While the current fallback method might obtain the correct AppArmor
context by checking /proc/self/attr/current, it is not guaranteed that
this value will be the context attributed by AppArmor. The current
interface being used upstream is /proc/self/attr/apparmor/current, and
that can be obtained by using the AppArmor library functions.
In order to avoid link time dependencies, we are loading the apparmor
library dynamically, just like is currently done by SELinux.
The security context code was intermingled with SELinux specific code.
This change refactors it out into its specific function.
There was also some whitespace fixes.
Craig Small [Mon, 21 Jun 2021 12:19:44 +0000 (22:19 +1000)]
pstree: Don't stop compact with pgids
Showing pgids used to disable compaction. But, despite the vague
NPTL documentation, its not possible to have different PGID in the
same thread group, so lack of compaction is not required.
With setpgid(), the last thread in the process that calls it
wins. There might be a debate about should this be the right way
but that's a kernel thing.
References:
#34
Test program https://gitlab.com/-/snippets/2094161
https://man7.org/linux/man-pages/man7/nptl.7.html
Craig Small [Mon, 21 Jun 2021 12:11:36 +0000 (22:11 +1000)]
pstree: check pid with show parents
If the -s option was used then we didn't check the return of
find_proc(). This meant if you used a pid that was for no process
it returned NULL and the whole tree was shown.
pstree checks for find_proc() returning NULL and errors out.
Craig Small [Fri, 5 Feb 2021 23:58:54 +0000 (10:58 +1100)]
build-sys: Don't require po4a for installation
The build system tested for the presence of po4a binary at the
install step. psmisc ships with translated man pages so doesn't
need po4a for install/uninstallation.
Craig Small [Thu, 28 Jan 2021 11:32:41 +0000 (22:32 +1100)]
build-sys: Ignore c files in temp directory
If the build system had a temporary psmisc-* directory
and update-potfiles was run, then the temporary files were included
in the list, causing a lot of problems later.
Craig Small [Tue, 5 Jan 2021 00:40:36 +0000 (11:40 +1100)]
pstree: Dynamically link to SELinux and expand -Z
pstree will dynamically link to libselinux if available.
The -Z flag now looks the same as ps -Z and uses SELinux contexts
if available or whatever is in /proc/PID/attr/current otherwise.
This brings the pstree output the same as ps, in fact I lifted
the code from ps/output.c
Craig Small [Tue, 27 Oct 2020 10:59:25 +0000 (21:59 +1100)]
fuser: Check pathname only on non-block devices
The referenced commit we would check the pathname to
ensure it matched our target. This worked fine for
real files. However for block devices it would fail
because "/dev/sda1" doesn't match "/mnt/myfile".
We only check the pathname if the thing we are matching
against is not a block file.
Thanks to @MarsChan for the report and also the suggested
fix!
Craig Small [Fri, 22 May 2020 06:21:10 +0000 (16:21 +1000)]
fuser: Less confused about duplicate dev_id
NFS mounts from the same server have the same device ID. This means
using the -m option a process using one of those mounts will be
"found" in all of the others too.
lsof doesn't have this confusion as it checks the real path against
the mount point and only matches if they start the same.
I think it would be confused with double stacked NFS shares such
as /nfs/SHARE1/blah/SHARE2 with the open file in SHARE2 but
there are limits.
Craig Small [Mon, 2 Mar 2020 11:00:25 +0000 (22:00 +1100)]
pstree: minor snprintf fix
The referenced commit used size_t as a return value for
snprintf.
Coverity found the negative check against size_t but the real
problem was using size_t in the first place as an error
returned by snprintf would never be detected.
Craig Small [Mon, 2 Mar 2020 10:56:02 +0000 (21:56 +1100)]
killall: minor str length changes
reworked some of the string handling to check for strchr and
strrchr return values. Removed check for unsigned to be negative,
that's not going to happen!
Craig Small [Wed, 23 Oct 2019 10:34:51 +0000 (21:34 +1100)]
pstree: Add color by age
New -C and --color option sets the process color depending on its age.
Possibly one day a user could set the colors and ages but for now its
hard-coded.
pstree: make the long version of option -c describe what it does
Having a long option that says the opposite of what it actually does
is awkward. Choose to just extend its name to --compact-not, so that
scripts that use --compact will continue to work.
pstree: alphabetize the -g and -G options correctly in the usage message
And, as we're changing the usage string anyway, also slice it up into
overseeable chunks (for the translators), and always put the short and
the long option on the same line (as is done for -Z), so it is clearer
that they are the same option.
ARM64 copy user_pt_regs to user space instead of pt_regs.
So in this patch, mapping the require user_pt_regs except orig_x0,
as orig_x0 not available in user_pt_regs for SYSCALL exit.
For each SYSCALL, peekfd catches user_pt_regs for SYSCALL entry/exit.
Value of orig_x0 is available in user_pt_regs->x0 of SYSCALL entry.
So to get orig_x0, stores user_pt_regs of SYSCALL entry,
and then compare 'fd and addr of buffer' of SYSCALL exit
with SYSCALL entry to retrive orig_x0 at the time of SYSCALL exit.
This fixes out-of-tree builds which use
--disable-dependency-tracking. With dependency tracking enabled,
src/.deps is created as a side-effect of how dependency tracking
works, which is why this issue was never noticed before.
Craig Small [Wed, 7 Nov 2018 09:13:09 +0000 (20:13 +1100)]
killall: match on 16 character commlen too
The comm length increase meant killall could accomodate the
larger comm name given out by newer kernels but it meant that
if a user relied on the previous 16 character truncation then
processes that used to match would fail.
killall now checks to see if the the comm is the old COMM_LEN
length and the given name is longer than old COMM_LEN and does
a truncated match as well.
By explicitly specifying the dependency between signals.c and
signames.h.
BUILT_SOURCES only works with the standard targets, so if somebody tries
to build fuser directly he may end up with a build failure. What's
worse, he could do "make -j2 src/signames.h src/fuser" and he could end
up with a broken build using a only partially generated signames.h.
And that "somebody" was me when packaging killall in psmisc 22.21...
so it actually happens.
Craig Small [Sun, 20 May 2018 10:46:55 +0000 (20:46 +1000)]
killall: change to getopt_long
with getopt_long_only -ve fails because its not sure what the -v
is for --version or --verbose. Changing to the non-_only version means
it doesn't try to expand the options to long options.
Curently pstree does built, at least on ppc64le, because it does
not have a explicit link against gettext, causing the following error:
peekfd.o: In function `print_version':
peekfd.c:(.text+0x160): undefined reference to `libintl_gettext'
peekfd.c:(.text+0x18c): undefined reference to `libintl_gettext'
peekfd.c:(.text+0x1ac): undefined reference to `libintl_gettext'
peekfd depends on libint because of the following macro:
Craig Small [Sat, 5 May 2018 22:02:35 +0000 (08:02 +1000)]
killall: use all namespaces by default
This is similar to the revert in procps where namespace filtering
is added but by default it uses all of them. The issue is most people
expect to see/kill all processes and the namespace filtering causes
confusion, especially around ssh related processes.