From 7ed673ceebb0b8ae63da19e5fd850d3d03818513 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 5 Aug 2024 11:23:05 +0200 Subject: Adding upstream version 7.0.20-dfsg. Signed-off-by: Daniel Baumann --- src/VBox/Main/src-server/UefiVariableStoreImpl.cpp | 19 +++++++++++++++++-- src/VBox/Main/src-server/linux/NetIf-linux.cpp | 21 +++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) (limited to 'src/VBox/Main/src-server') diff --git a/src/VBox/Main/src-server/UefiVariableStoreImpl.cpp b/src/VBox/Main/src-server/UefiVariableStoreImpl.cpp index 2515599f..43ec2695 100644 --- a/src/VBox/Main/src-server/UefiVariableStoreImpl.cpp +++ b/src/VBox/Main/src-server/UefiVariableStoreImpl.cpp @@ -543,11 +543,26 @@ HRESULT UefiVariableStore::enrollDefaultMsSignatures(void) GuidMs, SignatureType_X509); if (SUCCEEDED(hrc)) { - hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidSecurityDb, "db", g_abUefiMicrosoftCa, g_cbUefiMicrosoftCa, + hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidGlobalVar, "KEK", g_abUefiMicrosoftKek2023, g_cbUefiMicrosoftKek2023, GuidMs, SignatureType_X509); if (SUCCEEDED(hrc)) - hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidSecurityDb, "db", g_abUefiMicrosoftProPca, g_cbUefiMicrosoftProPca, + { + hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidSecurityDb, "db", g_abUefiMicrosoft3rdCa, g_cbUefiMicrosoft3rdCa, GuidMs, SignatureType_X509); + if (SUCCEEDED(hrc)) + { + hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidSecurityDb, "db", g_abUefiMicrosoft3rdCa2023, g_cbUefiMicrosoft3rdCa2023, + GuidMs, SignatureType_X509); + if (SUCCEEDED(hrc)) + { + hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidSecurityDb, "db", g_abUefiMicrosoftWinCa, g_cbUefiMicrosoftWinCa, + GuidMs, SignatureType_X509); + if (SUCCEEDED(hrc)) + hrc = i_uefiVarStoreAddSignatureToDb(&EfiGuidSecurityDb, "db", g_abUefiMicrosoftWinCa2023, g_cbUefiMicrosoftWinCa2023, + GuidMs, SignatureType_X509); + } + } + } } i_releaseUefiVariableStore(); diff --git a/src/VBox/Main/src-server/linux/NetIf-linux.cpp b/src/VBox/Main/src-server/linux/NetIf-linux.cpp index f4a99eeb..83ab3b3b 100644 --- a/src/VBox/Main/src-server/linux/NetIf-linux.cpp +++ b/src/VBox/Main/src-server/linux/NetIf-linux.cpp @@ -43,6 +43,7 @@ #include #include #include +#include #include "HostNetworkInterfaceImpl.h" #include "netif.h" @@ -154,7 +155,27 @@ static int getInterfaceInfo(int iSocket, const char *pszName, PNETIFINFO pInfo) /* Generate UUID from name and MAC address. */ RTUUID uuid; RTUuidClear(&uuid); +#ifdef VBOXNETFLT_LINUX_NAMESPACE_SUPPORT + uuid.au32[0] = 0; /* Use 0 as the indicator of missing namespace info. */ + /* + * Namespace links use the following naming convention: "net:[1234567890]". + * The maximum value of inode number is 4294967295, which gives up precisely + * 16 characters without terminating zero. + */ + char szBuf[24]; + ssize_t len = readlink("/proc/self/ns/net", szBuf, sizeof(szBuf) - 1); + if (len == -1) + Log(("NetIfList: Failed to get namespace for VBoxSVC, error %d\n", errno)); + else if (!RTStrStartsWith(szBuf, "net:[")) + Log(("NetIfList: Failed to get network namespace inode from %s\n", szBuf)); + else + uuid.au32[0] = RTStrToUInt32(szBuf + 5); + Log(("NetIfList: VBoxSVC namespace inode %u\n", uuid.au32[0])); + /* Hashing the name is probably an overkill as MAC addresses should ensure uniqueness */ + uuid.au32[1] = RTStrHash1(pszName); +#else /* !VBOXNETFLT_LINUX_NAMESPACE_SUPPORT */ memcpy(&uuid, Req.ifr_name, RT_MIN(sizeof(Req.ifr_name), sizeof(uuid))); +#endif /* !VBOXNETFLT_LINUX_NAMESPACE_SUPPORT */ uuid.Gen.u8ClockSeqHiAndReserved = (uint8_t)((uuid.Gen.u8ClockSeqHiAndReserved & 0x3f) | 0x80); uuid.Gen.u16TimeHiAndVersion = (uint16_t)((uuid.Gen.u16TimeHiAndVersion & 0x0fff) | 0x4000); memcpy(uuid.Gen.au8Node, &Req.ifr_hwaddr.sa_data, sizeof(uuid.Gen.au8Node)); -- cgit v1.2.3