+ meson -Dwerror=true build

+#elif __alpha__

+# define SECCOMP_ARCH_NATIVE AUDIT_ARCH_ALPHA

+blkid_wipe_all

+extern int blkid_wipe_all(blkid_probe pr)

+ __ul_attribute__((nonnull));

+

+BLKID_2_40 {

+ blkid_wipe_all;

+} BLKID_2_39;

+ * See also blkid_wipe_all() which works the same as the example above.

+ *

+ * blkid_wipe_all:

+ * @pr: prober

+ *

+ * This function erases all detectable signatures from &pr.

+ * The @pr has to be open in O_RDWR mode. All other necessary configurations

+ * will be enabled automatically.

+ *

+ * <example>

+ * <title>wipe all filesystems or raids from the device</title>

+ * <programlisting>

+ * fd = open(devname, O_RDWR|O_CLOEXEC);

+ * blkid_probe_set_device(pr, fd, 0, 0);

+ *

+ * blkid_wipe_all(pr);

+ * </programlisting>

+ * </example>

+ *

+ * Returns: 0 on success, and -1 in case of error.

+ */

+int blkid_wipe_all(blkid_probe pr)

+{

+ DBG(LOWPROBE, ul_debug("wiping all signatures"));

+

+ blkid_probe_enable_superblocks(pr, 1);

+ blkid_probe_set_superblocks_flags(pr, BLKID_SUBLKS_MAGIC |

+ BLKID_SUBLKS_BADCSUM);

+

+ blkid_probe_enable_partitions(pr, 1);

+ blkid_probe_set_partitions_flags(pr, BLKID_PARTS_MAGIC |

+ BLKID_PARTS_FORCE_GPT);

+

+ while (blkid_do_probe(pr) == 0) {

+ DBG(LOWPROBE, ul_debug("wiping one signature"));

+ blkid_do_wipe(pr, 0);

+ }

+

+ return BLKID_PROBE_OK;

+}

+

+/**

+ DBG(WIPE, ul_debugobj(wp, " wiping..."));

+ blkid_wipe_all(pr);

+ char *s = NULL;

+ /* "\," is a way to use comma in values, let's remove \ escape */

+ char *x, *p;

+ s = strdup(value);

+ if (!s)

+ return -EINVAL;

+ for (x = p = s; *x; p++, x++) {

+ if (*x == '\\' && *(x + 1) == ',')

+ x++;

+ *p = *x;

+ }

+ *p = '\0';

+ value = s;

+ free(s);

+#include <libgen.h>

+ char* tmp = xstrdup(shell);

+ shell_basename = basename(tmp);

+ } else {

+ args[0] = basename(tmp);

+ }

+ free(tmp);

+**--map-users=**__inneruid:outeruid:count__|**auto**|**all**::

+Run the program only after the block of user IDs of size _count_ beginning at _outeruid_ has been mapped to the block of user IDs beginning at _inneruid_. This mapping is created with **newuidmap**(1) if *unshare* was run unprivileged. If the range of user IDs overlaps with the mapping specified by *--map-user*, then a "hole" will be removed from the mapping. This may result in the highest user ID of the mapping not being mapped. Use *--map-users* multiple times to map more than one block of user IDs. The special value *auto* will map the first block of user IDs owned by the effective user from _/etc/subuid_ to a block starting at user ID 0. The special value *all* will create a pass-through map for every user ID available in the parent namespace. This option implies *--user*.

+**--map-groups=**__innergid:outergid:count__|**auto**|**all**::

+Run the program only after the block of group IDs of size _count_ beginning at _outergid_ has been mapped to the block of group IDs beginning at _innergid_. This mapping is created with **newgidmap**(1) if *unshare* was run unprivileged. If the range of group IDs overlaps with the mapping specified by *--map-group*, then a "hole" will be removed from the mapping. This may result in the highest group ID of the mapping not being mapped. Use *--map-groups* multiple times to map more than one block of group IDs. The special value *auto* will map the first block of user IDs owned by the effective user from _/etc/subgid_ to a block starting at group ID 0. The special value *all* will create a pass-through map for every group ID available in the parent namespace. This option implies *--user*.

