diff --git a/0001-CVE-2024-52336-and-CVE-2024-52337-fixes.patch b/0001-CVE-2024-52336-and-CVE-2024-52337-fixes.patch deleted file mode 100644 index b10576f..0000000 --- a/0001-CVE-2024-52336-and-CVE-2024-52337-fixes.patch +++ /dev/null @@ -1,281 +0,0 @@ -From 83928aaa29ff281734a12f225a3ea9acd0af96bb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= -Date: Mon, 11 Nov 2024 17:02:44 +0100 -Subject: [PATCH] CVE-2024-52336 and CVE-2024-52337 fixes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -- tighten polkit policy -- API method parameters sanity check -- scripts can be executed only from the profile directories - -Resolves: CVE-2024-52336 -Resolves: CVE-2024-52337 - -Signed-off-by: Jaroslav Škarvada ---- - com.redhat.tuned.policy | 14 +++++++------- - tuned/consts.py | 4 ++++ - tuned/daemon/controller.py | 35 ++++++++++++++++++++++++++-------- - tuned/plugins/base.py | 12 ++++++++++++ - tuned/plugins/plugin_script.py | 4 ++++ - tuned/utils/commands.py | 4 ++++ - 6 files changed, 58 insertions(+), 15 deletions(-) - -diff --git a/com.redhat.tuned.policy b/com.redhat.tuned.policy -index f5c972a..077fb74 100644 ---- a/com.redhat.tuned.policy -+++ b/com.redhat.tuned.policy -@@ -43,7 +43,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -@@ -103,7 +103,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -@@ -113,7 +113,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -@@ -123,7 +123,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -@@ -223,7 +223,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -@@ -253,7 +253,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -@@ -263,7 +263,7 @@ - - auth_admin - auth_admin -- yes -+ auth_admin - - - -diff --git a/tuned/consts.py b/tuned/consts.py -index 912225d..4606aee 100644 ---- a/tuned/consts.py -+++ b/tuned/consts.py -@@ -1,4 +1,8 @@ - import logging -+import string -+ -+NAMES_ALLOWED_CHARS = string.ascii_letters + string.digits + " !@'+-.,/:;_$&*()%<=>?#[]{|}^~" + '"' -+NAMES_MAX_LENGTH = 4096 - - GLOBAL_CONFIG_FILE = "/etc/tuned/tuned-main.conf" - ACTIVE_PROFILE_FILE = "/etc/tuned/active_profile" -diff --git a/tuned/daemon/controller.py b/tuned/daemon/controller.py -index 4f43d54..726e3a2 100644 ---- a/tuned/daemon/controller.py -+++ b/tuned/daemon/controller.py -@@ -189,6 +189,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - def switch_profile(self, profile_name, caller = None): - if caller == "": - return (False, "Unauthorized") -+ if not self._cmd.is_valid_name(profile_name): -+ return (False, "Invalid profile_name") - return self._switch_profile(profile_name, True) - - @exports.export("", "(bs)") -@@ -262,8 +264,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - - @exports.export("s", "(bsss)") - def profile_info(self, profile_name, caller = None): -- if caller == "": -- return tuple(False, "", "", "") -+ if caller == "" or not self._cmd.is_valid_name(profile_name): -+ return (False, "", "", "") - if profile_name is None or profile_name == "": - profile_name = self.active_profile() - return tuple(self._daemon.profile_loader.profile_locator.get_profile_attrs(profile_name, [consts.PROFILE_ATTR_SUMMARY, consts.PROFILE_ATTR_DESCRIPTION], [""])) -@@ -294,7 +296,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - dictionary -- {plugin_name: {parameter_name: default_value}} - """ - if caller == "": -- return False -+ return {} - plugins = {} - for plugin_class in self._daemon.get_all_plugins(): - plugin_name = plugin_class.__module__.split(".")[-1].split("_", 1)[1] -@@ -307,8 +309,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - @exports.export("s","s") - def get_plugin_documentation(self, plugin_name, caller = None): - """Return docstring of plugin's class""" -- if caller == "": -- return False -+ if caller == "" or not self._cmd.is_valid_name(plugin_name): -+ return "" - return self._daemon.get_plugin_documentation(str(plugin_name)) - - @exports.export("s","a{ss}") -@@ -321,8 +323,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - Return: - dictionary -- {parameter_name: hint} - """ -- if caller == "": -- return False -+ if caller == "" or not self._cmd.is_valid_name(plugin_name): -+ return {} - return self._daemon.get_plugin_hints(str(plugin_name)) - - @exports.export("s", "b") -@@ -335,7 +337,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - Return: - bool -- True on success - """ -- if caller == "": -+ if caller == "" or not self._cmd.is_valid_name(path): - return False - if self._daemon._application and self._daemon._application._unix_socket_exporter: - self._daemon._application._unix_socket_exporter.register_signal_path(path) -@@ -349,6 +351,10 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - def instance_acquire_devices(self, devices, instance_name, caller = None): - if caller == "": - return (False, "Unauthorized") -+ if not self._cmd.is_valid_name(devices): -+ return (False, "Invalid devices") -+ if not self._cmd.is_valid_name(instance_name): -+ return (False, "Invalid instance_name") - found = False - for instance_target in self._daemon._unit_manager.instances: - if instance_target.name == instance_name: -@@ -399,6 +405,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - """ - if caller == "": - return (False, "Unauthorized", []) -+ if not self._cmd.is_valid_name(plugin_name): -+ return (False, "Invalid plugin_name", []) - if plugin_name != "" and plugin_name not in self.get_all_plugins().keys(): - rets = "Plugin '%s' does not exist" % plugin_name - log.error(rets) -@@ -422,6 +430,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - """ - if caller == "": - return (False, "Unauthorized", []) -+ if not self._cmd.is_valid_name(instance_name): -+ return (False, "Invalid instance_name", []) - for instance in self._daemon._unit_manager.instances: - if instance.name == instance_name: - return (True, "OK", sorted(list(instance.processed_devices))) -@@ -444,6 +454,13 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - """ - if caller == "": - return (False, "Unauthorized") -+ if not self._cmd.is_valid_name(plugin_name): -+ return (False, "Invalid plugin_name") -+ if not self._cmd.is_valid_name(instance_name): -+ return (False, "Invalid instance_name") -+ for (key, value) in options.items(): -+ if not self._cmd.is_valid_name(key) or not self._cmd.is_valid_name(value): -+ return (False, "Invalid options") - plugins = {p.name: p for p in self._daemon._unit_manager.plugins} - if not plugin_name in plugins.keys(): - rets = "Plugin '%s' not found" % plugin_name -@@ -499,6 +516,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface): - """ - if caller == "": - return (False, "Unauthorized") -+ if not self._cmd.is_valid_name(instance_name): -+ return (False, "Invalid instance_name") - try: - instance = [i for i in self._daemon._unit_manager.instances if i.name == instance_name][0] - except IndexError: -diff --git a/tuned/plugins/base.py b/tuned/plugins/base.py -index cd54aea..3c4122f 100644 ---- a/tuned/plugins/base.py -+++ b/tuned/plugins/base.py -@@ -213,6 +213,14 @@ class Plugin(object): - def _instance_post_static(self, instance, enabling): - pass - -+ def _safe_script_path(self, path): -+ path = os.path.realpath(path) -+ profile_paths = self._global_cfg.get_list(consts.CFG_PROFILE_DIRS, consts.CFG_DEF_PROFILE_DIRS) -+ for p in profile_paths: -+ if path.startswith(p): -+ return True -+ return False -+ - def _call_device_script(self, instance, script, op, devices, rollback = consts.ROLLBACK_SOFT): - if script is None: - return None -@@ -223,6 +231,10 @@ class Plugin(object): - log.error("Relative paths cannot be used in script_pre or