diff --git a/RHEL-24683-Filesystem-fail-leading-trailing-whitespace.patch b/RHEL-24683-Filesystem-fail-leading-trailing-whitespace.patch new file mode 100644 index 0000000..54ca1f6 --- /dev/null +++ b/RHEL-24683-Filesystem-fail-leading-trailing-whitespace.patch @@ -0,0 +1,40 @@ +From 264e38e02cb4c04877e412bac254e42c7f6b2e1c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 20 Feb 2024 12:34:42 +0100 +Subject: [PATCH] Filesystem: fail when leading or trailing whitespace is + present in device or directory parameters + +--- + heartbeat/Filesystem | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index e1378f781..f88e3b552 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -995,6 +995,12 @@ if [ -n "${OCF_RESKEY_force_unmount}" ]; then + fi + + DEVICE="$OCF_RESKEY_device" ++case "$DEVICE" in ++ [[:space:]]*|*[[:space:]]) ++ ocf_exit_reason "device parameter does not accept leading or trailing whitespace characters" ++ exit $OCF_ERR_CONFIGURED ++ ;; ++esac + FSTYPE=$OCF_RESKEY_fstype + if [ ! -z "$OCF_RESKEY_options" ]; then + options="-o $OCF_RESKEY_options" +@@ -1032,6 +1038,12 @@ if [ -z "$OCF_RESKEY_directory" ]; then + else + MOUNTPOINT="$(echo "$OCF_RESKEY_directory" | sed 's/\/*$//')" + : ${MOUNTPOINT:=/} ++ case "$MOUNTPOINT" in ++ [[:space:]]*|*[[:space:]]) ++ ocf_exit_reason "directory parameter does not accept leading or trailing whitespace characters" ++ exit $OCF_ERR_CONFIGURED ++ ;; ++ esac + if [ -e "$MOUNTPOINT" ] ; then + CANONICALIZED_MOUNTPOINT="$(readlink -f "$MOUNTPOINT")" + if [ $? -ne 0 ]; then diff --git a/RHEL-34777-Filesystem-fail-when-incorrect-device-mounted.patch b/RHEL-34777-Filesystem-fail-when-incorrect-device-mounted.patch new file mode 100644 index 0000000..5f54e66 --- /dev/null +++ b/RHEL-34777-Filesystem-fail-when-incorrect-device-mounted.patch @@ -0,0 +1,110 @@ +From 66a5308d2e8f61093716a076f4386416dc18045c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 22 Apr 2024 11:26:09 +0200 +Subject: [PATCH] Filesystem: fail when incorrect device mounted on mountpoint, + and dont unmount the mountpoint in this case, or if mountpoint set to "/" + +--- + heartbeat/Filesystem | 71 ++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 58 insertions(+), 13 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index e1378f781..cec71f1a6 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -582,10 +582,16 @@ Filesystem_start() + fi + + # See if the device is already mounted. +- if Filesystem_status >/dev/null 2>&1 ; then +- ocf_log info "Filesystem $MOUNTPOINT is already mounted." +- return $OCF_SUCCESS +- fi ++ Filesystem_status ++ case "$?" in ++ $OCF_SUCCESS) ++ ocf_log info "Filesystem $MOUNTPOINT is already mounted." ++ return $OCF_SUCCESS ++ ;; ++ $OCF_ERR_CONFIGURED) ++ return $OCF_ERR_CONFIGURED ++ ;; ++ esac + + fstype_supported || exit $OCF_ERR_INSTALLED + +@@ -801,10 +807,42 @@ Filesystem_stop() + # + Filesystem_status() + { +- match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}" +- if list_mounts | grep "$match_string" >/dev/null 2>&1; then +- rc=$OCF_SUCCESS +- msg="$MOUNTPOINT is mounted (running)" ++ local match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}" ++ local mounted_device=$(list_mounts | grep "$match_string" | awk '{print $1}') ++ ++ if [ -n "$mounted_device" ]; then ++ if [ "X$blockdevice" = "Xyes" ]; then ++ if [ -e "$DEVICE" ] ; then ++ local canonicalized_device="$(readlink -f "$DEVICE")" ++ if [ $? -ne 0 ]; then ++ ocf_exit_reason "Could not canonicalize $DEVICE because readlink failed" ++ exit $OCF_ERR_GENERIC ++ fi ++ else ++ local canonicalized_device="$DEVICE" ++ fi ++ if [ -e "$mounted_device" ] ; then ++ local canonicalized_mounted_device="$(readlink -f "$mounted_device")" ++ if [ $? -ne 0 ]; then ++ ocf_exit_reason "Could not canonicalize $mounted_device because readlink failed" ++ exit $OCF_ERR_GENERIC ++ fi ++ else ++ local canonicalized_mounted_device="$mounted_device" ++ fi ++ if [ "$canonicalized_device" != "$canonicalized_mounted_device" ]; then ++ if ocf_is_probe || [ "$__OCF_ACTION" = "stop" ]; then ++ ocf_log debug "Another device ($mounted_device) is already mounted on $MOUNTPOINT" ++ rc=$OCF_NOT_RUNNING ++ else ++ ocf_exit_reason "Another device ($mounted_device) is already mounted on $MOUNTPOINT" ++ rc=$OCF_ERR_CONFIGURED ++ fi ++ fi ++ else ++ rc=$OCF_SUCCESS ++ msg="$MOUNTPOINT is mounted (running)" ++ fi + else + rc=$OCF_NOT_RUNNING + msg="$MOUNTPOINT is unmounted (stopped)" +@@ -1041,9 +1079,18 @@ else + else + CANONICALIZED_MOUNTPOINT="$MOUNTPOINT" + fi +- # At this stage, $MOUNTPOINT does not contain trailing "/" unless it is "/" +- # TODO: / mounted via Filesystem sounds dangerous. On stop, we'll +- # kill the whole system. Is that a good idea? ++ ++ if echo "$CANONICALIZED_MOUNTPOINT" | grep -q "^\s*/\s*$"; then ++ if ocf_is_probe; then ++ ocf_log debug "/ cannot be managed in a cluster" ++ exit $OCF_NOT_RUNNING ++ elif [ "$__OCF_ACTION" = "start" ] || [ "$__OCF_ACTION" = "monitor" ] || [ "$__OCF_ACTION" = "status" ]; then ++ ocf_exit_reason "/ cannot be managed in a cluster" ++ exit $OCF_ERR_CONFIGURED ++ elif [ "$__OCF_ACTION" = "stop" ]; then ++ exit $OCF_SUCCESS ++ fi ++ fi + fi + + # Check to make sure the utilites are found +@@ -1124,5 +1171,3 @@ case $OP in + ;; + esac + exit $? +- +- diff --git a/resource-agents.spec b/resource-agents.spec index 42a088f..47c4b5b 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -45,7 +45,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.10.0 -Release: 56%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} +Release: 57%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents Source0: %{upstream_prefix}-%{upstream_version}.tar.gz @@ -121,6 +121,8 @@ Patch68: RHEL-17072-2-storage_mon-use-memset-to-fix-covscan-error.patch Patch69: RHEL-15304-2-findif.sh-dont-use-table-parameter.patch Patch70: RHEL-31763-galera-fix-joiner-promotion-fails-issue.patch Patch71: RHEL-16246-aws-agents-use-curl_retry.patch +Patch72: RHEL-34777-Filesystem-fail-when-incorrect-device-mounted.patch +Patch73: RHEL-24683-Filesystem-fail-leading-trailing-whitespace.patch # bundled ha-cloud-support libs Patch500: ha-cloud-support-aws.patch @@ -316,6 +318,8 @@ exit 1 %patch -p1 -P 69 %patch -p1 -P 70 %patch -p1 -P 71 +%patch -p1 -P 72 +%patch -p1 -P 73 # bundled ha-cloud-support libs %patch -p1 -P 500 @@ -637,6 +641,15 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm %changelog +* Wed May 15 2024 Oyvind Albrigtsen - 4.10.0-57 +- Filesystem: fail when incorrect device mounted on mountpoint, and + dont unmount the mountpoint in this case, or if mountpoint set to "/" +- Filesystem: fail when leading or trailing whitespace is present in + device or directory parameters + + Resolves: RHEL-34777 + Resolves: RHEL-24683 + * Tue Apr 30 2024 Oyvind Albrigtsen - 4.10.0-56 - AWS agents: retry failed metadata requests to avoid instantly failing when there is a hiccup in the network or metadata service