Auto sync2gitlab import of fence-virt-1.0.0-5.el8.src.rpm
This commit is contained in:
parent
7b00f7ea0e
commit
d6328de00d
118
bz2144530-fence_virtd-warn-files-not-mode-600.patch
Normal file
118
bz2144530-fence_virtd-warn-files-not-mode-600.patch
Normal file
@ -0,0 +1,118 @@
|
||||
diff --color -uNr a/config/Makefile.am b/config/Makefile.am
|
||||
--- a/config/Makefile.am 2019-11-20 14:13:42.000000000 +0100
|
||||
+++ b/config/Makefile.am 2022-11-22 10:12:51.764545658 +0100
|
||||
@@ -37,5 +37,8 @@
|
||||
config.c: y.tab.c config.l
|
||||
$(LEX) -oconfig.c $(srcdir)/config.l
|
||||
|
||||
+install-exec-hook:
|
||||
+ chmod 600 $(DESTDIR)$(sysconfdir)/fence_virt.conf
|
||||
+
|
||||
clean-local:
|
||||
rm -f config.tab.c config.tab.h config.c y.tab.c y.tab.h
|
||||
diff --color -uNr a/include/simpleconfig.h b/include/simpleconfig.h
|
||||
--- a/include/simpleconfig.h 2018-01-15 15:02:31.000000000 +0100
|
||||
+++ b/include/simpleconfig.h 2022-11-22 10:15:06.440335062 +0100
|
||||
@@ -49,4 +49,8 @@
|
||||
/* Frees a previously-allocated copy of our simple config object */
|
||||
void sc_release(config_object_t *c);
|
||||
|
||||
+int check_file_permissions(const char *fname);
|
||||
+
|
||||
+int do_configure(config_object_t *config, const char *filename);
|
||||
+
|
||||
#endif
|
||||
diff --color -uNr a/include/simpleconfig.h.rej b/include/simpleconfig.h.rej
|
||||
--- a/include/simpleconfig.h.rej 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ b/include/simpleconfig.h.rej 2022-11-22 10:12:51.764545658 +0100
|
||||
@@ -0,0 +1,11 @@
|
||||
+--- include/simpleconfig.h
|
||||
++++ include/simpleconfig.h
|
||||
+@@ -49,6 +49,8 @@ config_object_t *sc_init(void);
|
||||
+ /* Frees a previously-allocated copy of our simple config object */
|
||||
+ void sc_release(config_object_t *c);
|
||||
+
|
||||
++int check_file_permissions(const char *fname);
|
||||
++
|
||||
+ int do_configure(config_object_t *config, const char *filename);
|
||||
+
|
||||
+ #endif
|
||||
diff --color -uNr a/server/config.c b/server/config.c
|
||||
--- a/server/config.c 2019-11-20 14:13:42.000000000 +0100
|
||||
+++ b/server/config.c 2022-11-22 10:17:25.539150364 +0100
|
||||
@@ -11,6 +11,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <net/if.h>
|
||||
#include <arpa/inet.h>
|
||||
+#include <errno.h>
|
||||
|
||||
#include "simpleconfig.h"
|
||||
#include "static_map.h"
|
||||
@@ -590,6 +591,31 @@
|
||||
|
||||
|
||||
int
|
||||
+check_file_permissions(const char *fname)
|
||||
+{
|
||||
+ struct stat st;
|
||||
+ mode_t file_perms = 0600;
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = stat(fname, &st);
|
||||
+ if (ret != 0) {
|
||||
+ printf("stat failed on file '%s': %s\n",
|
||||
+ fname, strerror(errno));
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if ((st.st_mode & 0777) != file_perms) {
|
||||
+ printf("WARNING: invalid permissions on file "
|
||||
+ "'%s': has 0%o should be 0%o\n", fname,
|
||||
+ (unsigned int)(st.st_mode & 0777),
|
||||
+ (unsigned int)file_perms);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
do_configure(config_object_t *config, const char *config_file)
|
||||
{
|
||||
FILE *fp = NULL;
|
||||
diff --color -uNr a/server/main.c b/server/main.c
|
||||
--- a/server/main.c 2019-11-27 09:19:52.000000000 +0100
|
||||
+++ b/server/main.c 2022-11-22 10:19:06.647742990 +0100
|
||||
@@ -14,11 +14,12 @@
|
||||
/* Local includes */
|
||||
#include "simpleconfig.h"
|
||||
#include "static_map.h"
|
||||
+#include "xvm.h"
|
||||
#include "server_plugin.h"
|
||||
+#include "simple_auth.h"
|
||||
#include "debug.h"
|
||||
|
||||
/* configure.c */
|
||||
-int do_configure(config_object_t *config, const char *filename);
|
||||
int daemon_init(const char *prog, const char *pid_file, int nofork);
|
||||
int daemon_cleanup(void);
|
||||
|
||||
@@ -206,6 +207,18 @@
|
||||
snprintf(pid_file, PATH_MAX, "/var/run/%s.pid", basename(argv[0]));
|
||||
}
|
||||
|
||||
+ check_file_permissions(config_file);
|
||||
+
|
||||
+ sprintf(val, "listeners/%s/@key_file", listener_name);
|
||||
+ if (sc_get(config, val,
|
||||
+ val, sizeof(val)-1) == 0) {
|
||||
+ dbg_printf(1, "Got %s for key_file\n", val);
|
||||
+ } else {
|
||||
+ snprintf(val, sizeof(val), "%s", DEFAULT_KEY_FILE);
|
||||
+ }
|
||||
+
|
||||
+ check_file_permissions(val);
|
||||
+
|
||||
openlog(basename(argv[0]), LOG_NDELAY | LOG_PID, LOG_DAEMON);
|
||||
|
||||
daemon_init(basename(argv[0]), pid_file, foreground);
|
@ -13,7 +13,7 @@
|
||||
Name: fence-virt
|
||||
Summary: A pluggable fencing framework for virtual machines
|
||||
Version: 1.0.0
|
||||
Release: 4%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
|
||||
Release: 5%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
URL: https://github.com/ClusterLabs/fence-virt
|
||||
@ -21,6 +21,7 @@ Source0: %{name}-%{version}%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:
|
||||
Patch0: bz1927171-fence_xvm-fix-typo.patch
|
||||
Patch1: bz2132010-fence_virt-add-note-reboot-action.patch
|
||||
Patch2: bz2138825-fence_virtd-update-manpage.patch
|
||||
Patch3: bz2144530-fence_virtd-warn-files-not-mode-600.patch
|
||||
|
||||
%if 0%{?rhel}
|
||||
ExclusiveArch: i686 x86_64
|
||||
@ -53,6 +54,7 @@ Conflicts: fence-agents < 3.0.5-2
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
@ -181,6 +183,11 @@ are located on corosync cluster nodes.
|
||||
%{_libdir}/%{name}/cpg.so
|
||||
|
||||
%changelog
|
||||
* Tue Nov 22 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 1.0.0-5
|
||||
- fence_virtd: warn if config or key file(s) are not mode 600
|
||||
|
||||
Resolves: rhbz#bz2144530
|
||||
|
||||
* Mon Oct 31 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 1.0.0-4
|
||||
- fence_virtd: add link to uri examples and uri w/socket path
|
||||
example for when VMS are run as non-root user to manpage
|
||||
|
Loading…
Reference in New Issue
Block a user