+ * @next: Next range of IDs in the chain

+ struct map_range *next;

+static void insert_map_range(struct map_range **chain, struct map_range map)

+{

+ struct map_range *tail = *chain;

+ *chain = xmalloc(sizeof(**chain));

+ memcpy(*chain, &map, sizeof(**chain));

+ (*chain)->next = tail;

+}

+ * Return: A struct map_range

+static struct map_range get_map_range(const char *s)

+ struct map_range ret;

+ ret.next = NULL;

+ if (sscanf(s, "%u:%u:%u%n", &ret.inner, &ret.outer, &ret.count,

+ if (sscanf(s, "%u,%u,%u%n", &ret.outer, &ret.inner, &ret.count,

+static struct map_range read_subid_range(char *filename, uid_t uid)

+ struct map_range map;

+ map.inner = -1;

+ map.next = NULL;

+ map.outer = strtoul_or_err(s, _("failed to parse subid map"));

+ map.count = strtoul_or_err(s, _("failed to parse subid map"));

+ * read_kernel_map() - Read all available IDs from the kernel

+ * @chain: destination list to receive pass-through ID mappings

+ * @filename: either /proc/self/uid_map or /proc/self/gid_map

+ * This is used by --map-users=all and --map-groups=all to construct

+ * pass-through mappings for all IDs available in the parent namespace.

+ */

+static void read_kernel_map(struct map_range **chain, char *filename)

+{

+ char *line = NULL;

+ size_t size = 0;

+ FILE *idmap;

+

+ idmap = fopen(filename, "r");

+ if (!idmap)

+ err(EXIT_FAILURE, _("could not open '%s'"), filename);

+

+ while (getline(&line, &size, idmap) != -1) {

+ unsigned int start, count;

+ if (sscanf(line, " %u %*u %u", &start, &count) < 2)

+ continue;

+ insert_map_range(chain, (struct map_range) {

+ .inner = start,

+ .outer = start,

+ .count = count

+ });

+ }

+

+ fclose(idmap);

+ free(line);

+}

+

+/**

+ * add_single_map_range() - Add a single-ID map into a list without overlap

+ * @chain: A linked list of ID range mappings

+ * @outer: ID outside the namespace for a single map.

+ * @inner: ID inside the namespace for a single map, or -1 for no map.

+ * Prepend a mapping to @chain for the single ID @outer to the single ID

+ * @inner. The tricky bit is that we cannot let existing mappings overlap it.

+ * We accomplish this by removing a "hole" from each existing range @map, if

+ * @outer or @inner overlap it. This may result in one less than @map->count

+ * IDs being mapped from @map. The unmapped IDs are always the topmost IDs

+ * of the mapping (either in the parent or the child namespace).

+ * Most of the time, this function will be called with a single mapping range

+ * @map, @map->outer as some large ID, @map->inner as 0, and @map->count as a

+ * large number (at least 1000, but less than @map->outer). Typically, there

+ * will be no conflict with @outer. However, @inner may split the mapping for

+ * e.g. --map-current-user.

+

+static void add_single_map_range(struct map_range **chain, unsigned int outer,

+ unsigned int inner)

+ struct map_range *map = *chain;

+

+ if (inner + 1 == 0)

+ outer = (unsigned int) -1;

+ *chain = NULL;

+

+ while (map) {

+ struct map_range lo, mid, hi, *next = map->next;

+ unsigned int inner_offset, outer_offset;

+

+ * Start inner IDs from zero for an auto mapping; otherwise, if

+ * the single mapping exists and overlaps the range, remove an ID

+ if (map->inner + 1 == 0)

+ map->inner = 0;

+ else if (inner + 1 != 0 &&

+ ((outer >= map->outer && outer <= map->outer + map->count) ||

+ (inner >= map->inner && inner <= map->inner + map->count)))

+ map->count--;

+

+ /* Determine where the splits between lo, mid, and hi will be */

+ outer_offset = min(outer > map->outer ? outer - map->outer : 0,

+ map->count);

+ inner_offset = min(inner > map->inner ? inner - map->inner : 0,

+ map->count);

+ /*

+ * In the worst case, we need three mappings:

+ * From the bottom of map to either inner or outer

+ */

+ lo.outer = map->outer;

+ lo.inner = map->inner;

+ lo.count = min(inner_offset, outer_offset);

+

+ /* From the lower of inner or outer to the higher */

+ mid.outer = lo.outer + lo.count;

+ mid.outer += mid.outer == outer;

+ mid.inner = lo.inner + lo.count;

+ mid.inner += mid.inner == inner;

+ mid.count = abs_diff(outer_offset, inner_offset);

+

+ /* And from the higher of inner or outer to the end of the map */

+ hi.outer = mid.outer + mid.count;

+ hi.outer += hi.outer == outer;

+ hi.inner = mid.inner + mid.count;

+ hi.inner += hi.inner == inner;

+ hi.count = map->count - lo.count - mid.count;

+

+ /* Insert non-empty mappings into the output chain */

+ if (hi.count)

+ insert_map_range(chain, hi);

