Compare commits
No commits in common. "imports/c8/cronie-1.5.2-2.el8" and "c8s" have entirely different histories.
imports/c8
...
c8s
@ -1 +0,0 @@
|
|||||||
03e53a07f2a5b8724e8d7cf7124539b4e82414d3 SOURCES/cronie-1.5.2.tar.gz
|
|
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
SOURCES/cronie-1.5.2.tar.gz
|
SOURCES/cronie-1.5.2.tar.gz
|
||||||
|
/cronie-1.5.2.tar.gz
|
||||||
|
369
0001-Add-random-within-range-operator.patch
Normal file
369
0001-Add-random-within-range-operator.patch
Normal file
@ -0,0 +1,369 @@
|
|||||||
|
From 0f1704a0f8c5fd2a4da6f530694bdd93a7ca3226 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?=
|
||||||
|
<35430604+opohorel@users.noreply.github.com>
|
||||||
|
Date: Mon, 8 Nov 2021 16:20:09 +0100
|
||||||
|
Subject: [PATCH] Add random within range '~' operator
|
||||||
|
|
||||||
|
With the operator one can specify for a job a random time or date within
|
||||||
|
a specified range for a field.
|
||||||
|
The random value is generated when the crontab where the job is
|
||||||
|
specified, is loaded.
|
||||||
|
---
|
||||||
|
man/crontab.5 | 9 ++
|
||||||
|
src/entry.c | 262 ++++++++++++++++++++++++++++++++------------------
|
||||||
|
2 files changed, 176 insertions(+), 95 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/crontab.5 b/man/crontab.5
|
||||||
|
index a011c89..ba8f0c3 100644
|
||||||
|
--- a/man/crontab.5
|
||||||
|
+++ b/man/crontab.5
|
||||||
|
@@ -199,6 +199,15 @@ hyphen. The specified range is inclusive. For example, 8-11 for
|
||||||
|
an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first
|
||||||
|
number must be less than or equal to the second one.
|
||||||
|
.PP
|
||||||
|
+Randomization of the execution time within a range can be used.
|
||||||
|
+A random number within a range specified as two numbers separated with
|
||||||
|
+a tilde is picked. The specified range is inclusive.
|
||||||
|
+For example, 6~15 for a 'minutes' entry picks a random minute
|
||||||
|
+within 6 to 15 range. The random number is picked when crontab file is parsed.
|
||||||
|
+The first number must be less than or equal to the second one. You might omit
|
||||||
|
+one or both of the numbers specifying the range. For example, ~ for a 'minutes'
|
||||||
|
+entry picks a random minute within 0 to 59 range.
|
||||||
|
+.PP
|
||||||
|
Lists are allowed. A list is a set of numbers (or ranges) separated by
|
||||||
|
commas. Examples: "1,2,5,9", "0-4,8-12".
|
||||||
|
.PP
|
||||||
|
diff --git a/src/entry.c b/src/entry.c
|
||||||
|
index 92b55f5..9276f47 100644
|
||||||
|
--- a/src/entry.c
|
||||||
|
+++ b/src/entry.c
|
||||||
|
@@ -62,9 +62,22 @@ static const char *ecodes[] = {
|
||||||
|
"out of memory"
|
||||||
|
};
|
||||||
|
|
||||||
|
+typedef enum {
|
||||||
|
+ R_START,
|
||||||
|
+ R_AST,
|
||||||
|
+ R_STEP,
|
||||||
|
+ R_TERMS,
|
||||||
|
+ R_NUM1,
|
||||||
|
+ R_RANGE,
|
||||||
|
+ R_RANGE_NUM2,
|
||||||
|
+ R_RANDOM,
|
||||||
|
+ R_RANDOM_NUM2,
|
||||||
|
+ R_FINISH,
|
||||||
|
+} range_state_t;
|
||||||
|
+
|
||||||
|
static int get_list(bitstr_t *, int, int, const char *[], int, FILE *),
|
||||||
|
-get_range(bitstr_t *, int, int, const char *[], int, FILE *),
|
||||||
|
-get_number(int *, int, const char *[], int, FILE *, const char *),
|
||||||
|
+get_range(bitstr_t *, int, int, const char *[], FILE *),
|
||||||
|
