void
authenticate (const struct passwd *pw)
{
const struct passwd *lpw;
- const char *cp;
+ const char *cp, *srvname = NULL;
int retval;
- retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
- pw->pw_name, &conv, &pamh);
+ switch (su_mode) {
+ case SU_MODE:
+ srvname = simulate_login ? PAM_SRVNAME_SU_L : PAM_SRVNAME_SU;
+ break;
+ case RUNUSER_MODE:
+ srvname = simulate_login ? PAM_SRVNAME_RUNUSER_L : PAM_SRVNAME_RUNUSER;
+ break;
+ }
+
+ retval = pam_start (srvname, pw->pw_name, &conv, &pamh);
if (is_pam_failure(retval))
goto done;
@@ -344,6 +361,17 @@ authenticate (const struct passwd *pw)
goto done;
}
+ if (su_mode == RUNUSER_MODE)
+ {
+ /*
+ * This is the only difference between runuser(1) and su(1). The command
+ * runuser(1) does not required authentication, because user is root.
+ */
+ if (restricted)
+ errx(EXIT_FAILURE, _("may not be used by non-root users"));
+ return;
+ }
+
retval = pam_authenticate (pamh, 0);
if (is_pam_failure(retval))
goto done;
@@ -567,7 +595,15 @@ usage (int status)
static
void load_config(void)
{
- logindefs_load_file("/etc/default/su");
+ switch (su_mode) {
+ case SU_MODE:
+ logindefs_load_file(_PATH_LOGINDEFS_SU);
+ break;
+ case RUNUSER_MODE:
+ logindefs_load_file(_PATH_LOGINDEFS_RUNUSER);
+ break;
+ }
+
logindefs_load_file(_PATH_LOGINDEFS);
}
@@ -598,7 +634,6 @@ su_main (int argc, char **argv, int mode)
gid_t groups[NGROUPS_MAX];
int num_supp_groups = 0;
int use_gid = 0;
- int restricted;
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
--
1.7.11.7

68
0203-su-more-robust-getpwuid-for-GNU-Hurt-coreutils-71b7d.patch
View File

@ -1,68 +0,0 @@
From 8f33f59e72bef913068f9a80338f12d8d4434010 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 5 Sep 2012 11:13:34 +0200
Subject: [PATCH 203/208] su: more robust getpwuid() for GNU Hurt [coreutils
71b7ddc]
Let's support GNU Hurd over-engineering where a process can exist
without UID and getuid() returns -1 and sets errno.
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/su-common.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 770f455..a253dda 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -129,6 +129,26 @@ static struct option const longopts[] =
{NULL, 0, NULL, 0}
};
+
+static struct passwd *
+current_getpwuid(void)
+{
+ uid_t ruid;
+
+ /* GNU Hurd implementation has an extension where a process can exist in a
+ * non-conforming environment, and thus be outside the realms of POSIX
+ * process identifiers; on this platform, getuid() fails with a status of
+ * (uid_t)(-1) and sets errno if a program is run from a non-conforming
+ * environment.
+ *
+ * http://austingroupbugs.net/view.php?id=511
+ */
+ errno = 0;
+ ruid = getuid ();
+
+ return errno == 0 ? getpwuid (ruid) : NULL;
+}
+
/* Log the fact that someone has run su to the user given by PW;
if SUCCESSFUL is true, they gave the correct password, etc. */
@@ -145,8 +165,8 @@ log_su (struct passwd const *pw, bool successful)
{
/* getlogin can fail -- usually due to lack of utmp entry.
Resort to getpwuid. */
- struct passwd *pwd = getpwuid (getuid ());
- old_user = (pwd ? pwd->pw_name : "");
+ struct passwd *pwd = current_getpwuid();
+ old_user = pwd ? pwd->pw_name : "";
}
tty = ttyname (STDERR_FILENO);
if (!tty)
@@ -353,7 +373,7 @@ authenticate (const struct passwd *pw)
goto done;
}
- lpw = getpwuid (getuid ());
+ lpw = current_getpwuid ();
if (lpw && lpw->pw_name)
{
retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
--
1.7.11.7

33
0204-su-verify-writing-to-streams-was-successful.patch
View File

@ -1,33 +0,0 @@
From 589e24a625c5e83805e95b917eaf3bf1be64369e Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 5 Sep 2012 11:21:07 +0200
Subject: [PATCH 204/208] su: verify writing to streams was successful
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/su-common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index a253dda..1f97328 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -63,6 +63,7 @@ enum
#include "nls.h"
#include "pathnames.h"
#include "env.h"
+#include "closestream.h"
/* name of the pam configuration files. separate configs for su and su - */
#define PAM_SRVNAME_SU "su"
@@ -658,6 +659,7 @@ su_main (int argc, char **argv, int mode)
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
+ atexit(close_stdout);
su_mode = mode;
fast_startup = false;
--
1.7.11.7

60
0205-su-move-long-options-to-main.patch
View File

@ -1,60 +0,0 @@
From bea3752e9d048895b6750e2d0d8ce72fed20cef9 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 5 Sep 2012 11:26:20 +0200
Subject: [PATCH 205/208] su: move long options to main()
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/su-common.c | 29 ++++++++++++++---------------
1 file changed, 14 insertions(+), 15 deletions(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 1f97328..778738f 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -115,21 +115,6 @@ static pam_handle_t *pamh = NULL;
static int restricted = 1; /* zero for root user */
-static struct option const longopts[] =
-{
- {"command", required_argument, NULL, 'c'},
- {"session-command", required_argument, NULL, 'C'},
- {"fast", no_argument, NULL, 'f'},
- {"login", no_argument, NULL, 'l'},
- {"preserve-environment", no_argument, NULL, 'p'},
- {"shell", required_argument, NULL, 's'},
- {"group", required_argument, NULL, 'g'},
- {"supp-group", required_argument, NULL, 'G'},
- {"help", no_argument, 0, 'h'},
- {"version", no_argument, 0, 'V'},
- {NULL, 0, NULL, 0}
-};
-
static struct passwd *
current_getpwuid(void)
@@ -656,6 +641,20 @@ su_main (int argc, char **argv, int mode)
int num_supp_groups = 0;
int use_gid = 0;
+ static const struct option longopts[] = {
+ {"command", required_argument, NULL, 'c'},
+ {"session-command", required_argument, NULL, 'C'},
+ {"fast", no_argument, NULL, 'f'},
+ {"login", no_argument, NULL, 'l'},
+ {"preserve-environment", no_argument, NULL, 'p'},
+ {"shell", required_argument, NULL, 's'},
+ {"group", required_argument, NULL, 'g'},
+ {"supp-group", required_argument, NULL, 'G'},
+ {"help", no_argument, 0, 'h'},
+ {"version", no_argument, 0, 'V'},
+ {NULL, 0, NULL, 0}
+ };
+
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
--
1.7.11.7

40
0206-su-add-segmentation-fault-reporting-of-the-child-pro.patch
View File

@ -1,40 +0,0 @@
From 1fe22a730b1a6595c6da9ea8cd58594337e66dc3 Mon Sep 17 00:00:00 2001
From: Ondrej Oprala <ooprala@redhat.com>
Date: Tue, 11 Sep 2012 16:39:17 +0200
Subject: [PATCH 206/208] su: add segmentation fault reporting of the child
process
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Child processes that ended with segmentation fault previously
indicated this with return status only. The report is now more
verbose if core dump is allowed.
Improved-by: Pádraig Brady <P@draigBrady.com>
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
---
login-utils/su-common.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 778738f..118e080 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -300,7 +300,12 @@ create_watching_parent (void)
}
if (pid != (pid_t)-1)
if (WIFSIGNALED (status))
- status = WTERMSIG (status) + 128;
+ {
+ status = WTERMSIG (status) + 128;
+ if (WCOREDUMP (status))
+ fprintf (stderr, _("%s (core dumped)\n"),
+ strsignal (WTERMSIG (status)));
+ }
else
status = WEXITSTATUS (status);
else
--
1.7.11.7

