import WALinuxAgent-2.2.38-1.el8

This commit is contained in:
CentOS Sources 2019-11-05 14:36:30 -05:00 committed by Andrew Lukoshko
parent ff50cbadf3
commit fc0adf2d6e
5 changed files with 45 additions and 444 deletions

View File

@ -1 +1 @@
3b5c6eac24e6545e3ce56262210a7ac8dbdc8ace SOURCES/WALinuxAgent-2.2.32.tar.gz 45d136023c003b28a9b49fd89e6c9570b38fb397 SOURCES/WALinuxAgent-2.2.38.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/WALinuxAgent-2.2.32.tar.gz SOURCES/WALinuxAgent-2.2.38.tar.gz

View File

@ -1,9 +1,9 @@
From 00dcd65f731e4a44418029c0a8b7107bbbbefc94 Mon Sep 17 00:00:00 2001 From 6b4aa78bf155631ee2d4b594a80e68e07b85b586 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com> From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 6 Oct 2016 12:25:35 +0200 Date: Thu, 6 Oct 2016 12:25:35 +0200
Subject: Add inital redhat build support Subject: Add inital redhat build support
Rebase notes (2.2.32): Rebase notes (2.2.38):
- Fix license text - Fix license text
Rebase notes (2.2.26): Rebase notes (2.2.26):
@ -14,6 +14,10 @@ Rebase notes (2.2.10):
- switched to sha256 - switched to sha256
- added .gitpublish profile - added .gitpublish profile
Merged patches (2.2.38):
- df29beb Switch from platform-python to python36
- 6749108 Stop packaging legacy waagent2.0
Merged patches (2.2.32): Merged patches (2.2.32):
- ce36fd9 Use Python3 - ce36fd9 Use Python3
- 952c830 Remove FIPS setting from the default config - 952c830 Remove FIPS setting from the default config
@ -24,6 +28,9 @@ Merged patches (2.2.32):
(cherry picked from commit 19d4f82cd5345fdc52b357afcf3b5aa4bc4ce4d9) (cherry picked from commit 19d4f82cd5345fdc52b357afcf3b5aa4bc4ce4d9)
(cherry picked from commit 1676db295321adbd571f04773782eed5b0817d64) (cherry picked from commit 1676db295321adbd571f04773782eed5b0817d64)
Conflicts:
config/waagent.conf
--- ---
.gitpublish | 8 + .gitpublish | 8 +
azurelinuxagent/ga/update.py | 12 +- azurelinuxagent/ga/update.py | 12 +-
@ -38,7 +45,7 @@ Merged patches (2.2.32):
redhat/.gitignore | 1 + redhat/.gitignore | 1 +
redhat/Makefile | 72 +++++++ redhat/Makefile | 72 +++++++
redhat/Makefile.common | 37 ++++ redhat/Makefile.common | 37 ++++
redhat/WALinuxAgent.spec.template | 169 +++++++++++++++ redhat/WALinuxAgent.spec.template | 190 +++++++++++++++++
redhat/rpmbuild/BUILD/.gitignore | 2 + redhat/rpmbuild/BUILD/.gitignore | 2 +
redhat/rpmbuild/RPMS/.gitignore | 2 + redhat/rpmbuild/RPMS/.gitignore | 2 +
redhat/rpmbuild/SOURCES/.gitignore | 2 + redhat/rpmbuild/SOURCES/.gitignore | 2 +
@ -51,7 +58,7 @@ Merged patches (2.2.32):
redhat/scripts/tarball_checksum.sh | 3 + redhat/scripts/tarball_checksum.sh | 3 +
setup.py | 2 +- setup.py | 2 +-
tests/data/ext/sample_ext-1.3.0/sample.py | 2 +- tests/data/ext/sample_ext-1.3.0/sample.py | 2 +-
26 files changed, 964 insertions(+), 17 deletions(-) 26 files changed, 985 insertions(+), 17 deletions(-)
create mode 100644 .gitpublish create mode 100644 .gitpublish
create mode 100644 redhat/.gitignore create mode 100644 redhat/.gitignore
create mode 100644 redhat/Makefile create mode 100644 redhat/Makefile
@ -69,7 +76,7 @@ Merged patches (2.2.32):
create mode 100755 redhat/scripts/tarball_checksum.sh create mode 100755 redhat/scripts/tarball_checksum.sh
diff --git a/azurelinuxagent/ga/update.py b/azurelinuxagent/ga/update.py diff --git a/azurelinuxagent/ga/update.py b/azurelinuxagent/ga/update.py