+get_number(int *, int, const char *[], FILE *),
|
||||||
|
set_element(bitstr_t *, int, int, int);
|
||||||
|
|
||||||
|
void free_entry(entry * e) {
|
||||||
|
@@ -449,11 +462,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
|
||||||
|
/* process all ranges
|
||||||
|
*/
|
||||||
|
done = FALSE;
|
||||||
|
+ /* unget ch to allow get_range() to process it properly
|
||||||
|
+ */
|
||||||
|
+ unget_char(ch, file);
|
||||||
|
while (!done) {
|
||||||
|
- if (EOF == (ch = get_range(bits, low, high, names, ch, file)))
|
||||||
|
+ if (EOF == (ch = get_range(bits, low, high, names, file)))
|
||||||
|
return (EOF);
|
||||||
|
if (ch == ',')
|
||||||
|
- ch = get_char(file);
|
||||||
|
+ continue;
|
||||||
|
else
|
||||||
|
done = TRUE;
|
||||||
|
}
|
||||||
|
@@ -468,137 +484,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
|
||||||
|
return (ch);
|
||||||
|
}
|
||||||
|
|
||||||
|
+inline static int is_separator(int ch) {
|
||||||
|
+ switch (ch) {
|
||||||
|
+ case '\t':
|
||||||
|
+ case '\n':
|
||||||
|
+ case ' ':
|
||||||
|
+ case ',':
|
||||||
|
+ return 1;
|
||||||
|
+ default:
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
|
||||||
|
static int
|
||||||
|
get_range(bitstr_t * bits, int low, int high, const char *names[],
|
||||||
|
- int ch, FILE * file) {
|
||||||
|
+ FILE * file) {
|
||||||
|
/* range = number | number "-" number [ "/" number ]
|
||||||
|
+ * | [number] "~" [number]
|
||||||
|
*/
|
||||||
|
+
|
||||||
|
+ int ch, i, num1, num2, num3;
|
||||||
|
|
||||||
|
- int i, num1, num2, num3;
|
||||||
|
+ /* default value for step
|
||||||
|
+ */
|
||||||
|
+ num3 = 1;
|
||||||
|
+ range_state_t state = R_START;
|
||||||
|
+
|
||||||
|
+ while (state != R_FINISH && ((ch = get_char(file)) != EOF)) {
|
||||||
|
+ switch (state) {
|
||||||
|
+ case R_START:
|
||||||
|
+ if (ch == '*') {
|
||||||
|
+ num1 = low;
|
||||||
|
+ num2 = high;
|
||||||
|
+ state = R_AST;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (ch == '~') {
|
||||||
|
+ num1 = low;
|
||||||
|
+ state = R_RANDOM;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ unget_char(ch, file);
|
||||||
|
+ if (get_number(&num1, low, names, file) != EOF) {
|
||||||
|
+ state = R_NUM1;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return (EOF);
|
||||||
|
|
||||||
|
- Debug(DPARS | DEXT, ("get_range()...entering, exit won't show\n"));
|
||||||
|
+ case R_AST:
|
||||||
|
+ if (ch == '/') {
|
||||||
|
+ state = R_STEP;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (is_separator(ch)) {
|
||||||
|
+ state = R_FINISH;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return (EOF);
|
||||||
|
|
||||||
|
- if (ch == '*') {
|
||||||
|
- /* '*' means "first-last" but can still be modified by /step
|
||||||
|
- */
|
||||||
|
- num1 = low;
|
||||||
|
- num2 = high;
|
||||||
|
- ch = get_char(file);
|
||||||
|
- if (ch == EOF)
|
||||||
|
- return (EOF);
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- ch = get_number(&num1, low, names, ch, file, ",- \t\n");
|
||||||
|
- if (ch == EOF)
|
||||||
|
- return (EOF);
|
||||||
|
+ case R_STEP:
|
||||||
|
+ if (get_number(&num3, 0, PPC_NULL, file) != EOF) {
|
||||||
|
+ state = R_TERMS;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return (EOF);
|
||||||
|
|
||||||
|
- if (ch != '-') {
|
||||||
|
- /* not a range, it's a single number.
