From 47bff6c02ea3574420c8eace6266b6c3bce795d7 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 28 Mar 2024 11:52:02 +0000 Subject: [PATCH] import CS stalld-1.19.1-2.el9 --- .gitignore | 2 +- .stalld.metadata | 2 +- ...ess_comm-open-comm-file-as-READ_ONLY.patch | 34 +++++++++++++++++++ SPECS/stalld.spec | 27 ++++++++++++--- 4 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 SOURCES/Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch diff --git a/.gitignore b/.gitignore index 3542b24..ef9ab3c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/stalld-1.17.1.tar.bz2 +SOURCES/stalld-1.19.1.tar.bz2 diff --git a/.stalld.metadata b/.stalld.metadata index 1288e53..f09b2c5 100644 --- a/.stalld.metadata +++ b/.stalld.metadata @@ -1 +1 @@ -449566fc8c5f8568a92ed0a04d15c31d64878741 SOURCES/stalld-1.17.1.tar.bz2 +5830e75cdc32cf0953ce9f223c9074681211c0d8 SOURCES/stalld-1.19.1.tar.bz2 diff --git a/SOURCES/Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch b/SOURCES/Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch new file mode 100644 index 0000000..20817a3 --- /dev/null +++ b/SOURCES/Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch @@ -0,0 +1,34 @@ +From f9c0ade7cd9a514d4ca6f81f797284e11c56b31a Mon Sep 17 00:00:00 2001 +From: Chris White +Date: Wed, 21 Feb 2024 15:22:44 -0500 +Subject: [PATCH] Make fill_process_comm() open comm file as READ_ONLY + +The fill_process_comm() opens the comm file using O_RDWR. The +function itself does not perform a write operation on the file, +and opening this in read and write mode can cause selinux policy +violations where opening the file with write permission is +restricted. Since the function itself only needs to read from this +fd, changing this to READ_ONLY (O_RDONLY) + +Signed-off-by: Chris White +Signed-off-by: John Kacur +--- + src/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/utils.c b/src/utils.c +index f6feca7040d8..898f4a5d06a7 100644 +--- a/src/utils.c ++++ b/src/utils.c +@@ -55,7 +55,7 @@ int fill_process_comm(int tgid, int pid, char *comm, int comm_size) + if (retval < 0) + goto out_error; + +- fd = open(path, O_RDWR); ++ fd = open(path, O_RDONLY); + if (fd < 0) { + log_msg("failed to open comm file at %s\n", path); + goto out_error; +-- +2.43.0 + diff --git a/SPECS/stalld.spec b/SPECS/stalld.spec index b1a8186..b046e7e 100644 --- a/SPECS/stalld.spec +++ b/SPECS/stalld.spec @@ -1,6 +1,6 @@ Name: stalld -Version: 1.17.1 -Release: 1%{?dist} +Version: 1.19.1 +Release: 2%{?dist} Summary: Daemon that finds starving tasks and gives them a temporary boost License: GPLv2 @@ -14,6 +14,17 @@ BuildRequires: systemd-rpm-macros Requires: systemd +%ifnarch i686 +BuildRequires: bpftool +BuildRequires: clang +BuildRequires: libbpf-devel + +Requires: libbpf +%endif + +# Patches +Patch1: Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch + %description The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not @@ -23,14 +34,14 @@ boost using the SCHED_DEADLINE policy. The default is to allow 10 microseconds of runtime for 1 second of clock time. %prep -%autosetup +%autosetup -p1 %build %make_build CFLAGS="%{optflags} %{build_cflags} -DVERSION="\\\"%{version}\\\""" LDFLAGS="%{build_ldflags}" %install %make_install DOCDIR=%{_docdir} MANDIR=%{_mandir} BINDIR=%{_bindir} DATADIR=%{_datadir} VERSION=%{version} -%make_install -C redhat UNITDIR=%{_unitdir} +%make_install -C systemd UNITDIR=%{_unitdir} %files %{_bindir}/%{name} @@ -51,6 +62,14 @@ allow 10 microseconds of runtime for 1 second of clock time. %systemd_postun_with_restart %{name}.service %changelog +* Wed Feb 21 2024 John Kacur - 1.19.1-2 +- Make fill_process_comm() open comm file as READ_ONLY +Resolves: RHEL-25846 + +* Fri Feb 09 2024 John Kacur - 1.19.1-1 +- Rebase to upstream stalld-1.19.1 +Resolves: RHEL-7865 + * Tue Oct 18 2022 Leah Leshchinsky - 1.17.1-1 - stalld: Fix memory leak in print_boosted_info() - utils: Check if the system is in lockdown mode