index d3c39c1..3617809 100644 index bb66614..f77fbee 100644
--- a/azurelinuxagent/ga/update.py --- a/azurelinuxagent/ga/update.py
+++ b/azurelinuxagent/ga/update.py +++ b/azurelinuxagent/ga/update.py
@@ -92,8 +92,11 @@ def get_update_handler(): @@ -92,8 +92,11 @@ def get_update_handler():
@ -99,12 +106,12 @@ index d3c39c1..3617809 100644
self._evaluate_agent_health(latest_agent) self._evaluate_agent_health(latest_agent)
diff --git a/bin/waagent b/bin/waagent diff --git a/bin/waagent b/bin/waagent
index 4039e03..10836c2 100755 index 4039e03..13d8d37 100755
--- a/bin/waagent --- a/bin/waagent
+++ b/bin/waagent +++ b/bin/waagent
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/env python -#!/usr/bin/env python
+#!/usr/bin/env python3 +#!/usr/bin/python3.6
# #
# Azure Linux Agent # Azure Linux Agent
# #
@ -119,12 +126,12 @@ index 25aa0ce..a868211 100644
# Azure Linux Agent # Azure Linux Agent
# #
diff --git a/config/waagent.conf b/config/waagent.conf diff --git a/config/waagent.conf b/config/waagent.conf
index 79daacb..513cbf2 100644 index 62a9441..4754029 100644
--- a/config/waagent.conf --- a/config/waagent.conf
+++ b/config/waagent.conf +++ b/config/waagent.conf
@@ -62,9 +62,6 @@ ResourceDisk.MountOptions=None @@ -65,9 +65,6 @@ Logs.Verbose=n
# Enable verbose logging (y|n) # Enable Console logging, default is y
Logs.Verbose=n # Logs.Console=y
-# Is FIPS enabled -# Is FIPS enabled
-OS.EnableFIPS=n -OS.EnableFIPS=n
@ -172,7 +179,7 @@ index b77b0fa..317e89e 100755
WAZD_CONF=/etc/waagent.conf WAZD_CONF=/etc/waagent.conf
WAZD_PIDFILE=/var/run/waagent.pid WAZD_PIDFILE=/var/run/waagent.pid
diff --git a/init/waagent.service b/init/waagent.service diff --git a/init/waagent.service b/init/waagent.service
index e91f143..3c7710f 100644 index e91f143..99f3183 100644
--- a/init/waagent.service --- a/init/waagent.service
+++ b/init/waagent.service +++ b/init/waagent.service
@@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf @@ -8,7 +8,7 @@ ConditionPathExists=/etc/waagent.conf
@ -180,7 +187,7 @@ index e91f143..3c7710f 100644
[Service] [Service]
Type=simple Type=simple
-ExecStart=/usr/bin/python -u /usr/sbin/waagent -daemon -ExecStart=/usr/bin/python -u /usr/sbin/waagent -daemon
+ExecStart=/usr/libexec/platform-python -u /usr/sbin/waagent -daemon +ExecStart=/usr/bin/python3.6 -u /usr/sbin/waagent -daemon
Restart=always Restart=always
RestartSec=5 RestartSec=5
@ -195,7 +202,7 @@ index 52e0eae..51c263c 100755
import glob import glob
import os import os
diff --git a/setup.py b/setup.py diff --git a/setup.py b/setup.py
index e15a2d4..6fbf0ba 100755 index ee0d839..da19bf1 100755
--- a/setup.py --- a/setup.py
+++ b/setup.py +++ b/setup.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@

View File

@ -1,413 +0,0 @@
From c0d49d739d39573b59c827c89f56386d162d9381 Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Wed, 13 Mar 2019 18:44:24 +0000
Subject: [PATCH] Add fixes for handling swap file and other nit fixes (#1485)
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-id: <20190313184424.29299-1-vkuznets@redhat.com>
Patchwork-id: 84860
O-Subject: [RHEL8 WALinuxAgent PATCH] Add fixes for handling swap file and other nit fixes (#1485)
Bugzilla: 1688276
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1684181
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20581233
Tested: by me
This is to fix CVE-2019-0804: swapfile is created with weak permission.