|
||||||
|
- */
|
||||||
|
- if (EOF == set_element(bits, low, high, num1)) {
|
||||||
|
- unget_char(ch, file);
|
||||||
|
+ case R_TERMS:
|
||||||
|
+ if (is_separator(ch)) {
|
||||||
|
+ state = R_FINISH;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
return (EOF);
|
||||||
|
- }
|
||||||
|
- return (ch);
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- /* eat the dash
|
||||||
|
- */
|
||||||
|
- ch = get_char(file);
|
||||||
|
- if (ch == EOF)
|
||||||
|
+
|
||||||
|
+ case R_NUM1:
|
||||||
|
+ if (ch == '-') {
|
||||||
|
+ state = R_RANGE;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (ch == '~') {
|
||||||
|
+ state = R_RANDOM;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (is_separator(ch)) {
|
||||||
|
+ num2 = num1;
|
||||||
|
+ state = R_FINISH;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
return (EOF);
|
||||||
|
|
||||||
|
- /* get the number following the dash
|
||||||
|
- */
|
||||||
|
- ch = get_number(&num2, low, names, ch, file, "/, \t\n");
|
||||||
|
- if (ch == EOF || num1 > num2)
|
||||||
|
+ case R_RANGE:
|
||||||
|
+ if (get_number(&num2, low, names, file) != EOF) {
|
||||||
|
+ state = R_RANGE_NUM2;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
return (EOF);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
|
||||||
|
- /* check for step size
|
||||||
|
- */
|
||||||
|
- if (ch == '/') {
|
||||||
|
- /* eat the slash
|
||||||
|
- */
|
||||||
|
- ch = get_char(file);
|
||||||
|
- if (ch == EOF)
|
||||||
|
- return (EOF);
|
||||||
|
+ case R_RANGE_NUM2:
|
||||||
|
+ if (ch == '/') {
|
||||||
|
+ state = R_STEP;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (is_separator(ch)) {
|
||||||
|
+ state = R_FINISH;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return (EOF);
|
||||||
|
|
||||||
|
- /* get the step size -- note: we don't pass the
|
||||||
|
- * names here, because the number is not an
|
||||||
|
- * element id, it's a step size. 'low' is
|
||||||
|
- * sent as a 0 since there is no offset either.
|
||||||
|
- */
|
||||||
|
- ch = get_number(&num3, 0, PPC_NULL, ch, file, ", \t\n");
|
||||||
|
- if (ch == EOF || num3 == 0)
|
||||||
|
- return (EOF);
|
||||||
|
- }
|
||||||
|
- else {
|
||||||
|
- /* no step. default==1.
|
||||||
|
- */
|
||||||
|
- num3 = 1;
|
||||||
|
+ case R_RANDOM:
|
||||||
|
+ if (is_separator(ch)) {
|
||||||
|
+ num2 = high;
|
||||||
|
+ state = R_FINISH;
|
||||||
|
+ }
|
||||||
|
+ else if (unget_char(ch, file),
|
||||||
|
+ get_number(&num2, low, names, file) != EOF) {
|
||||||
|
+ state = R_TERMS;
|
||||||
|
+ }
|
||||||
|
+ /* fail if couldn't find match on previous term
|
||||||
|
+ */
|
||||||
|
+ else
|
||||||
|
+ return (EOF);
|
||||||
|
+
|
||||||
|
+ /* if invalid random range was selected */
|
||||||
|
+ if (num1 > num2)
|
||||||
|
+ return (EOF);
|
||||||
|
+
|
||||||
|
+ /* select random number in range <num1, num2>
|
||||||
|
+ */
|
||||||
|
+ num1 = num2 = random() % (num2 - num1 + 1) + num1;
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ default:
|
||||||
|
+ /* We should never get here
|
||||||
|
+ */
|
||||||
|
+ return (EOF);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ if (state != R_FINISH || ch == EOF)
|
||||||
|
+ return (EOF);
|
||||||
|
|
||||||
|
- /* range. set all elements from num1 to num2, stepping
|
||||||
|
- * by num3. (the step is a downward-compatible extension
|
||||||
|
- * proposed conceptually by bob@acornrc, syntactically
|
||||||
|
- * designed then implemented by paul vixie).