26
0207-su-fixed-a-typo-in-pam-error-message.patch
View File

@ -1,26 +0,0 @@
From 2f3cb337e1cda9e897480f256453f369914380b3 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.cz>
Date: Mon, 1 Oct 2012 14:48:16 +0200
Subject: [PATCH 207/208] su: fixed a typo in pam error message
Signed-off-by: Vitezslav Cizek <vcizek@suse.cz>
---
login-utils/su-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 118e080..ea6864e 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -223,7 +223,7 @@ create_watching_parent (void)
if (is_pam_failure(retval))
{
cleanup_pam (retval);
- errx (EXIT_FAILURE, _("cannot not open session: %s"),
+ errx (EXIT_FAILURE, _("cannot open session: %s"),
pam_strerror (pamh, retval));
}
else
--
1.7.11.7

281
0208-runuser-add-u-to-not-execute-shell.patch
View File

@ -1,281 +0,0 @@
From f0c57c2b1129b17e68e54d08421d1f209f1b6c57 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 13 Sep 2012 11:58:00 +0200
Subject: [PATCH 208/208] runuser: add -u to not execute shell
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/runuser.1 | 20 ++++---
login-utils/su-common.c | 138 +++++++++++++++++++++++++++++++-----------------
login-utils/su.1 | 1 +
3 files changed, 105 insertions(+), 54 deletions(-)
diff --git a/login-utils/runuser.1 b/login-utils/runuser.1
index 66ad1c4..4620165 100644
--- a/login-utils/runuser.1
+++ b/login-utils/runuser.1
@@ -3,10 +3,21 @@
runuser \- run a command with substitute user and group ID
.SH SYNOPSIS
.B runuser
-[options...] [\-] [user [args...]]
+[options] -u
+.IR user
+.IR "command " [ argument ...]
+.LP
+.B runuser
+[options] [-]
+[
+.IR "user " [ argument ...]
+]
.SH DESCRIPTION
.B runuser
allows to run commands with substitute user and group ID.
+If the option \fB\-u\fR not given, fallback to
+.B su
+compatible semantic and shell is executed.
The difference between the commands
.B runuser
and
@@ -36,12 +47,7 @@ and
.B LOGNAME
if the target
.I user
-is not root). It is recommended to always use the
-.B \-\-login
-option (instead it's shortcut
-.BR \- )
-to avoid side effects caused by mixing environments.
-.PP
+is not root).
This version of
.B runuser
uses PAM for session management.
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index ea6864e..4e1f6b2 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -439,7 +439,8 @@ modify_environment (const struct passwd *pw, const char *shell)
if (term)
xsetenv ("TERM", term, 1);
xsetenv ("HOME", pw->pw_dir, 1);
- xsetenv ("SHELL", shell, 1);
+ if (shell)
+ xsetenv ("SHELL", shell, 1);
xsetenv ("USER", pw->pw_name, 1);
xsetenv ("LOGNAME", pw->pw_name, 1);
set_path(pw);
@@ -451,7 +452,8 @@ modify_environment (const struct passwd *pw, const char *shell)
if (change_environment)
{
xsetenv ("HOME", pw->pw_dir, 1);
- xsetenv ("SHELL", shell, 1);
+ if (shell)
+ xsetenv ("SHELL", shell, 1);
if (getlogindefs_bool ("ALWAYS_SET_PATH", 0))
set_path(pw);
@@ -571,35 +573,47 @@ restricted_shell (const char *shell)
static void __attribute__((__noreturn__))
usage (int status)
{
- if (status != EXIT_SUCCESS)
- fprintf (stderr, _("Try `%s --help' for more information.\n"),
- program_invocation_short_name);
- else
- {
- fputs(USAGE_HEADER, stdout);
- printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name);
- fputs (_("\n\
- Change the effective user id and group id to that of USER.\n\
- A mere - implies -l. If USER not given, assume root.\n"), stdout);
- fputs(USAGE_OPTIONS, stdout);
- fputs (_("\
- -, -l, --login make the shell a login shell\n\
- -c, --command <command> pass a single command to the shell with -c\n\
- --session-command <command> pass a single command to the shell with -c\n\
- and do not create a new session\n\
- -g --group=group specify the primary group\n\
- -G --supp-group=group specify a supplemental group\n\
- -f, --fast pass -f to the shell (for csh or tcsh)\n\
- -m, --preserve-environment do not reset environment variables\n\
- -p same as -m\n\
- -s, --shell <shell> run shell if /etc/shells allows it\n\
-"), stdout);
-
- fputs(USAGE_SEPARATOR, stdout);
- fputs(USAGE_HELP, stdout);
- fputs(USAGE_VERSION, stdout);
- printf(USAGE_MAN_TAIL("su(1)"));
- }
+ if (su_mode == RUNUSER_MODE) {
+ fputs(USAGE_HEADER, stdout);
+ printf (_(" %s [options] -u <USER> COMMAND\n"), program_invocation_short_name);
+ printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name);
+ fputs (_("\n"
+ "Run COMMAND with the effective <user> id and group id. If -u not\n"
+ "given, fallback to su(1) compatible semantic and shell is executed.\n"
+ "The options -l, -c, -f, -s are mutually exclusive to -u.\n"), stdout);
+
+ fputs(USAGE_OPTIONS, stdout);
+
+ fputs (_(
+ " -u, --user <user> username\n"), stdout);
+
+ } else {
+ fputs(USAGE_HEADER, stdout);
+ printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name);
+ fputs (_("\n"
+ "Change the effective user id and group id to that of USER.\n"
+ "A mere - implies -l. If USER not given, assume root.\n"), stdout);
+
+ fputs(USAGE_OPTIONS, stdout);
+ }
+
+ fputs (_(
+ " -m, -p, --preserve-environment do not reset environment variables\n"
+ " -g, --group <group> specify the primary group\n"
+ " -G, --supp-group <group> specify a supplemental group\n\n"), stdout);
+
+ fputs (_(
+ " -, -l, --login make the shell a login shell\n"
+ " -c, --command <command> pass a single command to the shell with -c\n"
+ " --session-command <command> pass a single command to the shell with -c\n"
+ " and do not create a new session\n"
+ " -f, --fast pass -f to the shell (for csh or tcsh)\n"
+ " -s, --shell <shell> run shell if /etc/shells allows it\n"), stdout);
+
+ fputs(USAGE_SEPARATOR, stdout);
+ fputs(USAGE_HELP, stdout);
+ fputs(USAGE_VERSION, stdout);
+ printf(USAGE_MAN_TAIL(su_mode == SU_MODE ? "su(1)" : "runuser(1)"));
exit (status);
}
@@ -635,7 +649,7 @@ int
su_main (int argc, char **argv, int mode)
{
int optc;
- const char *new_user = DEFAULT_USER;
+ const char *new_user = DEFAULT_USER, *runuser_user = NULL;
char *command = NULL;
int request_same_session = 0;
char *shell = NULL;
@@ -655,6 +669,7 @@ su_main (int argc, char **argv, int mode)
{"shell", required_argument, NULL, 's'},
{"group", required_argument, NULL, 'g'},
{"supp-group", required_argument, NULL, 'G'},
+ {"user", required_argument, NULL, 'u'}, /* runuser only */
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'V'},
{NULL, 0, NULL, 0}
@@ -670,7 +685,7 @@ su_main (int argc, char **argv, int mode)
