rpms/open-vm-tools
6
0
Fork 1
Code Issues Pull Requests Releases Activity
c10s
open-vm-tools/ovt-Handle-new-cloud-init-error-code-and-status.patch
Miroslav Rezanina 81173af145 * Mon Oct 06 2025 Miroslav Rezanina <mrezanin@redhat.com> - 13.0.0-2 
- ovt-Handle-new-cloud-init-error-code-and-status.patch [RHEL-99781]
- ovt-Address-CVE-2025-41244.patch [RHEL-117382]
- Resolves: RHEL-99781
  (Cloud-init receives TERM signal from PID 1 in the middle of running user data [rhel-10])
- Resolves: RHEL-117382
  ([CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [rhel-10.2])
2025-10-06 10:22:11 +02:00

75 lines
3.3 KiB
Diff
Raw Permalink Blame History

From 6c4130754b183c929b5092bab516c6391974ddcb Mon Sep 17 00:00:00 2001
From: Pengpeng Sun <pengpeng.sun@broadcom.com>
Date: Wed, 27 Aug 2025 14:19:58 +0800
Subject: [PATCH 1/2] Handle new cloud-init error code and status
RH-Author: Ani Sinha <anisinha@redhat.com>
RH-MergeRequest: 12: Handle new cloud-init error code and status
RH-Jira: RHEL-99781
RH-Acked-by: xiachen <xiachen@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] 40a705507363b9e508fcc50250d51c8eca7e81a3 (anisinha/centos-open-vm-tools)
- A new error code [1] was introduced in cloud-init v23.4, RedHat team reported
that our OVT code shall handle this new error code properly, see
https://github.com/vmware/open-vm-tools/issues/768.
This change follows the backwards-compatible way in
https://cloudinit.readthedocs.io/en/latest/explanation/return_codes.html
to check that the return code is not equal to 1.
- Running status has been changed from "not run" to "not started" in
cloud-init v24.1, see details in
https://github.com/canonical/cloud-init/commit/d175170aedc1398b85ac767573b8773a5a2e7c6f.
This change adds "not started" match to CLOUDINIT_STATUS_NOT_RUN.
This patch was sent by John Wolfe over email and has been pushed upstream here:
https://github.com/vmware/open-vm-tools/blob/Handle-new-cloud-init-error-code.patch/
Addresses open-vm-tools issue https://github.com/vmware/open-vm-tools/issues/768
This change has been tested internally by Amy Chen and is seen to fix the
original issue.
1. https://cloudinit.readthedocs.io/en/latest/explanation/failure_states.html#error-codes
Signed-off-by: Ani Sinha <anisinha@redhat.com>
---
open-vm-tools/libDeployPkg/linuxDeployment.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/open-vm-tools/libDeployPkg/linuxDeployment.c b/open-vm-tools/libDeployPkg/linuxDeployment.c
index 44cac8ef..82e83957 100644
--- a/open-vm-tools/libDeployPkg/linuxDeployment.c
+++ b/open-vm-tools/libDeployPkg/linuxDeployment.c
@@ -1313,6 +1313,7 @@ static CLOUDINIT_STATUS_CODE
GetCloudinitStatus() {
// Cloud-init execution status messages
static const char* NOT_RUN = "not run";
+ static const char* NOT_STARTED = "not started";
static const char* RUNNING = "running";
static const char* DONE = "done";
static const char* ERROR = "error";
@@ -1326,13 +1327,16 @@ GetCloudinitStatus() {
false,
cloudinitStatusCmdOutput,
MAX_LENGTH_CLOUDINIT_STATUS);
- if (forkExecResult != 0) {
- sLog(log_info, "Unable to get cloud-init status.");
- return CLOUDINIT_STATUS_UNKNOWN;
+ if (forkExecResult == 1) {
+ sLog(log_info, "Cloud-init experienced unrecoverable error.");
+ return CLOUDINIT_STATUS_ERROR;
} else {
if (strstr(cloudinitStatusCmdOutput, NOT_RUN) != NULL) {
sLog(log_info, "Cloud-init status is '%s'.", NOT_RUN);
return CLOUDINIT_STATUS_NOT_RUN;
+ } else if (strstr(cloudinitStatusCmdOutput, NOT_STARTED) != NULL) {
+ sLog(log_info, "Cloud-init status is '%s'.", NOT_STARTED);
+ return CLOUDINIT_STATUS_NOT_RUN;
} else if (strstr(cloudinitStatusCmdOutput, RUNNING) != NULL) {
sLog(log_info, "Cloud-init status is '%s'.", RUNNING);
return CLOUDINIT_STATUS_RUNNING;
--
2.47.3
Reference in New Issue View Git Blame Copy Permalink