|
||||||
|
- */
|
||||||
|
for (i = num1; i <= num2; i += num3)
|
||||||
|
if (EOF == set_element(bits, low, high, i)) {
|
||||||
|
unget_char(ch, file);
|
||||||
|
return (EOF);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- return (ch);
|
||||||
|
+ return ch;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
-get_number(int *numptr, int low, const char *names[], int ch, FILE * file,
|
||||||
|
- const char *terms) {
|
||||||
|
+get_number(int *numptr, int low, const char *names[], FILE * file) {
|
||||||
|
char temp[MAX_TEMPSTR], *pc;
|
||||||
|
- int len, i;
|
||||||
|
+ int len, i, ch;
|
||||||
|
+ char *endptr;
|
||||||
|
|
||||||
|
pc = temp;
|
||||||
|
len = 0;
|
||||||
|
|
||||||
|
- /* first look for a number */
|
||||||
|
- while (isdigit((unsigned char) ch)) {
|
||||||
|
+ /* get all alnum characters available */
|
||||||
|
+ while (isalnum((ch = get_char(file)))) {
|
||||||
|
if (++len >= MAX_TEMPSTR)
|
||||||
|
goto bad;
|
||||||
|
*pc++ = (char)ch;
|
||||||
|
- ch = get_char(file);
|
||||||
|
}
|
||||||
|
- *pc = '\0';
|
||||||
|
- if (len != 0) {
|
||||||
|
- /* got a number, check for valid terminator */
|
||||||
|
- if (!strchr(terms, ch))
|
||||||
|
- goto bad;
|
||||||
|
- *numptr = atoi(temp);
|
||||||
|
- return (ch);
|
||||||
|
+ if (len == 0)
|
||||||
|
+ goto bad;
|
||||||
|
+
|
||||||
|
+ unget_char(ch, file);
|
||||||
|
+
|
||||||
|
+ /* try to get number */
|
||||||
|
+ *numptr = (int) strtol(temp, &endptr, 10);
|
||||||
|
+ if (*endptr == '\0' && temp != endptr) {
|
||||||
|
+ /* We have a number */
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* no numbers, look for a string if we have any */
|
||||||
|
if (names) {
|
||||||
|
- while (isalpha((unsigned char) ch)) {
|
||||||
|
- if (++len >= MAX_TEMPSTR)
|
||||||
|
- goto bad;
|
||||||
|
- *pc++ = (char)ch;
|
||||||
|
- ch = get_char(file);
|
||||||
|
- }
|
||||||
|
- *pc = '\0';
|
||||||
|
- if (len != 0 && strchr(terms, ch)) {
|
||||||
|
- for (i = 0; names[i] != NULL; i++) {
|
||||||
|
- Debug(DPARS | DEXT,
|
||||||
|
- ("get_num, compare(%s,%s)\n", names[i], temp));
|
||||||
|
- if (!strcasecmp(names[i], temp)) {
|
||||||
|
- *numptr = i + low;
|
||||||
|
- return (ch);
|
||||||
|
- }
|
||||||
|
+ for (i = 0; names[i] != NULL; i++) {
|
||||||
|
+ Debug(DPARS | DEXT, ("get_num, compare(%s,%s)\n", names[i], temp));
|
||||||
|
+ if (strcasecmp(names[i], temp) == 0) {
|
||||||
|
+ *numptr = i + low;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ } else {
|
||||||
|
+ goto bad;
|
||||||
|
}
|
||||||
|
|
||||||
|
bad:
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
@ -0,0 +1,25 @@
|
|||||||
|
From 07bf4b9037de19b580cfa24f5ad023b56725b285 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Wed, 5 Jan 2022 19:17:18 +0100
|
||||||
|
Subject: [PATCH 2/4] get_number: Add missing NUL termination for the scanned
|
||||||
|
string
|
||||||
|
|
||||||
|
---
|
||||||
|
src/entry.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/entry.c b/src/entry.c
|
||||||
|