simulate_login = false;
change_environment = true;
- while ((optc = getopt_long (argc, argv, "c:fg:G:lmps:hV", longopts, NULL)) != -1)
+ while ((optc = getopt_long (argc, argv, "+c:fg:G:lmps:u:hV", longopts, NULL)) != -1)
{
switch (optc)
{
@@ -720,6 +735,12 @@ su_main (int argc, char **argv, int mode)
shell = optarg;
break;
+ case 'u':
+ if (su_mode != RUNUSER_MODE)
+ usage (EXIT_FAILURE);
+ runuser_user = optarg;
+ break;
+
case 'h':
usage(0);
@@ -739,8 +760,21 @@ su_main (int argc, char **argv, int mode)
simulate_login = true;
++optind;
}
- if (optind < argc)
+
+ /* if not "-u <user>" specified then fallback to classic su(1) */
+ if (!runuser_user && optind < argc)
new_user = argv[optind++];
+ else {
+ /* runuser -u <command> */
+ new_user = runuser_user;
+ if (shell || fast_startup || command || simulate_login) {
+ errx(EXIT_FAILURE,
+ _("options --{shell,fast,command,session-command,login} and "
+ "--user are mutually exclusive."));
+ }
+ if (optind == argc)
+ errx(EXIT_FAILURE, _("COMMAND not specified."));
+ }
if ((num_supp_groups || use_gid) && restricted)
errx(EXIT_FAILURE, _("only root can specify alternative groups"));
@@ -784,18 +818,23 @@ su_main (int argc, char **argv, int mode)
if (request_same_session || !command || !pw->pw_uid)
same_session = 1;
- if (!shell && !change_environment)
- shell = getenv ("SHELL");
- if (shell && getuid () != 0 && restricted_shell (pw->pw_shell))
- {
- /* The user being su'd to has a nonstandard shell, and so is
- probably a uucp account or has restricted access. Don't
- compromise the account by allowing access with a standard
- shell. */
- warnx (_("using restricted shell %s"), pw->pw_shell);
- shell = NULL;
- }
- shell = xstrdup (shell ? shell : pw->pw_shell);
+ /* initialize shell variable only if "-u <user>" not specified */
+ if (runuser_user) {
+ shell = NULL;
+ } else {
+ if (!shell && !change_environment)
+ shell = getenv ("SHELL");
+ if (shell && getuid () != 0 && restricted_shell (pw->pw_shell))
+ {
+ /* The user being su'd to has a nonstandard shell, and so is
+ probably a uucp account or has restricted access. Don't
+ compromise the account by allowing access with a standard
+ shell. */
+ warnx (_("using restricted shell %s"), pw->pw_shell);
+ shell = NULL;
+ }
+ shell = xstrdup (shell ? shell : pw->pw_shell);
+ }
init_groups (pw, groups, num_supp_groups);
@@ -814,7 +853,12 @@ su_main (int argc, char **argv, int mode)
if (simulate_login && chdir (pw->pw_dir) != 0)
warn (_("warning: cannot change directory to %s"), pw->pw_dir);
- run_shell (shell, command, argv + optind, max (0, argc - optind));
+ if (shell)
+ run_shell (shell, command, argv + optind, max (0, argc - optind));
+ else {
+ execvp(argv[optind], &argv[optind]);
+ err(EXIT_FAILURE, _("executing %s failed"), argv[optind]);
+ }
}
// vim: sw=2 cinoptions=>4,n-2,{2,^-2,\:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1
diff --git a/login-utils/su.1 b/login-utils/su.1
index 59e1731..c82b941 100644
--- a/login-utils/su.1
+++ b/login-utils/su.1
@@ -216,6 +216,7 @@ command specific logindef config file
global logindef config file
.PD 1
.SH "SEE ALSO"
+.BR runuser (8),
.BR pam (8),
.BR shells (5),
.BR login.defs (5)
--
1.7.11.7

26
0209-build-sys-move-runuser-to-sbin-dir.patch
View File

@ -1,26 +0,0 @@
From 69658513d00635048f5de76ed73f4a43a61d374d Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 1 Nov 2012 13:12:02 +0100
Subject: [PATCH] build-sys: move runuser to sbin dir
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/Makemodule.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index e26d9a7..0d8e8b1 100644
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -94,7 +94,7 @@ endif
if BUILD_RUNUSER
-bin_PROGRAMS += runuser
+sbin_PROGRAMS += runuser
dist_man_MANS += login-utils/runuser.1
runuser_SOURCES = \
login-utils/runuser.c \
--
1.7.11.7

62
0210-su-fix-COMMAND-not-specified-error.patch
View File

@ -1,62 +0,0 @@
From 360e088738aa792bf6c52e777d64b5163b45362a Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 7 Nov 2012 15:20:39 +0100
Subject: [PATCH] su: fix "COMMAND not specified" error
# su
su: COMMAND not specified
This error message make sense for "runuser -u <user> <command>" only.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=872787
Signed-off-by: Karel Zak <kzak@redhat.com>
---
login-utils/su-common.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 1fa76c8..5abdc84 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -761,19 +761,28 @@ su_main (int argc, char **argv, int mode)
++optind;
}
- /* if not "-u <user>" specified then fallback to classic su(1) */
- if (!runuser_user && optind < argc)
- new_user = argv[optind++];
- else {
- /* runuser -u <command> */
- new_user = runuser_user;
- if (shell || fast_startup || command || simulate_login) {
- errx(EXIT_FAILURE,
+ switch (su_mode) {
+ case RUNUSER_MODE:
+ if (runuser_user) {
+ /* runuser -u <user> <command> */
+ new_user = runuser_user;
+ if (shell || fast_startup || command || simulate_login) {
+ errx(EXIT_FAILURE,
_("options --{shell,fast,command,session-command,login} and "
"--user are mutually exclusive."));
+ }
+ if (optind == argc)
+ errx(EXIT_FAILURE, _("COMMAND not specified."));
+
+ break;
}
- if (optind == argc)
- errx(EXIT_FAILURE, _("COMMAND not specified."));
+ /* fallthrough if -u <user> is not specified, then follow
+ * traditional su(1) behavior
+ */
+ case SU_MODE:
+ if (optind < argc)
+ new_user = argv[optind++];
+ break;
}
if ((num_supp_groups || use_gid) && restricted)
--
1.7.11.7

2
sources
View File

@ -1,2 +1,2 @@
eeacbfdd2556acd899a2d0ffdb446185 util-linux-2.22.2.tar.xz
a02aac97c74259ca1b24972c89147ca4 floppy-0.18.tar.bz2
62a5e17c2710da8974e55c6fa5711122 util-linux-2.23-rc1.tar.xz

49
util-linux-2.22-ipcs-32bit.patch
View File

@ -1,49 +0,0 @@
diff -up util-linux-2.22.2/sys-utils/ipcs.c.kzak util-linux-2.22.2/sys-utils/ipcs.c
--- util-linux-2.22.2/sys-utils/ipcs.c.kzak 2012-12-12 21:04:47.976355744 +0100
+++ util-linux-2.22.2/sys-utils/ipcs.c 2013-02-19 16:12:54.712551108 +0100
@@ -264,6 +264,27 @@ static void print_perms (int id, struct
printf(" %-10u\n", ipcp->gid);
}
+static unsigned long long
+shminfo_from_proc(const char *name, unsigned long def)
+{
+ char path[256];
+ char buf[64];
+ FILE *f;
+ unsigned long long res = def;
+
+ if (!name)
+ return res;
+
+ snprintf(path, sizeof(path), "/proc/sys/kernel/%s", name);
+
+ if (!(f = fopen(path, "r")))
+ return res;
+ if (fgets(buf, sizeof(buf), f))
+ res = atoll(buf);
+ fclose(f);
+ return res;
+}
+
void do_shm (char format)
{
int maxid, shmid, id;
@@ -288,12 +309,12 @@ void do_shm (char format)
* glibc 2.1.3 and all earlier libc's have ints as fields of
* struct shminfo; glibc 2.1.91 has unsigned long; ach
*/
- printf (_("max number of segments = %lu\n"),
- (unsigned long) shminfo.shmmni);
- printf (_("max seg size (kbytes) = %lu\n"),
- (unsigned long) (shminfo.shmmax >> 10));
+ printf (_("max number of segments = %llu\n"),
+ shminfo_from_proc("shmmni", shminfo.shmmni));
+ printf (_("max seg size (kbytes) = %llu\n"),
+ (shminfo_from_proc("shmmax", shminfo.shmmax) >> 10));
printf (_("max total shared memory (kbytes) = %llu\n"),
- getpagesize() / 1024 * (unsigned long long) shminfo.shmall);
+ getpagesize() / 1024 * shminfo_from_proc("shmall", shminfo.shmall));
printf (_("min seg size (bytes) = %lu\n"),
(unsigned long) shminfo.shmmin);
return;

