- Filesystem: fail when incorrect device mounted on mountpoint, and

dont unmount the mountpoint in this case, or if mountpoint set to "/"
- Filesystem: fail when leading or trailing whitespace is present in
  device or directory parameters

  Resolves: RHEL-34777
  Resolves: RHEL-24683
This commit is contained in:
Oyvind Albrigtsen 2024-05-15 13:23:00 +02:00
parent 3f75ae3958
commit 8ce4febb55
3 changed files with 164 additions and 1 deletions

View File

@ -0,0 +1,40 @@
From 264e38e02cb4c04877e412bac254e42c7f6b2e1c Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 20 Feb 2024 12:34:42 +0100
Subject: [PATCH] Filesystem: fail when leading or trailing whitespace is
present in device or directory parameters
---
heartbeat/Filesystem | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index e1378f781..f88e3b552 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -995,6 +995,12 @@ if [ -n "${OCF_RESKEY_force_unmount}" ]; then
fi
DEVICE="$OCF_RESKEY_device"
+case "$DEVICE" in
+ [[:space:]]*|*[[:space:]])
+ ocf_exit_reason "device parameter does not accept leading or trailing whitespace characters"
+ exit $OCF_ERR_CONFIGURED
+ ;;
+esac
FSTYPE=$OCF_RESKEY_fstype
if [ ! -z "$OCF_RESKEY_options" ]; then
options="-o $OCF_RESKEY_options"
@@ -1032,6 +1038,12 @@ if [ -z "$OCF_RESKEY_directory" ]; then
else
MOUNTPOINT="$(echo "$OCF_RESKEY_directory" | sed 's/\/*$//')"
: ${MOUNTPOINT:=/}
+ case "$MOUNTPOINT" in
+ [[:space:]]*|*[[:space:]])
+ ocf_exit_reason "directory parameter does not accept leading or trailing whitespace characters"
+ exit $OCF_ERR_CONFIGURED
+ ;;
+ esac
if [ -e "$MOUNTPOINT" ] ; then
CANONICALIZED_MOUNTPOINT="$(readlink -f "$MOUNTPOINT")"
if [ $? -ne 0 ]; then

View File

@ -0,0 +1,110 @@
From 66a5308d2e8f61093716a076f4386416dc18045c Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 22 Apr 2024 11:26:09 +0200
Subject: [PATCH] Filesystem: fail when incorrect device mounted on mountpoint,
and dont unmount the mountpoint in this case, or if mountpoint set to "/"
---
heartbeat/Filesystem | 71 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 58 insertions(+), 13 deletions(-)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index e1378f781..cec71f1a6 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -582,10 +582,16 @@ Filesystem_start()
fi
# See if the device is already mounted.
- if Filesystem_status >/dev/null 2>&1 ; then
- ocf_log info "Filesystem $MOUNTPOINT is already mounted."
- return $OCF_SUCCESS
- fi
+ Filesystem_status
+ case "$?" in
+ $OCF_SUCCESS)
+ ocf_log info "Filesystem $MOUNTPOINT is already mounted."
+ return $OCF_SUCCESS
+ ;;
+ $OCF_ERR_CONFIGURED)
+ return $OCF_ERR_CONFIGURED
+ ;;
+ esac
fstype_supported || exit $OCF_ERR_INSTALLED
@@ -801,10 +807,42 @@ Filesystem_stop()
#
Filesystem_status()
{
- match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}"
- if list_mounts | grep "$match_string" >/dev/null 2>&1; then
- rc=$OCF_SUCCESS
- msg="$MOUNTPOINT is mounted (running)"
+ local match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}"
+ local mounted_device=$(list_mounts | grep "$match_string" | awk '{print $1}')
+
+ if [ -n "$mounted_device" ]; then
+ if [ "X$blockdevice" = "Xyes" ]; then
+ if [ -e "$DEVICE" ] ; then
+ local canonicalized_device="$(readlink -f "$DEVICE")"
+ if [ $? -ne 0 ]; then
+ ocf_exit_reason "Could not canonicalize $DEVICE because readlink failed"
+ exit $OCF_ERR_GENERIC
+ fi
+ else
+ local canonicalized_device="$DEVICE"
+ fi
+ if [ -e "$mounted_device" ] ; then
+ local canonicalized_mounted_device="$(readlink -f "$mounted_device")"
+ if [ $? -ne 0 ]; then
+ ocf_exit_reason "Could not canonicalize $mounted_device because readlink failed"
+ exit $OCF_ERR_GENERIC
+ fi
+ else
+ local canonicalized_mounted_device="$mounted_device"
+ fi
+ if [ "$canonicalized_device" != "$canonicalized_mounted_device" ]; then
+ if ocf_is_probe || [ "$__OCF_ACTION" = "stop" ]; then
+ ocf_log debug "Another device ($mounted_device) is already mounted on $MOUNTPOINT"
+ rc=$OCF_NOT_RUNNING
+ else
+ ocf_exit_reason "Another device ($mounted_device) is already mounted on $MOUNTPOINT"
+ rc=$OCF_ERR_CONFIGURED
+ fi
+ fi
+ else
+ rc=$OCF_SUCCESS
+ msg="$MOUNTPOINT is mounted (running)"
+ fi
else
rc=$OCF_NOT_RUNNING
msg="$MOUNTPOINT is unmounted (stopped)"
@@ -1041,9 +1079,18 @@ else
else
CANONICALIZED_MOUNTPOINT="$MOUNTPOINT"
fi
- # At this stage, $MOUNTPOINT does not contain trailing "/" unless it is "/"
- # TODO: / mounted via Filesystem sounds dangerous. On stop, we'll
- # kill the whole system. Is that a good idea?
+
+ if echo "$CANONICALIZED_MOUNTPOINT" | grep -q "^\s*/\s*$"; then
+ if ocf_is_probe; then
+ ocf_log debug "/ cannot be managed in a cluster"
+ exit $OCF_NOT_RUNNING
+ elif [ "$__OCF_ACTION" = "start" ] || [ "$__OCF_ACTION" = "monitor" ] || [ "$__OCF_ACTION" = "status" ]; then
+ ocf_exit_reason "/ cannot be managed in a cluster"
+ exit $OCF_ERR_CONFIGURED
+ elif [ "$__OCF_ACTION" = "stop" ]; then
+ exit $OCF_SUCCESS
+ fi
+ fi
fi
# Check to make sure the utilites are found
@@ -1124,5 +1171,3 @@ case $OP in
;;
esac
exit $?
-
-