commit 8b2fa7d6051d0ee9952be4b42185c24d2a2eacff
Author: Varad Meru <vrdmr@users.noreply.github.com>
Date: Tue Mar 12 12:54:08 2019 -0700
Add fixes for handling swap file and other nit fixes (#1485)
* Add fixes for handling swap file and other nit fixes
* Fixing bytearray and other nits
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Conflicts:
azurelinuxagent/daemon/resourcedisk/freebsd.py
(requires additional commits, irrelevant to RHEL)
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
azurelinuxagent/daemon/resourcedisk/default.py | 74 +++++++++++++++++++-------
azurelinuxagent/daemon/resourcedisk/freebsd.py | 53 ++++++++++++------
tests/distro/test_resourceDisk.py | 47 ++++++++++++++--
3 files changed, 133 insertions(+), 41 deletions(-)
diff --git a/azurelinuxagent/daemon/resourcedisk/default.py b/azurelinuxagent/daemon/resourcedisk/default.py
index 0f0925d..cfb76d2 100644
--- a/azurelinuxagent/daemon/resourcedisk/default.py
+++ b/azurelinuxagent/daemon/resourcedisk/default.py
@@ -17,6 +17,7 @@
import os
import re
+import stat
import sys
import threading
from time import sleep
@@ -124,12 +125,13 @@ class ResourceDiskHandler(object):
force_option = 'F'
if self.fs == 'xfs':
force_option = 'f'
- mkfs_string = "mkfs.{0} -{2} {1}".format(self.fs, partition, force_option)
+ mkfs_string = "mkfs.{0} -{2} {1}".format(
+ self.fs, partition, force_option)
if "gpt" in ret[1]:
logger.info("GPT detected, finding partitions")
parts = [x for x in ret[1].split("\n") if
- re.match("^\s*[0-9]+", x)]
+ re.match(r"^\s*[0-9]+", x)]
logger.info("Found {0} GPT partition(s).", len(parts))
if len(parts) > 1:
logger.info("Removing old GPT partitions")
@@ -138,18 +140,23 @@ class ResourceDiskHandler(object):
shellutil.run("parted {0} rm {1}".format(device, i))
logger.info("Creating new GPT partition")
- shellutil.run("parted {0} mkpart primary 0% 100%".format(device))
+ shellutil.run(
+ "parted {0} mkpart primary 0% 100%".format(device))
logger.info("Format partition [{0}]", mkfs_string)
shellutil.run(mkfs_string)
else:
logger.info("GPT not detected, determining filesystem")
- ret = self.change_partition_type(suppress_message=True, option_str="{0} 1 -n".format(device))
+ ret = self.change_partition_type(
+ suppress_message=True,
+ option_str="{0} 1 -n".format(device))
ptype = ret[1].strip()
if ptype == "7" and self.fs != "ntfs":
logger.info("The partition is formatted with ntfs, updating "
"partition type to 83")
- self.change_partition_type(suppress_message=False, option_str="{0} 1 83".format(device))
+ self.change_partition_type(
+ suppress_message=False,
+ option_str="{0} 1 83".format(device))
self.reread_partition_table(device)
logger.info("Format partition [{0}]", mkfs_string)
shellutil.run(mkfs_string)
@@ -169,7 +176,8 @@ class ResourceDiskHandler(object):
attempts -= 1
if not os.path.exists(partition):
- raise ResourceDiskError("Partition was not created [{0}]".format(partition))
+ raise ResourceDiskError(
+ "Partition was not created [{0}]".format(partition))
logger.info("Mount resource disk [{0}]", mount_string)
ret, output = shellutil.run_get_output(mount_string, chk_err=False)
@@ -215,14 +223,19 @@ class ResourceDiskHandler(object):
"""
command_to_use = '--part-type'
- input = "sfdisk {0} {1} {2}".format(command_to_use, '-f' if suppress_message else '', option_str)
- err_code, output = shellutil.run_get_output(input, chk_err=False, log_cmd=True)