69
util-linux.spec
View File

@ -1,13 +1,13 @@
### Header
Summary: A collection of basic system utilities
Name: util-linux
Version: 2.22.2
Release: 6%{?dist}
License: GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ and BSD with advertising and Public Domain
Version: 2.23
Release: 0.1%{?dist}
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
Group: System Environment/Base
URL: http://en.wikipedia.org/wiki/Util-linux
%define upstream_version %{version}
%define upstream_version %{version}-rc1
### Macros
%define floppyver 0.18
@ -23,11 +23,8 @@ BuildRequires: zlib-devel
BuildRequires: popt-devel
BuildRequires: libutempter-devel
Buildrequires: systemd-devel
# because backported su(1) and runuser(1) patches
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
Buildrequires: libuser-devel
BuildRequires: libcap-ng-devel
### Sources
Source0: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.22/util-linux-%{upstream_version}.tar.xz
@ -88,40 +85,6 @@ Patch2: util-linux-2.19-floppy-generic.patch
###
# 151635 - makeing /var/log/lastlog
Patch3: util-linux-ng-2.22-login-lastlog.patch
# 231192 - ipcs is not printing correct values on pLinux
Patch4: util-linux-2.22-ipcs-32bit.patch
###
### Upstream patches (2.23 or 2.22.x)
# 889888 - wipefs does not completely wipe btrfs volume
Patch100: libblkid-add-support-for-btrfs-backup-superblock.patch
# 882305 - agetty: unstable /dev/tty* permissions
Patch101: agetty-replace-perms-660-to-620.patch
# 885314 - hexdump segfault
Patch102: hexdump-do-not-segfault-when-iterating-over-an-empty.patch
# 896447 - No newlines in piped "cal" command
Patch103: cal-don-t-mix-ncurses-output-functions-and-printf.patch
# upstream patch
Patch104: libblkid-remove-optimization-from-verify-function.patch
# 902512 - No boot : Dependency failed for /home (and blkid fails to tell UUID)
Patch105: libblkid-make-backup-superblock-visible-for-wipefs-8.patch
### Upstream patches from master branch (will be v2.23) for su(1) and new
### runuser(1) implementation. This is required for the recent coreutils where
### is no more su(1).
###
Patch200: 0200-su-add-group-and-supp-group-options.patch
Patch201: 0201-su-move-generic-su-code-to-su-common.c.patch
Patch202: 0202-runuser-new-command-derived-from-su-1.patch
Patch203: 0203-su-more-robust-getpwuid-for-GNU-Hurt-coreutils-71b7d.patch
Patch204: 0204-su-verify-writing-to-streams-was-successful.patch
Patch205: 0205-su-move-long-options-to-main.patch
Patch206: 0206-su-add-segmentation-fault-reporting-of-the-child-pro.patch
Patch207: 0207-su-fixed-a-typo-in-pam-error-message.patch
Patch208: 0208-runuser-add-u-to-not-execute-shell.patch