index f2bb717..15ce9b5 100644
|
||||||
|
--- a/src/entry.c
|
||||||
|
+++ b/src/entry.c
|
||||||
|
@@ -666,6 +666,7 @@ get_number(int *numptr, int low, const char *names[], FILE * file) {
|
||||||
|
goto bad;
|
||||||
|
*pc++ = (char)ch;
|
||||||
|
}
|
||||||
|
+ *pc = '\0';
|
||||||
|
if (len == 0)
|
||||||
|
goto bad;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
28
0003-Fix-regression-in-handling-x-crontab-entries.patch
Normal file
28
0003-Fix-regression-in-handling-x-crontab-entries.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 299ef06ea4371afa97301cec64dc8f21c4f7b11b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Tue, 22 Mar 2022 14:35:48 +0100
|
||||||
|
Subject: [PATCH 3/4] Fix regression in handling */x crontab entries
|
||||||
|
|
||||||
|
Fixes #102
|
||||||
|
---
|
||||||
|
src/entry.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/entry.c b/src/entry.c
|
||||||
|
index 15ce9b5..e9e258b 100644
|
||||||
|
--- a/src/entry.c
|
||||||
|
+++ b/src/entry.c
|
||||||
|
@@ -563,7 +563,9 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
|
||||||
|
return (EOF);
|
||||||
|
|
||||||
|
case R_STEP:
|
||||||
|
- if (get_number(&num3, 0, PPC_NULL, file) != EOF) {
|
||||||
|
+ unget_char(ch, file);
|
||||||
|
+ if (get_number(&num3, 0, PPC_NULL, file) != EOF
|
||||||
|
+ && num3 != 0) {
|
||||||
|
state = R_TERMS;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
24
0004-Fix-regression-in-handling-1-5-crontab-entries.patch
Normal file
24
0004-Fix-regression-in-handling-1-5-crontab-entries.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From 62e53f1cdb9c1e12a01ee7814c92cd937d50328d Mon Sep 17 00:00:00 2001
|
||||||
|
From: w30023233 <wangyuhang27@huawei.com>
|
||||||
|
Date: Wed, 23 Mar 2022 15:40:01 +0800
|
||||||
|
Subject: [PATCH 4/4] Fix regression in handling 1-5 crontab entries
|
||||||
|
|
||||||
|
---
|
||||||
|
src/entry.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/entry.c b/src/entry.c
|
||||||
|
index e9e258b..bb7cb62 100644
|
||||||
|
--- a/src/entry.c
|
||||||
|
+++ b/src/entry.c
|
||||||
|
@@ -595,6 +595,7 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
|
||||||
|
return (EOF);
|
||||||
|
|
||||||
|
case R_RANGE:
|
||||||
|
+ unget_char(ch, file);
|
||||||
|
if (get_number(&num2, low, names, file) != EOF) {
|
||||||
|
state = R_RANGE_NUM2;
|
||||||
|
break;
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
41
cronie-1.5.2-context-role.patch
Normal file
41
cronie-1.5.2-context-role.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Thu, 18 Oct 2018 14:25:58 +0200
|
||||||
|
Subject: [PATCH] Use the role from the crond context for system job contexts.
|
||||||
|
|
||||||
|
New SELinux policy added multiple roles for the system_u user on crond_t.
|
||||||
|
The default context returned from get_default_context_with_level() is now
|
||||||
|
unconfined_t instead of system_cronjob_t which is incorrect for system cron
|
||||||
|
jobs.
|
||||||
|
We use the role to limit the default context to system_cronjob_t.
