POSIX requires that a read(2) which can be proved to occur after a
write() has returned returns the new data.
We want here only that other processes in the same VM will see the
file either fully written, or not see it at all. So ensuring that
linkat(2) is called after write is completed should be enough.
FixesQubesOS/qubes-issues#1257
(cherry picked from commit c1d42f1602)
* origin/pr/1:
archlinux: ensure /usr/sbin is not use to follow archlinux packaging guidelines
archlinux: update to match new dependancies and archlinux /usr/lib guidelines
Since migration to QubesDB, it isn't needed anymore (QubesDB have no
problem with concurrent writes, as transactions are not supported).
This should speedup system startup.
This is preparation for pvgrub support, where all VM kernel files will
be installed inside of VM instead of dom0.
But also the same could be used to prepare VM kernel image from any dom0
kernel.
Recently we've switched all xenstore access to the new interface
(instead of deprecated /proc/xen/xenbus). Mostly because of deadlock in
/proc/xen/xenbus implementation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJU3OKsAAoJEBu5sftaTG2teD4P/2AgLmFI2x8RHqHz17T+lDZW
gD4QoQlTFm1jysvexwLSCKYh4yYOKmMOaCs8UVc44k1KTxr1l/XYPhTFpzDg1gmb
6zAKV36yxRZuB/3oRQ1tpUFN8obgV3GQh9Uz7zyOV8a34xSLkulUqp86ceW8gEyR
XHlUF2XSNpOLca56IOTHzSlvje+kTxTON9OAfNv18cPv+Um27xt+IAz2nl7jytlc
2SgZnJgcdf+blFvdxoEJQ9Dky3jLxcE/W4HMNmMPBEknSJYhoVNaSWtfgvJO66E9
M0CIUk2v068vDSdmC7OUIDgQ/URE6SW85OyTvQlKOft3k33mZkSWog6y7FEbuXAS
lWpXMR4xwnOqJtFTpKsGNyylqhNZhS1UQ4TpMgQijjxqs6oCWH42KwzSpPjd+zyq
Vn151qsBg2UGMT5OqePDBq0fLFbN1Jfk1Oja78XFZ4PAKsvTmKdMd2oEaU10Wzkr
jOpiEXtOK6QBWQYRySJH5GdFqEc2K4HFtHJPZPg6oIX7nMq9p8k3khfRDTgQ94nW
qMwOoGa/rfuh/8PmSoMsvsceGHDzVV1zZtIVPHnzoQcDjp4wkKodD0dSRV/FC/4B
lFsBS+UJMgOIvywzoRaU4lJowY0TPokg/MYPPYou3efWzDZCvB555n75gtRxYdg1
TQz5tLSVBp9E2JNqt7is
=ZgPE
-----END PGP SIGNATURE-----
Merge tag 'jm_96301f3c'
Tag for commit 96301f3cc1
# gpg: Signature made Thu Feb 12 18:28:12 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
Instead of pipes, stdin/out/err are created as sockets. This allows
qrexec-agent/daemon to decide to use some of them bidirectional. This is
up to qrexec-agent/daemon, such socket can still be used as
unidirectional channel.
The main reason for this feature is to use USBIP over qrexec, which
require single socket.
linux-utils/qrexec-lib/unpack.c:
Different compile errors will abort. Both different for fc20/21 but
based on same error below:
*
* FC21 ERROR: (but FC20 needs the code)
* unpack.c:31:0: error: "O_TMPFILE" redefined [-Werror]
* #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
* ^
* In file included from /usr/include/bits/fcntl.h:61:0,
* from /usr/include/fcntl.h:35,
* from unpack.c:4:
* /usr/include/bits/fcntl-linux.h:151:0: note: this is the location of the previous definition
* # define O_TMPFILE __O_TMPFILE / * Atomically create nameless file. * /
* ^
* cc1: all warnings being treated as errors
* <builtin>: recipe for target 'unpack.o' failed
*/
/* #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) */
When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
Otherwise source domain can modify (append) the file while the user
already is accessing it. While incoming files should be treated as
untrusted, this problem could allow file modification after the user
makes some sanity checks.