1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
From cb57b930fa690ab79b3904846634681685e3470f Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Thu, 1 Sep 2022 19:21:30 +0200
Subject: [PATCH] multipath-tools: use /run instead of /dev/shm
/dev/shm may have unsafe permissions. Use /run instead.
Use systemd's tmpfiles.d mechanism to create /run/multipath
early during boot.
For backward compatibilty, make the runtime directory configurable
via the "runtimedir" make variable.
Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
CVE: CVE-2022-41973
Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
.gitignore | 2 ++
Makefile.inc | 7 ++++++-
libmultipath/defaults.h | 3 +--
multipath/Makefile | 11 ++++++++---
multipath/{multipath.rules => multipath.rules.in} | 4 ++--
multipath/tmpfiles.conf.in | 1 +
6 files changed, 20 insertions(+), 8 deletions(-)
rename multipath/{multipath.rules => multipath.rules.in} (95%)
create mode 100644 multipath/tmpfiles.conf.in
diff --git a/.gitignore b/.gitignore
index 9926756b..f90b0350 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,8 @@
*.d
kpartx/kpartx
multipath/multipath
+multipath/multipath.rules
+multipath/tmpfiles.conf
multipathd/multipathd
mpathpersist/mpathpersist
.nfs*
diff --git a/Makefile.inc b/Makefile.inc
index 4eb08eed..648f91b4 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -44,6 +44,7 @@ exec_prefix = $(prefix)
usr_prefix = $(prefix)
bindir = $(exec_prefix)/usr/sbin
libudevdir = $(prefix)/$(SYSTEMDPATH)/udev
+tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d
udevrulesdir = $(libudevdir)/rules.d
multipathdir = $(TOPDIR)/libmultipath
man8dir = $(prefix)/usr/share/man/man8
@@ -60,6 +61,7 @@ libdmmpdir = $(TOPDIR)/libdmmp
nvmedir = $(TOPDIR)/libmultipath/nvme
includedir = $(prefix)/usr/include
pkgconfdir = $(usrlibdir)/pkgconfig
+runtimedir := /$(RUN)
GZIP = gzip -9 -c
RM = rm -f
@@ -95,7 +97,10 @@ OPTFLAGS += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \
-Wno-unused-parameter -Werror=cast-qual \
-Werror=discarded-qualifiers
-CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2
+CPPFLAGS := $(FORTIFY_OPT) \
+ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \
+ -DRUNTIME_DIR=\"$(runtimedir)\" \
+ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP
CFLAGS := $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \
-MMD -MP $(CFLAGS)
BIN_CFLAGS = -fPIE -DPIE
diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h
index c2164c16..908e0ca3 100644
--- a/libmultipath/defaults.h
+++ b/libmultipath/defaults.h
@@ -64,8 +64,7 @@
#define DEFAULT_WWIDS_FILE "/etc/multipath/wwids"
#define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys"
#define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d"
-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/"
-
+#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/"
static inline char *set_default(char *str)
{
diff --git a/multipath/Makefile b/multipath/Makefile
index e720c7f6..28976546 100644
--- a/multipath/Makefile
+++ b/multipath/Makefile
@@ -12,7 +12,7 @@ EXEC = multipath
OBJS = main.o
-all: $(EXEC)
+all: $(EXEC) multipath.rules tmpfiles.conf
$(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so
$(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS)
@@ -26,7 +26,9 @@ install:
$(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/
$(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir)
$(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir)
- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
+ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules
+ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir)
+ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir)
@@ -43,9 +45,12 @@ uninstall:
$(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz
clean: dep_clean
- $(RM) core *.o $(EXEC) *.gz
+ $(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf
include $(wildcard $(OBJS:.o=.d))
dep_clean:
$(RM) $(OBJS:.o=.d)
+
+%: %.in
+ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@
diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in
similarity index 95%
rename from multipath/multipath.rules
rename to multipath/multipath.rules.in
index 0486bf70..5fb499e6 100644
--- a/multipath/multipath.rules
+++ b/multipath/multipath.rules.in
@@ -1,8 +1,8 @@
# Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath
SUBSYSTEM!="block", GOTO="end_mpath"
KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath"
-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \
- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor"
+ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \
+ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor"
ACTION!="add|change", GOTO="end_mpath"
IMPORT{cmdline}="nompath"
diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in
new file mode 100644
index 00000000..21be438a
--- /dev/null
+++ b/multipath/tmpfiles.conf.in
@@ -0,0 +1 @@
+d @RUNTIME_DIR@/multipath 0700 root root -
--
2.25.1
|