|
||||||
|
---
|
||||||
|
src/security.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/security.c b/src/security.c
|
||||||
|
index d1bdc7f..5213cf3 100644
|
||||||
|
--- a/src/security.c
|
||||||
|
+++ b/src/security.c
|
||||||
|
@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
|
||||||
|
retval = get_default_context_with_level(seuser, level, NULL, &scontext);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
+ const char *current_user, *current_role;
|
||||||
|
if (getcon(¤t_context_str) < 0) {
|
||||||
|
log_it(name, getpid(), "getcon FAILED", "", 0);
|
||||||
|
return (security_getenforce() > 0);
|
||||||
|
@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
|
||||||
|
return (security_getenforce() > 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
- const char *current_user = context_user_get(current_context);
|
||||||
|
- retval = get_default_context_with_level(current_user, level, NULL, &scontext);
|
||||||
|
+ current_user = context_user_get(current_context);
|
||||||
|
+ current_role = context_role_get(current_context);
|
||||||
|
+ retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
|
||||||
|
|
||||||
|
freecon(current_context_str);
|
||||||
|
context_free(current_context);
|
||||||
|
--
|
||||||
|
2.14.5
|
||||||
|
|
26
cronie-1.5.2-create-pid-files.patch
Normal file
26
cronie-1.5.2-create-pid-files.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 0570c2cd979bc9ce1da6a873089e89dbca900a1f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Tue, 7 May 2019 14:45:53 +0200
|
||||||
|
Subject: [PATCH] Revert "Avoid creating pid files when crond doesn't fork"
|
||||||
|
|
||||||
|
This reverts commit 5b285b46b88dc63689c6a56542cb2ba81f861b66.
|
||||||
|
The PID file is useful to avoid running multiple crond instances
|
||||||
|
at once.
|
||||||
|
---
|
||||||
|
src/misc.c | 3 ---
|
||||||
|
1 file changed, 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/misc.c b/src/misc.c
|
||||||
|
index 42153b8..faf6ffb 100644
|
||||||
|
--- a/src/misc.c
|
||||||
|
+++ b/src/misc.c
|
||||||
|
@@ -315,9 +315,6 @@ void acquire_daemonlock(int closeflag) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (NoFork == 1)
|
||||||
|
- return; //move along, nothing to do here...
|
||||||
|
-
|
||||||
|
if (fd == -1) {
|
||||||
|
pidfile = _PATH_CRON_PID;
|
||||||
|
/* Initial mode is 0600 to prevent flock() race/DoS. */
|
13
cronie-1.5.2-restart-on-failure.patch
Normal file
13
cronie-1.5.2-restart-on-failure.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -ru cronie-1.5.2/contrib/cronie.systemd cronie-1.5.2_patched/contrib/cronie.systemd
|
||||||
|
--- cronie-1.5.2/contrib/cronie.systemd 2018-11-27 15:26:46.797288342 +0100
|
||||||
|
+++ cronie-1.5.2_patched/contrib/cronie.systemd 2018-11-27 15:26:19.479159225 +0100
|
||||||
|
@@ -7,6 +7,8 @@
|
||||||
|
ExecStart=/usr/sbin/crond -n $CRONDARGS
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=process
|
||||||
|
+Restart=on-failure
|
||||||
|
+RestartSec=30s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
26
cronie-1.5.2-use-pam-system-auth.patch
Normal file
26
cronie-1.5.2-use-pam-system-auth.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 978a00ea7ac92852c153ebb3b2152886730ca51c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marcel Plch <mplch@redhat.com>
|
||||||
|
Date: Fri, 7 Dec 2018 15:01:19 +0100
|
||||||
|
Subject: [PATCH] Use system-auth instead of password-auth for PAM
|
||||||
|
authentication (#25)
|
||||||
|
|
||||||
|
---
|
||||||
|
pam/crond | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pam/crond b/pam/crond
|
||||||
|
index 91964aa..560529d 100644
|
||||||
|
--- a/pam/crond
|
||||||
|
+++ b/pam/crond
|
||||||
|
@@ -4,8 +4,8 @@
|
||||||
|
#
|
||||||
|
# Although no PAM authentication is called, auth modules
|
||||||
|
# are used for credential setting
|
||||||
|
-auth include password-auth
|
||||||
|
+auth include system-auth
|
||||||
|
account required pam_access.so
|
||||||
|
-account include password-auth
|
||||||
|
+account include system-auth
|
||||||
|
session required pam_loginuid.so
|
||||||
|
-session include password-auth
|
||||||
|
+session include system-auth
|
@ -6,7 +6,7 @@
|
|||||||
Summary: Cron daemon for executing programs at set times
|
Summary: Cron daemon for executing programs at set times
|
||||||
Name: cronie
|
Name: cronie
|
||||||
Version: 1.5.2
|
Version: 1.5.2
|
||||||
Release: 2%{?dist}
|
Release: 10%{?dist}
|
||||||
License: MIT and BSD and ISC and GPLv2+
|
License: MIT and BSD and ISC and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: https://github.com/cronie-crond/cronie
