import conmon-2.0.26-3.module+el8.7.0+16212+65e1b35f

This commit is contained in:
CentOS Sources 2022-09-27 08:10:55 -04:00 committed by Stepan Oksanichenko
parent 1286725663
commit f5c5d296cc
2 changed files with 103 additions and 1 deletions

View File

@ -0,0 +1,93 @@
diff --git a/src/cli.c b/src/cli.c
index 8e788f9..5761dde 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -38,6 +38,7 @@ gchar **opt_log_path = NULL;
char *opt_exit_dir = NULL;
int opt_timeout = 0;
int64_t opt_log_size_max = -1;
+int64_t opt_log_global_size_max = -1;
char *opt_socket_path = DEFAULT_SOCKET_PATH;
gboolean opt_no_new_keyring = FALSE;
char *opt_exit_command = NULL;
@@ -70,6 +71,7 @@ GOptionEntry opt_entries[] = {
{"log-level", 0, 0, G_OPTION_ARG_STRING, &opt_log_level, "Print debug logs based on log level", NULL},
{"log-path", 'l', 0, G_OPTION_ARG_STRING_ARRAY, &opt_log_path, "Log file path", NULL},
{"log-size-max", 0, 0, G_OPTION_ARG_INT64, &opt_log_size_max, "Maximum size of log file", NULL},
+ {"log-global-size-max", 0, 0, G_OPTION_ARG_INT64, &opt_log_global_size_max, "Maximum size of all log files", NULL},
{"log-tag", 0, 0, G_OPTION_ARG_STRING, &opt_log_tag, "Additional tag to use for logging", NULL},
{"name", 'n', 0, G_OPTION_ARG_STRING, &opt_name, "Container name", NULL},
{"no-new-keyring", 0, 0, G_OPTION_ARG_NONE, &opt_no_new_keyring, "Do not create a new session keyring for the container", NULL},
@@ -180,5 +182,5 @@ void process_cli()
if (opt_container_pid_file == NULL)
opt_container_pid_file = g_strdup_printf("%s/pidfile-%s", cwd, opt_cid);
- configure_log_drivers(opt_log_path, opt_log_size_max, opt_cid, opt_name, opt_log_tag);
+ configure_log_drivers(opt_log_path, opt_log_size_max, opt_log_global_size_max, opt_cid, opt_name, opt_log_tag);
}
diff --git a/src/ctr_logging.c b/src/ctr_logging.c
index c3fd5d2..8581783 100644
--- a/src/ctr_logging.c
+++ b/src/ctr_logging.c
@@ -32,6 +32,9 @@ static const char *const JOURNALD_FILE_STRING = "journald";
/* Max log size for any log file types */
static int64_t log_size_max = -1;
+/* Max total log size for any log file types */
+static int64_t log_global_size_max = -1;
+
/* k8s log file parameters */
static int k8s_log_fd = -1;
static char *k8s_log_path = NULL;
@@ -77,9 +80,10 @@ static void reopen_k8s_file(void);
* (currently just k8s log file), it will also open the log_fd for that specific
* log file.
*/
-void configure_log_drivers(gchar **log_drivers, int64_t log_size_max_, char *cuuid_, char *name_, char *tag)
+void configure_log_drivers(gchar **log_drivers, int64_t log_size_max_, int64_t log_global_size_max_, char *cuuid_, char *name_, char *tag)
{
log_size_max = log_size_max_;
+ log_global_size_max = log_global_size_max_;
if (log_drivers == NULL)
nexit("Log driver not provided. Use --log-path");
for (int driver = 0; log_drivers[driver]; ++driver) {
@@ -284,6 +288,7 @@ static int write_k8s_log(stdpipe_t pipe, const char *buf, ssize_t buflen)
writev_buffer_t bufv = {0};
static int64_t bytes_written = 0;
int64_t bytes_to_be_written = 0;
+ static int64_t total_bytes_written = 0;
/*
* Use the same timestamp for every line of the log in this buffer.
@@ -307,6 +312,10 @@ static int write_k8s_log(stdpipe_t pipe, const char *buf, ssize_t buflen)
bytes_to_be_written += 1;
}
+ /* If the caller specified a global max, enforce it before writing */
+ if (log_global_size_max > 0 && total_bytes_written >= log_global_size_max)
+ break;
+
/*
* We re-open the log file if writing out the bytes will exceed the max
* log size. We also reset the state so that the new file is started with
@@ -360,6 +369,7 @@ static int write_k8s_log(stdpipe_t pipe, const char *buf, ssize_t buflen)
}
bytes_written += bytes_to_be_written;
+ total_bytes_written += bytes_to_be_written;
next:
/* Update the head of the buffer remaining to output. */
buf += line_len;
diff --git a/src/ctr_logging.h b/src/ctr_logging.h
index 1b63cd7..9b1f693 100644
--- a/src/ctr_logging.h
+++ b/src/ctr_logging.h
@@ -7,7 +7,7 @@
void reopen_log_files(void);
bool write_to_logs(stdpipe_t pipe, char *buf, ssize_t num_read);
-void configure_log_drivers(gchar **log_drivers, int64_t log_size_max_, char *cuuid_, char *name_, char *tag);
+void configure_log_drivers(gchar **log_drivers, int64_t log_size_max_, int64_t log_global_size_max_, char *cuuid_, char *name_, char *tag);
void sync_logs(void);
#endif /* !defined(CTR_LOGGING_H) */

View File

@ -10,11 +10,12 @@
Name: conmon
Epoch: 2
Version: 2.0.26
Release: 1%{?dist}
Release: 3%{?dist}
Summary: OCI container runtime monitor
License: ASL 2.0
URL: %{git0}
Source0: %{git0}/archive/v%{version}.tar.gz
Patch0: CVE-2022-1708.patch
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
#ExclusiveArch: %%{go_arches}
# still use arch exclude as the macro above still refers %%{ix86} in RHEL8.4:
@ -51,6 +52,14 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%{_mandir}/man8/*
%changelog
* Thu Jul 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.0.26-3
- amend CVE-2022-1708
- Related: #2093390
* Mon Jun 06 2022 Jindrich Novy <jnovy@redhat.com> - 2:2.0.26-2
- fix CVE-2022-1708 - thanks to Peter Hunt
- Related: #2061390
* Thu Feb 04 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.0.26-1
- update to https://github.com/containers/conmon/releases/tag/v2.0.26
- Related: #1883490