View File

@ -45,7 +45,7 @@
Name: resource-agents Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 4.10.0 Version: 4.10.0
Release: 56%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} Release: 57%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: https://github.com/ClusterLabs/resource-agents URL: https://github.com/ClusterLabs/resource-agents
Source0: %{upstream_prefix}-%{upstream_version}.tar.gz Source0: %{upstream_prefix}-%{upstream_version}.tar.gz
@ -121,6 +121,8 @@ Patch68: RHEL-17072-2-storage_mon-use-memset-to-fix-covscan-error.patch
Patch69: RHEL-15304-2-findif.sh-dont-use-table-parameter.patch Patch69: RHEL-15304-2-findif.sh-dont-use-table-parameter.patch
Patch70: RHEL-31763-galera-fix-joiner-promotion-fails-issue.patch Patch70: RHEL-31763-galera-fix-joiner-promotion-fails-issue.patch
Patch71: RHEL-16246-aws-agents-use-curl_retry.patch Patch71: RHEL-16246-aws-agents-use-curl_retry.patch
Patch72: RHEL-34777-Filesystem-fail-when-incorrect-device-mounted.patch
Patch73: RHEL-24683-Filesystem-fail-leading-trailing-whitespace.patch
# bundled ha-cloud-support libs # bundled ha-cloud-support libs
Patch500: ha-cloud-support-aws.patch Patch500: ha-cloud-support-aws.patch
@ -316,6 +318,8 @@ exit 1
%patch -p1 -P 69 %patch -p1 -P 69
%patch -p1 -P 70 %patch -p1 -P 70
%patch -p1 -P 71 %patch -p1 -P 71
%patch -p1 -P 72
%patch -p1 -P 73
# bundled ha-cloud-support libs # bundled ha-cloud-support libs
%patch -p1 -P 500 %patch -p1 -P 500
@ -637,6 +641,15 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
%changelog %changelog
* Wed May 15 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-57
- Filesystem: fail when incorrect device mounted on mountpoint, and
dont unmount the mountpoint in this case, or if mountpoint set to "/"
- Filesystem: fail when leading or trailing whitespace is present in
device or directory parameters
Resolves: RHEL-34777
Resolves: RHEL-24683
* Tue Apr 30 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-56 * Tue Apr 30 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-56
- AWS agents: retry failed metadata requests to avoid instantly - AWS agents: retry failed metadata requests to avoid instantly
failing when there is a hiccup in the network or metadata service failing when there is a hiccup in the network or metadata service