|
URL: https://github.com/cronie-crond/cronie
|
||||||
@ -38,9 +38,24 @@ Requires(post): systemd
|
|||||||
|
|
||||||
# Some parts of code could result in a memory leak.
|
# Some parts of code could result in a memory leak.
|
||||||
Patch0: fix-memory-leaks.patch
|
Patch0: fix-memory-leaks.patch
|
||||||
|
|
||||||
# Some parts of code could result in undefined behavior.
|
# Some parts of code could result in undefined behavior.
|
||||||
Patch1: fix-unsafe-code.patch
|
Patch1: fix-unsafe-code.patch
|
||||||
|
# Use correct selinux role
|
||||||
|
Patch2: cronie-1.5.2-context-role.patch
|
||||||
|
# Make systemd restart crond when it fails.
|
||||||
|
Patch3: cronie-1.5.2-restart-on-failure.patch
|
||||||
|
# Revert "Avoid creating pid files when crond doesn't fork"
|
||||||
|
Patch4: cronie-1.5.2-create-pid-files.patch
|
||||||
|
# Use system-auth in PAM (rhbz#2005526)
|
||||||
|
Patch5: cronie-1.5.2-use-pam-system-auth.patch
|
||||||
|
# Add support for "~" ("random within range") + regression fixing patches (rhbz#1832510)
|
||||||
|
Patch6: 0001-Add-random-within-range-operator.patch
|
||||||
|
Patch7: 0002-get_number-Add-missing-NUL-termination-for-the-scann.patch
|
||||||
|
Patch8: 0003-Fix-regression-in-handling-x-crontab-entries.patch
|
||||||
|
Patch9: 0004-Fix-regression-in-handling-1-5-crontab-entries.patch
|
||||||
|
# Optimization to close fds from /proc/self/fd in case of high nofile limit after fork
|
||||||
|
# https://github.com/cronie-crond/cronie/commit/e3682c7135b9176b60d226c60ee4e78cf1ab711b
|
||||||
|
Patch10: optimization_to_close_fds.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Cronie contains the standard UNIX daemon crond that runs specified programs at
|
Cronie contains the standard UNIX daemon crond that runs specified programs at
|
||||||
@ -85,6 +100,15 @@ extra features.
|
|||||||
|
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
|
%patch10 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -194,7 +218,7 @@ exit 0
|
|||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/crond
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/crond
|
||||||
%endif
|
%endif
|
||||||
%config(noreplace) %{_sysconfdir}/sysconfig/crond
|
%config(noreplace) %{_sysconfdir}/sysconfig/crond
|
||||||
%config(noreplace) %{_sysconfdir}/cron.deny
|
%config(noreplace,missingok) %{_sysconfdir}/cron.deny
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly
|
||||||
%attr(0644,root,root) /lib/systemd/system/crond.service
|
%attr(0644,root,root) /lib/systemd/system/crond.service
|
||||||
|
|
||||||
@ -213,6 +237,37 @@ exit 0
|
|||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-10
|
||||||
|
- Bump release because of CI issues
|
||||||
|
- Related: RHEL-2609
|
||||||
|
|
||||||
|
* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-9
|
||||||
|
- Add `optimization_to_close_fds.patch`
|
||||||
|
- Resolves: RHEL-2609
|
||||||
|
|
||||||
|
* Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.2-8
|
||||||
|
- Set 'missingok' for /etc/cron.deny to not recreate it on update
|
||||||
|
|
||||||
|
* Mon May 02 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-7
|
||||||
|
- Add support for "~" ("random within range")
|
||||||
|
Resolves: rhbz#1832510
|
||||||
|
|
||||||
|
* Mon Sep 20 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-6
|
||||||
|
- Use system-auth for PAM authentication
|
||||||
|
Resolves: rhbz#2005526
|
||||||
|
|
||||||
|
* Fri Sep 03 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-5
|
||||||
|
- Create PID files even when crond does not fork
|
||||||
|
Resolves: rhbz#1926300
|
||||||
|
|
||||||
|
* Wed Jun 12 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-4
|
||||||
|
- Make crond restart on failure
|
||||||
|
- Resolves: rhbz#1715137
|
||||||
|
|
||||||
|
* Mon May 20 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-3
|
||||||
|