+ input = "sfdisk {0} {1} {2}".format(
+ command_to_use, '-f' if suppress_message else '', option_str)
+ err_code, output = shellutil.run_get_output(
+ input, chk_err=False, log_cmd=True)
# fall back to -c
if err_code != 0:
- logger.info("sfdisk with --part-type failed [{0}], retrying with -c", err_code)
+ logger.info(
+ "sfdisk with --part-type failed [{0}], retrying with -c",
+ err_code)
command_to_use = '-c'
- input = "sfdisk {0} {1} {2}".format(command_to_use, '-f' if suppress_message else '', option_str)
+ input = "sfdisk {0} {1} {2}".format(
+ command_to_use, '-f' if suppress_message else '', option_str)
err_code, output = shellutil.run_get_output(input, log_cmd=True)
if err_code == 0:
@@ -245,16 +258,30 @@ class ResourceDiskHandler(object):
else:
return 'mount {0} {1}'.format(partition, mount_point)
+ @staticmethod
+ def check_existing_swap_file(swapfile, swaplist, size):
+ if swapfile in swaplist and os.path.isfile(
+ swapfile) and os.path.getsize(swapfile) == size:
+ logger.info("Swap already enabled")
+ # restrict access to owner (remove all access from group, others)
+ swapfile_mode = os.stat(swapfile).st_mode
+ if swapfile_mode & (stat.S_IRWXG | stat.S_IRWXO):
+ swapfile_mode = swapfile_mode & ~(stat.S_IRWXG | stat.S_IRWXO)
+ logger.info(
+ "Changing mode of {0} to {1:o}".format(
+ swapfile, swapfile_mode))
+ os.chmod(swapfile, swapfile_mode)
+ return True
+
+ return False
+
def create_swap_space(self, mount_point, size_mb):
size_kb = size_mb * 1024
size = size_kb * 1024
swapfile = os.path.join(mount_point, 'swapfile')
swaplist = shellutil.run_get_output("swapon -s")[1]
- if swapfile in swaplist \
- and os.path.isfile(swapfile) \
- and os.path.getsize(swapfile) == size:
- logger.info("Swap already enabled")
+ if self.check_existing_swap_file(swapfile, swaplist, size):
return
if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size:
@@ -296,7 +323,8 @@ class ResourceDiskHandler(object):
os.remove(filename)
# If file system is xfs, use dd right away as we have been reported that
- # swap enabling fails in xfs fs when disk space is allocated with fallocate
+ # swap enabling fails in xfs fs when disk space is allocated with
+ # fallocate
ret = 0
fn_sh = shellutil.quote((filename,))
if self.fs != 'xfs':
@@ -305,13 +333,21 @@ class ResourceDiskHandler(object):
# Probable errors:
# - OSError: Seen on Cygwin, libc notimpl?
# - AttributeError: What if someone runs this under...
+ fd = None
+
try:
- with open(filename, 'w') as f:
- os.posix_fallocate(f.fileno(), 0, nbytes)
- return 0
- except:
+ fd = os.open(
+ filename,
+ os.O_CREAT | os.O_WRONLY | os.O_EXCL,
+ stat.S_IRUSR | stat.S_IWUSR)
+ os.posix_fallocate(fd, 0, nbytes)
+ return 0
+ except BaseException:
# Not confident with this thing, just keep trying...
pass
+ finally:
+ if fd is not None:
+ os.close(fd)
# fallocate command
ret = shellutil.run(
diff --git a/azurelinuxagent/daemon/resourcedisk/freebsd.py b/azurelinuxagent/daemon/resourcedisk/freebsd.py
index a65d7f8..a29df3a 100644
--- a/azurelinuxagent/daemon/resourcedisk/freebsd.py
+++ b/azurelinuxagent/daemon/resourcedisk/freebsd.py
@@ -22,6 +22,7 @@ import azurelinuxagent.common.utils.shellutil as shellutil
from azurelinuxagent.common.exception import ResourceDiskError
from azurelinuxagent.daemon.resourcedisk.default import ResourceDiskHandler
+
class FreeBSDResourceDiskHandler(ResourceDiskHandler):
"""
This class handles resource disk mounting for FreeBSD.
@@ -34,6 +35,7 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
1. MBR: The resource disk partition is /dev/da1s1
2. GPT: The resource disk partition is /dev/da1p2, /dev/da1p1 is for reserved usage.
"""
+
def __init__(self):
super(FreeBSDResourceDiskHandler, self).__init__()
@@ -50,25 +52,30 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
def mount_resource_disk(self, mount_point):
fs = self.fs
if fs != 'ufs':
- raise ResourceDiskError("Unsupported filesystem type:{0}, only ufs is supported.".format(fs))
+ raise ResourceDiskError(
+ "Unsupported filesystem type:{0}, only ufs is supported.".format(fs))
# 1. Detect device
err, output = shellutil.run_get_output('gpart list')
if err:
- raise ResourceDiskError("Unable to detect resource disk device:{0}".format(output))
+ raise ResourceDiskError(
+ "Unable to detect resource disk device:{0}".format(output))
disks = self.parse_gpart_list(output)
device = self.osutil.device_for_ide_port(1)
- if device is None or not device in disks:
- # fallback logic to find device
- err, output = shellutil.run_get_output('camcontrol periphlist 2:1:0')
+ if device is None or device not in disks:
+ # fallback logic to find device
+ err, output = shellutil.run_get_output(
+ 'camcontrol periphlist 2:1:0')
if err:
# try again on "3:1:0"
- err, output = shellutil.run_get_output('camcontrol periphlist 3:1:0')
+ err, output = shellutil.run_get_output(
+ 'camcontrol periphlist 3:1:0')
if err:
- raise ResourceDiskError("Unable to detect resource disk device:{0}".format(output))
+ raise ResourceDiskError(
+ "Unable to detect resource disk device:{0}".format(output))
- # 'da1: generation: 4 index: 1 status: MORE\npass2: generation: 4 index: 2 status: LAST\n'
+ # 'da1: generation: 4 index: 1 status: MORE\npass2: generation: 4 index: 2 status: LAST\n'
for line in output.split('\n'):
index = line.find(':')
if index > 0:
@@ -89,9 +96,11 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
elif partition_table_type == 'GPT':
provider_name = device + 'p2'
else:
- raise ResourceDiskError("Unsupported partition table type:{0}".format(output))
+ raise ResourceDiskError(
+ "Unsupported partition table type:{0}".format(output))
- err, output = shellutil.run_get_output('gpart show -p {0}'.format(device))
+ err, output = shellutil.run_get_output(
+ 'gpart show -p {0}'.format(device))
if err or output.find(provider_name) == -1:
raise ResourceDiskError("Resource disk partition not found.")