+ if (mid.count)

+ insert_map_range(chain, mid);

+ if (lo.count)

+ insert_map_range(chain, lo);

+

+ free(map);

+ map = next;

+ if (inner + 1 != 0) {

+ /* Insert single ID mapping as the first entry in the chain */

+ insert_map_range(chain, (struct map_range) {

+ .inner = inner,

+ .outer = outer,

+ .count = 1

+ });

+}

+

+/**

+ * map_ids_external() - Create a new uid/gid map using setuid helper

+ * @idmapper: Either newuidmap or newgidmap

+ * @ppid: Pid to set the map for

+ * @chain: A linked list of ID range mappings

+ *

+ * This creates a new uid/gid map for @ppid using @idmapper to set the

+ * mapping for each of the ranges in @chain.

+ *

+ * This function always exec()s or errors out and does not return.

+ */

+static void __attribute__((__noreturn__))

+map_ids_external(const char *idmapper, int ppid, struct map_range *chain)

+{

+ unsigned int i = 0, length = 3;

+ char **argv;

+

+ for (struct map_range *map = chain; map; map = map->next)

+ length += 3;

+ argv = xcalloc(length, sizeof(*argv));

+ argv[i++] = xstrdup(idmapper);

+ xasprintf(&argv[i++], "%u", ppid);

+

+ for (struct map_range *map = chain; map; map = map->next) {

+ xasprintf(&argv[i++], "%u", map->inner);

+ xasprintf(&argv[i++], "%u", map->outer);

+ xasprintf(&argv[i++], "%u", map->count);

+

+ argv[i] = NULL;

+ * map_ids_internal() - Create a new uid/gid map using root privilege

+ * @type: Either uid_map or gid_map

+ * @ppid: Pid to set the map for

+ * @chain: A linked list of ID range mappings

+ *

+ * This creates a new uid/gid map for @ppid using a privileged write to

+ * /proc/@ppid/@type to set a mapping for each of the ranges in @chain.

+ */

+static void map_ids_internal(const char *type, int ppid, struct map_range *chain)

+{

+ int count, fd;

+ unsigned int length = 0;

+ char buffer[4096], *path;

+

+ xasprintf(&path, "/proc/%u/%s", ppid, type);

+ for (struct map_range *map = chain; map; map = map->next) {

+ count = snprintf(buffer + length, sizeof(buffer) - length,

+ "%u %u %u\n",

+ map->inner, map->outer, map->count);

+ if (count < 0 || count + length > sizeof(buffer))

+ errx(EXIT_FAILURE,

+ _("%s too large for kernel 4k limit"), path);

+ length += count;

+ }

+

+ fd = open(path, O_WRONLY | O_CLOEXEC | O_NOCTTY);

+ if (fd < 0)

+ err(EXIT_FAILURE, _("failed to open %s"), path);

+ if (write_all(fd, buffer, length) < 0)

+ err(EXIT_FAILURE, _("failed to write %s"), path);

+ close(fd);

+ free(path);

+}

+

+/**

+ if (usermap)

+ add_single_map_range(&usermap, geteuid(), mapuser);

+ if (groupmap)

+ add_single_map_range(&groupmap, getegid(), mapgroup);

+

+ if (geteuid() == 0) {

+ if (usermap)

+ map_ids_internal("uid_map", ppid, usermap);

+ if (groupmap)

+ map_ids_internal("gid_map", ppid, groupmap);

+ exit(EXIT_SUCCESS);

+ }

+

+ map_ids_external("newuidmap", ppid, usermap);

+ map_ids_external("newgidmap", ppid, groupmap);

+ insert_map_range(&usermap,

+ read_subid_range(_PATH_SUBUID, real_euid));

+ else if (!strcmp(optarg, "all"))

+ read_kernel_map(&usermap, _PATH_PROC_UIDMAP);

+ insert_map_range(&usermap, get_map_range(optarg));

+ insert_map_range(&groupmap,

+ read_subid_range(_PATH_SUBGID, real_euid));

+ else if (!strcmp(optarg, "all"))

+ read_kernel_map(&groupmap, _PATH_PROC_GIDMAP);

+ insert_map_range(&groupmap, get_map_range(optarg));

+ insert_map_range(&usermap, read_subid_range(_PATH_SUBUID, real_euid));

+ insert_map_range(&groupmap, read_subid_range(_PATH_SUBGID, real_euid));

+ if (termsig != SIGKILL && signal(termsig, SIG_DFL) == SIG_ERR)

+ err(EXIT_FAILURE,

+ _("signal handler reset failed"));

+ if (sigemptyset(&sigset) != 0 ||