Patch209: 0209-build-sys-move-runuser-to-sbin-dir.patch
Patch210: 0210-su-fix-COMMAND-not-specified-error.patch
%description
The util-linux package contains a large variety of low-level system
@ -244,8 +207,6 @@ done
%build
unset LINGUAS || :
./autogen.sh
export CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $RPM_OPT_FLAGS"
export SUID_CFLAGS="-fpie"
export SUID_LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
@ -358,8 +319,8 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/cytune $RPM_BUILD_ROOT%{_mandir}/man8/cytune.8*
# unsupported on s390
%ifarch s390 s390x
for I in /usr/{bin,sbin}/{fdformat,tunelp,floppy} \
%{_mandir}/man8/{fdformat,tunelp,floppy}.8* \
for I in /usr/{bin,sbin}/{fdformat,floppy} \
%{_mandir}/man8/{fdformat,floppy}.8* \
/usr/sbin/{hwclock,clock} \
%{_mandir}/man8/{hwclock,clock}.8*; do
@ -549,6 +510,7 @@ fi
%{_bindir}/more
%{_bindir}/mountpoint
%{_bindir}/namei
%{_bindir}/nsenter
%{_bindir}/prlimit
%{_bindir}/raw
%{_bindir}/rename
@ -557,6 +519,7 @@ fi
%{_bindir}/script
%{_bindir}/scriptreplay
%{_bindir}/setarch
%{_bindir}/setpriv
%{_bindir}/setsid
%{_bindir}/setterm
%{_bindir}/tailf
@ -594,6 +557,7 @@ fi
%{_mandir}/man1/more.1*
%{_mandir}/man1/mountpoint.1*
%{_mandir}/man1/namei.1*
%{_mandir}/man1/nsenter.1*
%{_mandir}/man1/prlimit.1*
%{_mandir}/man1/rename.1*
%{_mandir}/man1/renice.1*
@ -601,6 +565,7 @@ fi
%{_mandir}/man1/runuser.1*
%{_mandir}/man1/script.1*
%{_mandir}/man1/scriptreplay.1*
%{_mandir}/man1/setpriv.1*
%{_mandir}/man1/setsid.1*
%{_mandir}/man1/setterm.1*
%{_mandir}/man1/su.1*
@ -615,6 +580,7 @@ fi
%{_mandir}/man5/fstab.5*
%{_mandir}/man8/addpart.8*
%{_mandir}/man8/agetty.8*
%{_mandir}/man8/blkdiscard.8*
%{_mandir}/man8/blkid.8*
%{_mandir}/man8/blockdev.8*
%{_mandir}/man8/chcpu.8*
@ -655,6 +621,7 @@ fi
%{_mandir}/man8/wipefs.8*
%{_sbindir}/addpart
%{_sbindir}/agetty
%{_sbindir}/blkdiscard
%{_sbindir}/blkid
%{_sbindir}/blockdev
%{_sbindir}/chcpu
@ -692,12 +659,10 @@ fi
%{_bindir}/floppy
%{_sbindir}/fdformat
%{_sbindir}/hwclock
%{_sbindir}/tunelp
%{_mandir}/man8/fdformat.8*
%{_mandir}/man8/floppy.8*
%{_mandir}/man8/hwclock.8*
%{_mandir}/man8/clock.8*
%{_mandir}/man8/tunelp.8*
%endif
%ifnarch %{sparc}
@ -780,6 +745,12 @@ fi
%{_libdir}/pkgconfig/uuid.pc
%changelog
* Fri Mar 22 2013 Karel Zak <kzak@redhat.com> 2.23-0.1
- upgrade to the release 2.22-rc1
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.23/v2.23-ReleaseNotes
- add nsenter and blkdiscard
- remove tunelp
* Wed Feb 20 2013 Karel Zak <kzak@redhat.com> 2.22.2-6
- fix #912778 - "runuser -l" doesn't register session to systemd