Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
util-linux.29049
util-linux-uuidd-check-lock-state.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File util-linux-uuidd-check-lock-state.patch of Package util-linux.29049
Applicable subset of the original commit: Issue warning if the lock state file is not usable. Service file is not hardened, so ReadWritePaths does not need to be specified. From f27876f9c1056bf41fd940d5c4990b4277e0024f Mon Sep 17 00:00:00 2001 From: Karel Zak <kzak@redhat.com> Date: Mon, 24 Jan 2022 14:08:08 +0100 Subject: [PATCH] uuidd: fix open/lock state issue * warn on open/lock state issue * remove ProtectSystem=strict from systemd service setting, because it makes clock state file read-only openat(AT_FDCWD, "/var/lib/libuuid/clock.txt", O_RDWR|O_CREAT|O_CLOEXEC, 0660) = -1 EROFS (Read-only file system) Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2040366 Signed-off-by: Karel Zak <kzak@redhat.com> --- misc-utils/uuidd.c | 9 ++++++--- misc-utils/uuidd.service.in | 1 - 2 files changed, 6 insertions(+), 4 deletions(-) From 417982d0236a12756923d88e627f5e4facf8951c Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <sbrabec@suse.cz> Date: Tue, 25 Jan 2022 11:50:21 +0100 Subject: [PATCH] uuidd: Whitelist libuuid clock file Return back ProtectSystem to strict, and enable access to /var/lib/libuuid only. Note: As LIBUUID_CLOCK_FILE does not use @localstatedir@, we use /var here as well. Signed-off-by: Ali Abdallah <ali.abdallah@suse.com> Signed-off-by: Stanislav Brabec <sbrabec@suse.cz> Signed-off-by: Karel Zak <kzak@redhat.com> --- misc-utils/uuidd.service.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c index f8b595ea7..dfcd1487b 100644 --- a/misc-utils/uuidd.c +++ b/misc-utils/uuidd.c @@ -494,7 +494,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, break; case UUIDD_OP_TIME_UUID: num = 1; - __uuid_generate_time(uu, &num); + if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet) + warnx(_("failed to open/lock clock counter")); if (uuidd_cxt->debug) { uuid_unparse(uu, str); fprintf(stderr, _("Generated time UUID: %s\n"), str); @@ -504,7 +505,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, break; case UUIDD_OP_RANDOM_UUID: num = 1; - __uuid_generate_random(uu, &num); + if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet) + warnx(_("failed to open/lock clock counter")); if (uuidd_cxt->debug) { uuid_unparse(uu, str); fprintf(stderr, _("Generated random UUID: %s\n"), str); @@ -513,7 +515,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, reply_len = sizeof(uu); break; case UUIDD_OP_BULK_TIME_UUID: - __uuid_generate_time(uu, &num); + if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet) + warnx(_("failed to open/lock clock counter")); if (uuidd_cxt->debug) { uuid_unparse(uu, str); fprintf(stderr, P_("Generated time UUID %s " Not applicable: #diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in #index b4c9c4635..e64ca59b5 100644 #--- a/misc-utils/uuidd.service.in #+++ b/misc-utils/uuidd.service.in #@@ -18,6 +18,7 @@ ProtectKernelModules=yes # ProtectControlGroups=yes # RestrictAddressFamilies=AF_UNIX # MemoryDenyWriteExecute=yes #+ReadWritePaths=/var/lib/libuuid/ # SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io # # [Install] -- 2.35.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor