Make fill_process_comm() open comm file as READ_ONLY
Resolves: RHEL-25846 Signed-off-by: John Kacur <jkacur@redhat.com>
This commit is contained in:
parent
708c5d7aec
commit
55e11a500f
34
Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch
Normal file
34
Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From f9c0ade7cd9a514d4ca6f81f797284e11c56b31a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris White <chwhite@redhat.com>
|
||||||
|
Date: Wed, 21 Feb 2024 15:22:44 -0500
|
||||||
|
Subject: [PATCH] Make fill_process_comm() open comm file as READ_ONLY
|
||||||
|
|
||||||
|
The fill_process_comm() opens the comm file using O_RDWR. The
|
||||||
|
function itself does not perform a write operation on the file,
|
||||||
|
and opening this in read and write mode can cause selinux policy
|
||||||
|
violations where opening the file with write permission is
|
||||||
|
restricted. Since the function itself only needs to read from this
|
||||||
|
fd, changing this to READ_ONLY (O_RDONLY)
|
||||||
|
|
||||||
|
Signed-off-by: Chris White <chwhite@redhat.com>
|
||||||
|
Signed-off-by: John Kacur <jkacur@redhat.com>
|
||||||
|
---
|
||||||
|
src/utils.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/utils.c b/src/utils.c
|
||||||
|
index f6feca7040d8..898f4a5d06a7 100644
|
||||||
|
--- a/src/utils.c
|
||||||
|
+++ b/src/utils.c
|
||||||
|
@@ -55,7 +55,7 @@ int fill_process_comm(int tgid, int pid, char *comm, int comm_size)
|
||||||
|
if (retval < 0)
|
||||||
|
goto out_error;
|
||||||
|
|
||||||
|
- fd = open(path, O_RDWR);
|
||||||
|
+ fd = open(path, O_RDONLY);
|
||||||
|
if (fd < 0) {
|
||||||
|
log_msg("failed to open comm file at %s\n", path);
|
||||||
|
goto out_error;
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
11
stalld.spec
11
stalld.spec
@ -1,6 +1,6 @@
|
|||||||
Name: stalld
|
Name: stalld
|
||||||
Version: 1.19.1
|
Version: 1.19.1
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: Daemon that finds starving tasks and gives them a temporary boost
|
Summary: Daemon that finds starving tasks and gives them a temporary boost
|
||||||
|
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
@ -22,6 +22,9 @@ BuildRequires: libbpf-devel
|
|||||||
Requires: libbpf
|
Requires: libbpf
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Patches
|
||||||
|
Patch1: Make-fill_process_comm-open-comm-file-as-READ_ONLY.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The stalld program monitors the set of system threads,
|
The stalld program monitors the set of system threads,
|
||||||
looking for threads that are ready-to-run but have not
|
looking for threads that are ready-to-run but have not
|
||||||
@ -31,7 +34,7 @@ boost using the SCHED_DEADLINE policy. The default is to
|
|||||||
allow 10 microseconds of runtime for 1 second of clock time.
|
allow 10 microseconds of runtime for 1 second of clock time.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup
|
%autosetup -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%make_build CFLAGS="%{optflags} %{build_cflags} -DVERSION="\\\"%{version}\\\""" LDFLAGS="%{build_ldflags}"
|
%make_build CFLAGS="%{optflags} %{build_cflags} -DVERSION="\\\"%{version}\\\""" LDFLAGS="%{build_ldflags}"
|
||||||
@ -59,6 +62,10 @@ allow 10 microseconds of runtime for 1 second of clock time.
|
|||||||
%systemd_postun_with_restart %{name}.service
|
%systemd_postun_with_restart %{name}.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 21 2024 John Kacur <jkacur@redhat.com> - 1.19.1-2
|
||||||
|
- Make fill_process_comm() open comm file as READ_ONLY
|
||||||
|
Resolves: RHEL-25846
|
||||||
|
|
||||||
* Fri Feb 09 2024 John Kacur <jkacur@redhat.com> - 1.19.1-1
|
* Fri Feb 09 2024 John Kacur <jkacur@redhat.com> - 1.19.1-1
|
||||||
- Rebase to upstream stalld-1.19.1
|
- Rebase to upstream stalld-1.19.1
|
||||||
Resolves: RHEL-7865
|
Resolves: RHEL-7865
|
||||||
|
Loading…
Reference in New Issue
Block a user