@@ -110,14 +119,24 @@ class FreeBSDResourceDiskHandler(ResourceDiskHandler):
mount_cmd = 'mount -t {0} {1} {2}'.format(fs, partition, mount_point)
err = shellutil.run(mount_cmd, chk_err=False)
if err:
- logger.info('Creating {0} filesystem on partition {1}'.format(fs, partition))
- err, output = shellutil.run_get_output('newfs -U {0}'.format(partition))
+ logger.info(
+ 'Creating {0} filesystem on partition {1}'.format(
+ fs, partition))
+ err, output = shellutil.run_get_output(
+ 'newfs -U {0}'.format(partition))
if err:
- raise ResourceDiskError("Failed to create new filesystem on partition {0}, error:{1}"
- .format(partition, output))
+ raise ResourceDiskError(
+ "Failed to create new filesystem on partition {0}, error:{1}" .format(
+ partition, output))
err, output = shellutil.run_get_output(mount_cmd, chk_err=False)
if err:
- raise ResourceDiskError("Failed to mount partition {0}, error {1}".format(partition, output))
-
- logger.info("Resource disk partition {0} is mounted at {1} with fstype {2}", partition, mount_point, fs)
+ raise ResourceDiskError(
+ "Failed to mount partition {0}, error {1}".format(
+ partition, output))
+
+ logger.info(
+ "Resource disk partition {0} is mounted at {1} with fstype {2}",
+ partition,
+ mount_point,
+ fs)
return mount_point
diff --git a/tests/distro/test_resourceDisk.py b/tests/distro/test_resourceDisk.py
index d2ce6e1..5f9db0a 100644
--- a/tests/distro/test_resourceDisk.py
+++ b/tests/distro/test_resourceDisk.py
@@ -18,6 +18,8 @@
# http://msdn.microsoft.com/en-us/library/cc227282%28PROT.10%29.aspx
# http://msdn.microsoft.com/en-us/library/cc227259%28PROT.13%29.aspx
+import os
+import stat
import sys
from azurelinuxagent.common.utils import shellutil
from azurelinuxagent.daemon.resourcedisk import get_resourcedisk_handler
@@ -38,6 +40,11 @@ class TestResourceDisk(AgentTestCase):
# assert
assert os.path.exists(test_file)
+ # only the owner should have access
+ mode = os.stat(test_file).st_mode & (
+ stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
+ assert mode == stat.S_IRUSR | stat.S_IWUSR
+
# cleanup
os.remove(test_file)
@@ -49,7 +56,7 @@ class TestResourceDisk(AgentTestCase):
file_size = 1024 * 128
# execute
- if sys.version_info >= (3,3):
+ if sys.version_info >= (3, 3):
with patch("os.posix_fallocate",
side_effect=Exception('failure')):
get_resourcedisk_handler().mkfile(test_file, file_size)
@@ -76,20 +83,20 @@ class TestResourceDisk(AgentTestCase):
resource_disk_handler.mkfile(test_file, file_size)
# assert
- if sys.version_info >= (3,3):
+ if sys.version_info >= (3, 3):
with patch("os.posix_fallocate") as posix_fallocate:
self.assertEqual(0, posix_fallocate.call_count)
assert run_patch.call_count == 1
assert "dd if" in run_patch.call_args_list[0][0][0]
-
def test_change_partition_type(self):
resource_handler = get_resourcedisk_handler()
# test when sfdisk --part-type does not exist
with patch.object(shellutil, "run_get_output",
side_effect=[[1, ''], [0, '']]) as run_patch:
- resource_handler.change_partition_type(suppress_message=True, option_str='')
+ resource_handler.change_partition_type(
+ suppress_message=True, option_str='')
# assert
assert run_patch.call_count == 2
@@ -99,12 +106,42 @@ class TestResourceDisk(AgentTestCase):
# test when sfdisk --part-type exists
with patch.object(shellutil, "run_get_output",
side_effect=[[0, '']]) as run_patch:
- resource_handler.change_partition_type(suppress_message=True, option_str='')
+ resource_handler.change_partition_type(
+ suppress_message=True, option_str='')
# assert
assert run_patch.call_count == 1
assert "sfdisk --part-type" in run_patch.call_args_list[0][0][0]
+ def test_check_existing_swap_file(self):
+ test_file = os.path.join(self.tmp_dir, 'test_swap_file')
+ file_size = 1024 * 128
+ if os.path.exists(test_file):
+ os.remove(test_file)
+
+ with open(test_file, "wb") as file:
+ file.write(bytearray(file_size))
+
+ os.chmod(test_file, stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR |
+ stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6677
+
+ def swap_on(_): # mimic the output of "swapon -s"
+ return [
+ "Filename Type Size Used Priority",