- use role from the current context for system crontabs
|
||||||
|
- Resolves: rhbz#1708557
|
||||||
|
|
||||||
* Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2
|
* Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2
|
||||||
- Covscan issues review
|
- Covscan issues review
|
||||||
- Fix potential memory leaks
|
- Fix potential memory leaks
|
||||||
@ -409,7 +464,7 @@ exit 0
|
|||||||
- update to 1.4.6
|
- update to 1.4.6
|
||||||
|
|
||||||
* Fri Aug 13 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-4
|
* Fri Aug 13 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-4
|
||||||
- 623908 fix fd leak in anacron, which caused denail of prelink
|
- 623908 fix fd leak in anacron, which caused denail of prelink
|
||||||
and others
|
and others
|
||||||
|
|
||||||
* Mon Aug 9 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-2
|
* Mon Aug 9 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-2
|
||||||
@ -485,7 +540,7 @@ exit 0
|
|||||||
- add sendmail file into requirement, cause it's needed some MTA
|
- add sendmail file into requirement, cause it's needed some MTA
|
||||||
|
|
||||||
* Thu Sep 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-2
|
* Thu Sep 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-2
|
||||||
- 462252 /etc/sysconfig/crond does not need to be executable
|
- 462252 /etc/sysconfig/crond does not need to be executable
|
||||||
|
|
||||||
* Thu Jun 26 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-1
|
* Thu Jun 26 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-1
|
||||||
- update to 1.2
|
- update to 1.2
|
||||||
@ -512,7 +567,7 @@ exit 0
|
|||||||
- 431366 after reboot wasn't cron in chkconfig
|
- 431366 after reboot wasn't cron in chkconfig
|
||||||
|
|
||||||
* Tue Feb 5 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-3
|
* Tue Feb 5 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-3
|
||||||
- 431366 trigger part => after update from vixie-cron on cronie will
|
- 431366 trigger part => after update from vixie-cron on cronie will
|
||||||
be daemon running.
|
be daemon running.
|
||||||
|
|
||||||
* Wed Jan 30 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-2
|
* Wed Jan 30 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-2
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier1.functional}
|
40
optimization_to_close_fds.patch
Normal file
40
optimization_to_close_fds.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
--- ./src/do_command.c 2023-09-07 09:40:32.016272074 +0200
|
||||||
|
+++ ./src/do_command.c 2023-09-07 09:43:04.938995232 +0200
|
||||||
|
@@ -30,6 +30,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
+#include <dirent.h>
|
||||||
|
|
||||||
|
#include "externs.h"
|
||||||
|
#include "funcs.h"
|
||||||
|
@@ -239,10 +240,26 @@
|
||||||
|
{
|
||||||
|
char *shell = env_get("SHELL", jobenv);
|
||||||
|
int fd, fdmax = getdtablesize();
|
||||||
|
+ DIR *dir;
|
||||||
|
+ struct dirent *dent;
|
||||||
|
|
||||||
|
- /* close all unwanted open file descriptors */
|
||||||
|
- for(fd = STDERR + 1; fd < fdmax; fd++) {
|
||||||
|
- close(fd);
|
||||||
|
+ /*
|
||||||
|
+ * if /proc is mounted, we can optimize what fd can be closed,
|
||||||
|
+ * but if it isn't available, fall back to the previous behavior.
|
||||||
|
+ */
|
||||||
|
+ if ((dir = opendir("/proc/self/fd")) != NULL) {
|
||||||
|
+ while ((dent = readdir(dir)) != NULL) {
|
||||||
|
+ if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, ".."))
|
||||||
|
+ continue;
|
||||||
|
+ fd = atoi(dent->d_name);
|
||||||
|
+ if (fd > STDERR_FILENO)
|
||||||
|
+ close(fd);
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ /* close all unwanted open file descriptors */
|
||||||
|
+ for(fd = STDERR + 1; fd < fdmax; fd++) {
|
||||||
|
+ close(fd);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
#if DEBUGGING
|
Loading…
Reference in New Issue
Block a user