void * subprocess_quit_cb_data;
guestfs_launch_done_cb launch_done_cb;
void * launch_done_cb_data;
+ guestfs_close_cb close_cb;
+ void * close_cb_data;
int msg_next_serial;
};
if (g->verbose)
fprintf (stderr, "closing guestfs handle %p (state %d)\n", g, g->state);
+ /* Run user close callback before anything else. */
+ if (g->close_cb)
+ g->close_cb (g, g->close_cb_data);
+
/* Try to sync if autosync flag is set. */
if (g->autosync && g->state == READY) {
guestfs_umount_all (g);
static const char *kernel_name = "vmlinuz." REPO "." host_cpu;
static const char *initrd_name = "initramfs." REPO "." host_cpu ".img";
-static const char *supermin_name =
- "initramfs." REPO "." host_cpu ".supermin.img";
-static const char *supermin_hostfiles_name =
- "initramfs." REPO "." host_cpu ".supermin.hostfiles";
int
guestfs__launch (guestfs_h *g)
}
}
+ /* Allow anyone to read the temporary directory. There are no
+ * secrets in the kernel or initrd files. The socket in this
+ * directory won't be readable but anyone can see it exists if they
+ * want. (RHBZ#610880).
+ */
+ if (chmod (g->tmpdir, 0755) == -1)
+ fprintf (stderr, "chmod: %s: %m (ignored)\n", g->tmpdir);
+
/* First search g->path for the supermin appliance, and try to
* synthesize a kernel and initrd from that. If it fails, we
* try the path search again looking for a backup ordinary
fprintf (stderr,
"looking for supermin appliance in current directory\n");
if (dir_contains_files (".",
- supermin_name, supermin_hostfiles_name,
- "kmod.whitelist", NULL)) {
+ "supermin.d", "kmod.whitelist", NULL)) {
if (build_supermin_appliance (g, ".", &kernel, &initrd) == -1)
return -1;
break;
fprintf (stderr, "looking for supermin appliance in %s\n", pelem);
if (dir_contains_files (pelem,
- supermin_name, supermin_hostfiles_name,
- "kmod.whitelist", NULL)) {
+ "supermin.d", "kmod.whitelist", NULL)) {
if (build_supermin_appliance (g, pelem, &kernel, &initrd) == -1)
return -1;
break;
*initrd = safe_malloc (g, len + 8);
snprintf (*initrd, len+8, "%s/initrd", g->tmpdir);
+ /* Set a sensible umask in the subprocess, so kernel and initrd
+ * output files are world-readable (RHBZ#610880).
+ */
snprintf (cmd, sizeof cmd,
- "PATH='%s':$PATH "
- "libguestfs-supermin-helper%s '%s' " host_cpu " " REPO " %s %s",
- path,
+ "umask 0002; "
+ "febootstrap-supermin-helper%s "
+ "-k '%s/kmod.whitelist' "
+ "'%s/supermin.d' "
+ host_cpu " "
+ "%s %s",
g->verbose ? " --verbose" : "",
- path, *kernel, *initrd);
+ path,
+ path,
+ *kernel, *initrd);
if (g->verbose)
print_timestamped_message (g, "%s", cmd);
g->launch_done_cb_data = opaque;
}
+void
+guestfs_set_close_callback (guestfs_h *g,
+ guestfs_close_cb cb, void *opaque)
+{
+ g->close_cb = cb;
+ g->close_cb_data = opaque;
+}
+
/*----------------------------------------------------------------------*/
/* This is the code used to send and receive RPC messages and (for
git.annexia.org / libguestfs.git / blobdiff