From 9eae4d261fa3cb1439860f4c86dbe8a911138d36 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 16 Feb 2023 12:24:19 -0500 Subject: [PATCH] Cherry pick https://github.com/coreos/rpm-ostree/pull/4308/commits/476afb1d08513cb74cd1d28490c5e028c70f67c2 --- ...a-socket-in-run-require-non-abstract.patch | 107 ++++++++++++++++++ rpm-ostree.spec | 8 +- 2 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 0001-daemon-Use-a-socket-in-run-require-non-abstract.patch diff --git a/0001-daemon-Use-a-socket-in-run-require-non-abstract.patch b/0001-daemon-Use-a-socket-in-run-require-non-abstract.patch new file mode 100644 index 0000000..966be71 --- /dev/null +++ b/0001-daemon-Use-a-socket-in-run-require-non-abstract.patch @@ -0,0 +1,107 @@ +From 476afb1d08513cb74cd1d28490c5e028c70f67c2 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Wed, 15 Feb 2023 11:44:18 -0500 +Subject: [PATCH] daemon: Use a socket in `/run`, require non-abstract + +This fixes https://bugzilla.redhat.com/show_bug.cgi?id=2169622 + +The new glib changed to use non-abstract sockets by default, +which broke us because we'd slowly grown more isolation, specifically +the daemon has been using `PrivateTmp` for a while and we'd +been relying on abstract sockets to pierce that. + +Change to use `/run` which should always be shared by client +and daemon. While we're here, make it a well-known static path +because there can be only one transaction at a time. + +We also do need to explicitly make the socket world-accessible +because that was the semantics of the previous abstract socket. + +Also, plug leaks here by ensuring we call `g_dbus_server_stop()`. + +(But really we should also change this to be crash safe, probably + with a temporary directory, but that's a larger change) +--- + src/daemon/rpmostreed-transaction.cxx | 26 ++++++++++++++++++++++---- + tests/vmcheck/test-cached-rpm-diffs.sh | 3 ++- + 2 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/src/daemon/rpmostreed-transaction.cxx b/src/daemon/rpmostreed-transaction.cxx +index 6d184f9c..f50db494 100644 +--- a/src/daemon/rpmostreed-transaction.cxx ++++ b/src/daemon/rpmostreed-transaction.cxx +@@ -31,6 +31,10 @@ + #include "rpmostreed-sysroot.h" + #include "rpmostreed-transaction.h" + ++// The well-known transaction socket path. This used to be randomly ++// generated, but there's no point because there can be at most one transaction. ++#define CLIENT_TRANSACTION_PATH "/run/rpm-ostree-transaction.sock" ++ + struct _RpmostreedTransactionPrivate + { + GDBusMethodInvocation *invocation; +@@ -482,6 +486,10 @@ transaction_dispose (GObject *object) + g_clear_object (&priv->invocation); + g_clear_object (&priv->cancellable); + g_clear_object (&priv->sysroot); ++ if (priv->server) ++ { ++ g_dbus_server_stop (priv->server); ++ } + g_clear_object (&priv->server); + g_clear_pointer (&priv->sysroot_path, g_free); + +@@ -578,14 +586,24 @@ transaction_initable_init (GInitable *initable, GCancellable *cancellable, GErro + priv->cancellable = (GCancellable *)g_object_ref (cancellable); + + /* Set up a private D-Bus server over which to emit +- * progress and informational messages to the caller. */ +- ++ * progress and informational messages to the caller. ++ * The socket needs to be non-abstract (for security reasons so it can't ++ * be accessed outside of our namespace) ++ * and it needs to be in `/run` so that it can be found by the client; ++ * the default daemon sandboxing uses PrivateTmp= implicitly. ++ */ + g_autofree char *guid = g_dbus_generate_guid (); +- priv->server = g_dbus_server_new_sync ("unix:tmpdir=/tmp/rpm-ostree", G_DBUS_SERVER_FLAGS_NONE, +- guid, NULL, cancellable, error); ++ if (unlink (CLIENT_TRANSACTION_PATH) < 0 && errno != ENOENT) ++ return glnx_throw_errno_prefix (error, "Failed to unlink %s", CLIENT_TRANSACTION_PATH); ++ g_autofree char *addr = g_strdup_printf ("unix:path=%s", CLIENT_TRANSACTION_PATH); ++ priv->server ++ = g_dbus_server_new_sync (addr, G_DBUS_SERVER_FLAGS_NONE, guid, NULL, cancellable, error); + if (priv->server == NULL) + return FALSE; + ++ if (chmod (CLIENT_TRANSACTION_PATH, 0666) < 0) ++ return glnx_throw_errno_prefix (error, "Failed to chmod %s", CLIENT_TRANSACTION_PATH); ++ + g_signal_connect_object (priv->server, "new-connection", + G_CALLBACK (transaction_new_connection_cb), self, + static_cast (0)); +diff --git a/tests/vmcheck/test-cached-rpm-diffs.sh b/tests/vmcheck/test-cached-rpm-diffs.sh +index 05c0f3f0..55ab2424 100755 +--- a/tests/vmcheck/test-cached-rpm-diffs.sh ++++ b/tests/vmcheck/test-cached-rpm-diffs.sh +@@ -68,7 +68,7 @@ run_transaction() { + sig=$1; shift + args=$1; shift + cur=$(vm_get_journal_cursor) +- vm_run_container --privileged -i -v /var/run/dbus:/var/run/dbus --net=host -- \ ++ vm_run_container --privileged -i -v /run:/run/host/run -v /var/run/dbus:/var/run/dbus --net=host -- \ + /bin/bash << EOF + set -xeuo pipefail + dnf install -y python3-dbus +@@ -77,6 +77,7 @@ import dbus + addr = dbus.SystemBus().call_blocking( + "org.projectatomic.rpmostree1", "$ospath", "org.projectatomic.rpmostree1.OS", + "$method", "$sig", ($args)) ++addr = addr.replace("/run/", "/run/host/run/") + t = dbus.connection.Connection(addr) + t.call_blocking( + "org.projectatomic.rpmostree1", "/", +-- +2.39.0 + diff --git a/rpm-ostree.spec b/rpm-ostree.spec index d6325d4..acca5c5 100644 --- a/rpm-ostree.spec +++ b/rpm-ostree.spec @@ -4,13 +4,15 @@ Summary: Hybrid image/package system Name: rpm-ostree Version: 2023.1 -Release: 3%{?dist} +Release: 4%{?dist} License: LGPLv2+ URL: https://github.com/coreos/rpm-ostree # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # in the upstream git. It also contains vendored Rust sources. Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz +Patch0: 0001-daemon-Use-a-socket-in-run-require-non-abstract.patch + ExclusiveArch: %{rust_arches} BuildRequires: make @@ -241,6 +243,10 @@ $PYTHON autofiles.py > files.devel \ %files devel -f files.devel %changelog +* Thu Feb 16 2023 Colin Walters - 2023.1-4 +- Cherry pick + https://github.com/coreos/rpm-ostree/pull/4308/commits/476afb1d08513cb74cd1d28490c5e028c70f67c2 + * Sun Feb 05 2023 Fabio Valentini - 2023.1-3 - Rebuild for fixed frame pointer compiler flags in Rust RPM macros.