+ "{0} partition 16498684 0 -2".format(test_file)
+ ]
+
+ with patch.object(shellutil, "run_get_output", side_effect=swap_on):
+ get_resourcedisk_handler().check_existing_swap_file(
+ test_file, test_file, file_size)
+
+ # it should remove access from group, others
+ mode = os.stat(test_file).st_mode & (stat.S_ISUID | stat.S_ISGID |
+ stat.S_IRWXU | stat.S_IWUSR | stat.S_IRWXG | stat.S_IRWXO) # 0o6777
+ assert mode == stat.S_ISUID | stat.S_ISGID | stat.S_IRUSR | stat.S_IWUSR # 0o6600
+
+ os.remove(test_file)
+
if __name__ == '__main__':
unittest.main()
--
1.8.3.1

View File

@ -1,18 +1,15 @@
Summary: Microsoft Azure Linux Agent Summary: Microsoft Azure Linux Agent
Name: WALinuxAgent Name: WALinuxAgent
Version: 2.2.32 Version: 2.2.38
Release: 1%{?dist}.1 Release: 1%{?dist}
License: Apache License Version 2.0 License: ASL 2.0
Group: Development/Libraries Group: Development/Libraries
Url: https://github.com/Azure/WALinuxAgent Url: https://github.com/Azure/WALinuxAgent
Source0: WALinuxAgent-2.2.32.tar.gz Source0: WALinuxAgent-2.2.38.tar.gz
BuildArch: noarch BuildArch: noarch
Patch0001: 0001-Add-inital-redhat-build-support.patch Patch0001: 0001-Add-inital-redhat-build-support.patch
# For bz#1684181 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions
# For bz#1688276 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8]
Patch2: wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch
# rhel requirements # rhel requirements
BuildRequires: python3-devel BuildRequires: python3-devel
@ -22,6 +19,7 @@ Requires: openssh-server
Requires: openssl Requires: openssl
Requires: parted Requires: parted
Requires: python3-pyasn1 Requires: python3-pyasn1
Requires: python36
BuildRequires: systemd BuildRequires: systemd
Requires(post): systemd Requires(post): systemd
@ -38,16 +36,13 @@ images that are built to run in the Azure environment.
%setup -q %setup -q
%patch0001 -p1 %patch0001 -p1
%patch2 -p1
%build %build
%py3_build %py3_build
%install %install
%{__python3} setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES %{__python3} setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES
rm -f %{buildroot}%{_sbindir}/waagent2.0
# Change the shebang to the __python3 macro instead of leaving it hardcoded
pathfix.py -pni "%{__python3}" %{buildroot}%{_sbindir}/waagent
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -67,15 +62,27 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace) %{_sysconfdir}/waagent.conf %config(noreplace) %{_sysconfdir}/waagent.conf
%{_sysconfdir}/logrotate.d/waagent.logrotate %{_sysconfdir}/logrotate.d/waagent.logrotate
%{_sbindir}/waagent %{_sbindir}/waagent
%{_sbindir}/waagent2.0
%{_unitdir}/waagent.service %{_unitdir}/waagent.service
/etc/udev/rules.d/66-azure-storage.rules /etc/udev/rules.d/66-azure-storage.rules
/etc/udev/rules.d/99-azure-product-uuid.rules /etc/udev/rules.d/99-azure-product-uuid.rules
%changelog %changelog
* Mon May 20 2019 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-1.el8_0.1 * Wed Jul 24 2019 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.38-1
- wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch [bz#1711338] - Rebase to 2.2.38 [bz#1722848]
- Resolves: bz#1711338 - Resolves: bz#1722848
([Azure]walinuxagent 2.2.38 rebase [8.1.0])
* Wed Jun 26 2019 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-3.el8
- wla-Switch-from-platform-python-to-python36.patch [bz#1720373]
- wla-Stop-packaging-legacy-waagent2.0.patch [bz#1720373]
- Resolves: bz#1720373
([RHEL 8.1] [Azure] Change WALinuxAgent spec to depend on Python3.6 package)
* Tue Apr 30 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 2.2.32-2.el8
- wla-Add-fixes-for-handling-swap-file-and-other-nit-fixes.patch [bz#1684181 bz#1688276]
- Resolves: bz#1684181
(CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions)
- Resolves: bz#1688276
(CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8]) (CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions [rhel-8])
* Fri Dec 14 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-1.el8 * Fri Dec 14 2018 Miroslav Rezanina <mrezanin@redhat.com> - 2.2.32-1.el8