script_post. " \ - + "Use ${i:PROFILE_DIR}.") - return False -+ if not self._safe_script_path(script): -+ log.error("Paths outside of the profile directories cannot be used in the " \ -+ + "script_pre or script_post, ignoring script: '%s'" % script) -+ return False - dir_name = os.path.dirname(script) - ret = True - for dev in devices: -diff --git a/tuned/plugins/plugin_script.py b/tuned/plugins/plugin_script.py -index ab605e4..5a5700f 100644 ---- a/tuned/plugins/plugin_script.py -+++ b/tuned/plugins/plugin_script.py -@@ -75,6 +75,10 @@ class ScriptPlugin(base.Plugin): - for script in scripts: - environ = os.environ - environ.update(self._variables.get_env()) -+ if not self._safe_script_path(script): -+ log.error("Paths outside of the profile directories cannot be used in the script, " \ -+ + "ignoring script: '%s'." % script) -+ continue - log.info("calling script '%s' with arguments '%s'" % (script, str(arguments))) - log.debug("using environment '%s'" % str(list(environ.items()))) - try: -diff --git a/tuned/utils/commands.py b/tuned/utils/commands.py -index a5a13c3..c4f7c93 100644 ---- a/tuned/utils/commands.py -+++ b/tuned/utils/commands.py -@@ -548,3 +548,7 @@ class commands: - import string - trans = string.maketrans(source_chars, dest_chars) - return text.translate(trans) -+ -+ # Checks if name contains only valid characters and has valid length or is empty string or None -+ def is_valid_name(self, name): -+ return not name or (all(c in consts.NAMES_ALLOWED_CHARS for c in name) and len(name) <= consts.NAMES_MAX_LENGTH) --- -2.47.0 - diff --git a/sources b/sources index cb5ba02..8f832db 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (tuned-2.24.0.tar.gz) = d004cd621e26195fff14b39f29b2143cf47de09641454acd3029d61142c3d000a452f018356c84c32772bd99fc766f6ee847d2a8eddbde8ae34aaa0ecefa644e +SHA512 (tuned-2.25.0-rc.1.tar.gz) = 798daedaf1f7220a75f5a448eae9b9c90b7989c2f52b050b144d62b9ad03640c4a4f446c24a04b8cf6056ee0d7f1ee8c995cdc9c5d04b6bed499a509e08522d9 diff --git a/tuned.spec b/tuned.spec index bc4331a..8346fc4 100644 --- a/tuned.spec +++ b/tuned.spec @@ -1,3 +1,11 @@ +%if 0%{?rhel} && 0%{?rhel} < 10 +%global user_profiles_dir %{_sysconfdir}/tuned +%global system_profiles_dir %{_prefix}/lib/tuned +%else +%global user_profiles_dir %{_sysconfdir}/tuned/profiles +%global system_profiles_dir %{_prefix}/lib/tuned/profiles +%endif + %if 0%{?fedora} %if 0%{?fedora} > 27 %bcond_without python3 @@ -26,16 +34,16 @@ %endif %endif -#%%global prerelease rc -#%%global prereleasenum 1 +%global prerelease rc +%global prereleasenum 1 %global prerel1 %{?prerelease:.%{prerelease}%{prereleasenum}} %global prerel2 %{?prerelease:-%{prerelease}.%{prereleasenum}} Summary: A dynamic adaptive system tuning daemon Name: tuned -Version: 2.24.0 -Release: 3%{?prerel1}%{?dist} +Version: 2.25.0 +Release: 0.1%{?prerel1}%{?dist} License: GPL-2.0-or-later AND CC-BY-SA-3.0 Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz # RHEL-9 specific recommend.conf: @@ -60,7 +68,8 @@ BuildRequires: %{_py}-mock %endif BuildRequires: %{_py}-pyudev Requires: %{_py}-pyudev -Requires: %{_py}-linux-procfs, %{_py}-perf +Requires: %{_py}-linux-procfs +Requires: %{_py}-inotify %if %{without python3} Requires: %{_py}-schedutils %endif @@ -69,9 +78,6 @@ Requires: %{_py}-schedutils # BuildRequires for 'make test' BuildRequires: python3-dbus, python3-gobject-base Requires: python3-dbus, python3-gobject-base -%if 0%{?fedora} > 22 || 0%{?rhel} > 7 -Recommends: dmidecode -%endif %else # BuildRequires for 'make test' BuildRequires: dbus-python, pygobject3-base @@ -81,11 +87,15 @@ Requires: virt-what, ethtool, gawk Requires: util-linux, dbus, polkit %if 0%{?fedora} > 22 || 0%{?rhel} > 7 Recommends: dmidecode +# https://src.fedoraproject.org/rpms/tuned/pull-request/8 +Recommends: %{_py}-perf # i686 excluded Recommends: kernel-tools Requires: hdparm Requires: kmod Requires: iproute +%else +Requires: %{_py}-perf %endif # syspurpose %if 0%{?rhel} > 8 @@ -98,7 +108,6 @@ Recommends: subscription-manager Requires: python3-syspurpose %endif %endif -Patch0: 0001-CVE-2024-52336-and-CVE-2024-52337-fixes.patch %description The tuned package contains a daemon that tunes system settings dynamically. @@ -188,7 +197,6 @@ Additional tuned profile(s) targeted to Atomic host and guest. %package profiles-realtime Summary: Additional tuned profile(s) targeted to realtime Requires: %{name} = %{version} -Requires: tuna %description profiles-realtime Additional tuned profile(s) targeted to realtime. @@ -197,7 +205,6 @@ Additional tuned profile(s) targeted to realtime. Summary: Additional tuned profile(s) targeted to Network Function Virtualization (NFV) guest Requires: %{name} = %{version} Requires: %{name}-profiles-realtime = %{version} -Requires: tuna %description profiles-nfv-guest Additional tuned profile(s) targeted to Network Function Virtualization (NFV) guest. @@ -206,7 +213,6 @@ Additional tuned profile(s) targeted to Network Function Virtualization (NFV) gu Summary: Additional tuned profile(s) targeted to Network Function Virtualization (NFV) host Requires: %{name} = %{version} Requires: %{name}-profiles-realtime = %{version} -Requires: tuna %description profiles-nfv-host Additional tuned profile(s) targeted to Network Function Virtualization (NFV) host. @@ -260,6 +266,9 @@ Additional TuneD profile(s) optimized for OpenShift. %package ppd Summary: PPD compatibility daemon Requires: %{name} = %{version} +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 +Obsoletes: power-profiles-daemon < 0.23-2 +%endif # The compatibility daemon is swappable for power-profiles-daemon Provides: ppd-service Conflicts: ppd-service @@ -276,15 +285,15 @@ rm -f recommend.conf cp -p %{SOURCE1} recommend.conf %build -# Docs cannot be generated on RHEL now due to missing asciidoctor dependency -# asciidoc doesn't seem to be compatible -%if ! 0%{?rhel} make html %{make_python_arg} -%endif %install -make install DESTDIR=%{buildroot} DOCDIR=%{docdir} %{make_python_arg} -make install-ppd DESTDIR=%{buildroot} DOCDIR=%{docdir} %{make_python_arg} +make install DESTDIR="%{buildroot}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" \ + DOCDIR="%{docdir}" %{make_python_arg} \ + TUNED_USER_PROFILES_DIR="%{user_profiles_dir}" \ + TUNED_SYSTEM_PROFILES_DIR="%{system_profiles_dir}" +make install-ppd DESTDIR="%{buildroot}" BINDIR="%{_bindir}" \ + SBINDIR="%{_sbindir}" DOCDIR="%{docdir}" %{make_python_arg} %if ! 0%{?rhel} # manual @@ -450,39 +459,44 @@ fi %exclude %{_sysconfdir}/tuned/realtime-virtual-host-variables.conf %exclude %{_sysconfdir}/tuned/cpu-partitioning-variables.conf %exclude %{_sysconfdir}/tuned/cpu-partitioning-powersave-variables.conf -%exclude %{_prefix}/lib/tuned/profiles/default -%exclude %{_prefix}/lib/tuned/profiles/desktop-powersave -%exclude %{_prefix}/lib/tuned/profiles/laptop-ac-powersave -%exclude %{_prefix}/lib/tuned/profiles/server-powersave -%exclude %{_prefix}/lib/tuned/profiles/laptop-battery-powersave -%exclude %{_prefix}/lib/tuned/profiles/enterprise-storage -%exclude %{_prefix}/lib/tuned/profiles/spindown-disk -%exclude %{_prefix}/lib/tuned/profiles/sap-netweaver -%exclude %{_prefix}/lib/tuned/profiles/sap-hana -%exclude %{_prefix}/lib/tuned/profiles/sap-hana-kvm-guest -%exclude %{_prefix}/lib/tuned/profiles/mssql -%exclude %{_prefix}/lib/tuned/profiles/oracle -%exclude %{_prefix}/lib/tuned/profiles/atomic-host -%exclude %{_prefix}/lib/tuned/profiles/atomic-guest -%exclude %{_prefix}/lib/tuned/profiles/realtime -%exclude %{_prefix}/lib/tuned/profiles/realtime-virtual-guest -%exclude %{_prefix}/lib/tuned/profiles/realtime-virtual-host -%exclude %{_prefix}/lib/tuned/profiles/cpu-partitioning -%exclude %{_prefix}/lib/tuned/profiles/cpu-partitioning-powersave -%exclude %{_prefix}/lib/tuned/profiles/spectrumscale-ece -%exclude %{_prefix}/lib/tuned/profiles/postgresql -%exclude %{_prefix}/lib/tuned/profiles/openshift -%exclude %{_prefix}/lib/tuned/profiles/openshift-control-plane -%exclude %{_prefix}/lib/tuned/profiles/openshift-node +%exclude %{system_profiles_dir}/default +%exclude %{system_profiles_dir}/desktop-powersave +%exclude %{system_profiles_dir}/laptop-ac-powersave +%exclude %{system_profiles_dir}/server-powersave +%exclude %{system_profiles_dir}/laptop-battery-powersave +%exclude %{system_profiles_dir}/enterprise-storage +%exclude %{system_profiles_dir}/spindown-disk +%exclude %{system_profiles_dir}/sap-netweaver +%exclude %{system_profiles_dir}/sap-hana +%exclude %{system_profiles_dir}/sap-hana-kvm-guest +%exclude %{system_profiles_dir}/mssql +%exclude %{system_profiles_dir}/oracle +%exclude %{system_profiles_dir}/atomic-host +%exclude %{system_profiles_dir}/atomic-guest +%exclude %{system_profiles_dir}/realtime +%exclude %{system_profiles_dir}/realtime-virtual-guest +%exclude %{system_profiles_dir}/realtime-virtual-host +%exclude %{system_profiles_dir}/cpu-partitioning +%exclude %{system_profiles_dir}/cpu-partitioning-powersave +%exclude %{system_profiles_dir}/spectrumscale-ece +%exclude %{system_profiles_dir}/postgresql +%exclude %{system_profiles_dir}/openshift +%exclude %{system_profiles_dir}/openshift-control-plane +%exclude %{system_profiles_dir}/openshift-node %{_prefix}/lib/tuned %dir %{_sysconfdir}/tuned %dir %{_sysconfdir}/tuned/recommend.d -%dir %{_sysconfdir}/tuned/profiles + +%if "%{user_profiles_dir}" != "%{_sysconfdir}/tuned" +%dir %{user_profiles_dir} +%endif + %dir %{_libexecdir}/tuned %{_libexecdir}/tuned/defirqaffinity* %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/tuned/active_profile %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/tuned/profile_mode %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/tuned/post_loaded_profile +%config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/tuned/ppd_base_profile %config(noreplace) %{_sysconfdir}/tuned/tuned-main.conf %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/tuned/bootcmdline %verify(not size mtime md5) %{_sysconfdir}/modprobe.d/tuned.conf @@ -531,40 +545,40 @@ fi %{_mandir}/man8/scomes.* %files profiles-sap -%{_prefix}/lib/tuned/profiles/sap-netweaver +%{system_profiles_dir}/sap-netweaver %{_mandir}/man7/tuned-profiles-sap.7* %files profiles-sap-hana -%{_prefix}/lib/tuned/profiles/sap-hana -%{_prefix}/lib/tuned/profiles/sap-hana-kvm-guest +%{system_profiles_dir}/sap-hana +%{system_profiles_dir}/sap-hana-kvm-guest %{_mandir}/man7/tuned-profiles-sap-hana.7* %files profiles-mssql -%{_prefix}/lib/tuned/profiles/mssql +%{system_profiles_dir}/mssql %{_mandir}/man7/tuned-profiles-mssql.7* %files profiles-oracle -%{_prefix}/lib/tuned/profiles/oracle +%{system_profiles_dir}/oracle %{_mandir}/man7/tuned-profiles-oracle.7* %files profiles-atomic -%{_prefix}/lib/tuned/profiles/atomic-host -%{_prefix}/lib/tuned/profiles/atomic-guest +%{system_profiles_dir}/atomic-host +%{system_profiles_dir}/atomic-guest %{_mandir}/man7/tuned-profiles-atomic.7* %files profiles-realtime %config(noreplace) %{_sysconfdir}/tuned/realtime-variables.conf -%{_prefix}/lib/tuned/profiles/realtime +%{system_profiles_dir}/realtime %{_mandir}/man7/tuned-profiles-realtime.7* %files profiles-nfv-guest %config(noreplace) %{_sysconfdir}/tuned/realtime-virtual-guest-variables.conf -%{_prefix}/lib/tuned/profiles/realtime-virtual-guest +%{system_profiles_dir}/realtime-virtual-guest %{_mandir}/man7/tuned-profiles-nfv-guest.7* %files profiles-nfv-host %config(noreplace) %{_sysconfdir}/tuned/realtime-virtual-host-variables.conf -%{_prefix}/lib/tuned/profiles/realtime-virtual-host +%{system_profiles_dir}/realtime-virtual-host %{_mandir}/man7/tuned-profiles-nfv-host.7* %files profiles-nfv @@ -573,32 +587,32 @@ fi %files profiles-cpu-partitioning %config(noreplace) %{_sysconfdir}/tuned/cpu-partitioning-variables.conf %config(noreplace) %{_sysconfdir}/tuned/cpu-partitioning-powersave-variables.conf -%{_prefix}/lib/tuned/profiles/cpu-partitioning -%{_prefix}/lib/tuned/profiles/cpu-partitioning-powersave +%{system_profiles_dir}/cpu-partitioning +%{system_profiles_dir}/cpu-partitioning-powersave %{_mandir}/man7/tuned-profiles-cpu-partitioning.7* %files profiles-spectrumscale -%{_prefix}/lib/tuned/profiles/spectrumscale-ece +%{system_profiles_dir}/spectrumscale-ece %{_mandir}/man7/tuned-profiles-spectrumscale-ece.7* %files profiles-compat -%{_prefix}/lib/tuned/profiles/default -%{_prefix}/lib/tuned/profiles/desktop-powersave -%{_prefix}/lib/tuned/profiles/laptop-ac-powersave -%{_prefix}/lib/tuned/profiles/server-powersave -%{_prefix}/lib/tuned/profiles/laptop-battery-powersave -%{_prefix}/lib/tuned/profiles/enterprise-storage -%{_prefix}/lib/tuned/profiles/spindown-disk +%{system_profiles_dir}/default +%{system_profiles_dir}/desktop-powersave +%{system_profiles_dir}/laptop-ac-powersave +%{system_profiles_dir}/server-powersave +%{system_profiles_dir}/laptop-battery-powersave +%{system_profiles_dir}/enterprise-storage +%{system_profiles_dir}/spindown-disk %{_mandir}/man7/tuned-profiles-compat.7* %files profiles-postgresql -%{_prefix}/lib/tuned/profiles/postgresql +%{system_profiles_dir}/postgresql %{_mandir}/man7/tuned-profiles-postgresql.7* %files profiles-openshift -%{_prefix}/lib/tuned/profiles/openshift -%{_prefix}/lib/tuned/profiles/openshift-control-plane -%{_prefix}/lib/tuned/profiles/openshift-node +%{system_profiles_dir}/openshift +%{system_profiles_dir}/openshift-control-plane +%{system_profiles_dir}/openshift-node %{_mandir}/man7/tuned-profiles-openshift.7* %files ppd @@ -607,9 +621,35 @@ fi %{_datadir}/dbus-1/system-services/net.hadess.PowerProfiles.service %{_datadir}/dbus-1/system.d/net.hadess.PowerProfiles.conf %{_datadir}/polkit-1/actions/net.hadess.PowerProfiles.policy +%{_datadir}/dbus-1/system-services/org.freedesktop.UPower.PowerProfiles.service +%{_datadir}/dbus-1/system.d/org.freedesktop.UPower.PowerProfiles.conf +%{_datadir}/polkit-1/actions/org.freedesktop.UPower.PowerProfiles.policy %config(noreplace) %{_sysconfdir}/tuned/ppd.conf %changelog +* Sun Jan 19 2025 Jaroslav Škarvada - 2.25.0-0.1.rc1 +- new release + - rebased tuned to latest upstream + resolves: RHEL-70454 + - tuned-ppd: removed the use of StrEnum + - tuned-ppd: fixed traceback + resolves: RHEL-74384 + - tuned-ppd: multiple fixes and updates + - docs: plugins docs are now automatically generated from the docstrings + - plugin_cpu: fixed no_turbo boolean option parsing + - plugin_cpu: allowed raw energy_performance_preference values + - plugin_vm: added support for dirty_(bytes|ratio) sysctl parameters + - plugin_bootloader: added variables to BLS entries only if grub is used + - plugin_scheduler: do not assume that perf events have type attribute + - plugin_scheduler: updated sched knobs for kernels 6.6+ + - plugin_scheduler: log process info when its affinity cannot be changed + resolves: RHEL-69933 + - plugin_scheduler: postpone cgroup blacklist check, double-check after fail + - plugin_scheduler: made perf support optional + - plugin_net: added support for hotplug and rename + - makefile: added support for installation to custom $BINDIR/$SBINDIR + - functions: dropped cpuspeed support + * Mon Nov 18 2024 Jaroslav Škarvada - 2.24.0-3 - Fixed privileged execution of arbitrary scripts by active local user, (CVE-2024-52336)