rpms/guestfs-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity
fd5529acfd
guestfs-tools/0008-get-kernel-sparsify-set-networking-for-key-ID-clevis.patch
Richard W.M. Jones fd5529acfd Add support for Clevis & Tang 
resolves: rhbz#1809453
Fix CVE-2022-2211 Denial of Service in --key parameter
resolves: rhbz#2102721
2022-07-01 16:49:13 +01:00

60 lines
2.1 KiB
Diff
Raw Blame History

From 77a10b30f6f6fdb1648b12f68147e6a894526802 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 28 Jun 2022 13:57:00 +0200
Subject: [PATCH] get-kernel, sparsify: set networking for "--key ID:clevis"
Call the OCaml-language helper "key_store_requires_network" in those OCaml
utilities that pass "~key_opts:true" to "create_standard_options", and do
not have any code related to networking yet.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220628115702.5584-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 4f66f0892e6fd75d10dcfa2f9e94b3e32bdb906e)
---
get-kernel/get_kernel.ml | 1 +
sparsify/copying.ml | 1 +
sparsify/in_place.ml | 1 +
3 files changed, 3 insertions(+)
diff --git a/get-kernel/get_kernel.ml b/get-kernel/get_kernel.ml
index e485cf495..9c2aa17c2 100644
--- a/get-kernel/get_kernel.ml
+++ b/get-kernel/get_kernel.ml
@@ -176,6 +176,7 @@ let main () =
(* Connect to libguestfs. *)
let g = open_guestfs () in
add g;
+ g#set_network (key_store_requires_network ks);
g#launch ();
(* Decrypt the disks. *)
diff --git a/sparsify/copying.ml b/sparsify/copying.ml
index 39d06c94c..21a603d63 100644
--- a/sparsify/copying.ml
+++ b/sparsify/copying.ml
@@ -187,6 +187,7 @@ You can ignore this warning or change it to a hard failure using the
let machine_readable = machine_readable () <> None in
Progress.set_up_progress_bar ~machine_readable g
);
+ g#set_network (key_store_requires_network ks);
g#launch ();
g in
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
index 00f0e0564..0eec63e6f 100644
--- a/sparsify/in_place.ml
+++ b/sparsify/in_place.ml
@@ -58,6 +58,7 @@ let run disk format ignores zeroes ks =
let machine_readable = machine_readable () <> None in
Progress.set_up_progress_bar ~machine_readable g
);
+ g#set_network (key_store_requires_network ks);
g#launch ();
(* If discard is not supported in the appliance, we must return exit
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink