|
 |
fd2e1e |
From 128e22d0c638aed81337a6dbbfa664e5bfc9ea06 Mon Sep 17 00:00:00 2001
|
|
|
fd2e1e |
From: Steve Grubb <sgrubb@redhat.com>
|
|
|
fd2e1e |
Date: Wed, 3 Mar 2021 13:34:58 -0500
|
|
|
fd2e1e |
Subject: [PATCH] If db migration fails due to unlinking problem, fail startup
|
|
|
fd2e1e |
|
|
|
fd2e1e |
---
|
|
|
fd2e1e |
ChangeLog | 1 +
|
|
|
fd2e1e |
src/cli/fapolicyd-cli.c | 5 +++--
|
|
|
fd2e1e |
src/library/database.c | 22 ++++++++++++++++------
|
|
|
fd2e1e |
src/library/database.h | 4 ++--
|
|
|
fd2e1e |
4 files changed, 22 insertions(+), 10 deletions(-)
|
|
|
fd2e1e |
|
|
|
fd2e1e |
diff --git a/src/cli/fapolicyd-cli.c b/src/cli/fapolicyd-cli.c
|
|
|
fd2e1e |
index 994c9a6..fb9081b 100644
|
|
|
fd2e1e |
--- a/src/cli/fapolicyd-cli.c
|
|
|
fd2e1e |
+++ b/src/cli/fapolicyd-cli.c
|
|
|
fd2e1e |
@@ -1,6 +1,6 @@
|
|
|
fd2e1e |
/*
|
|
|
fd2e1e |
* fapolicy-cli.c - CLI tool for fapolicyd
|
|
|
fd2e1e |
- * Copyright (c) 2019,2020 Red Hat Inc.
|
|
|
fd2e1e |
+ * Copyright (c) 2019-2021 Red Hat Inc.
|
|
|
fd2e1e |
* All Rights Reserved.
|
|
|
fd2e1e |
*
|
|
|
fd2e1e |
* This software may be freely redistributed and/or modified under the
|
|
|
fd2e1e |
@@ -89,7 +89,8 @@ static char *get_line(FILE *f, unsigned *lineno)
|
|
|
fd2e1e |
|
|
|
fd2e1e |
static int do_delete_db(void)
|
|
|
fd2e1e |
{
|
|
|
fd2e1e |
- unlink_db();
|
|
|
fd2e1e |
+ if (unlink_db())
|
|
|
fd2e1e |
+ return 1;
|
|
|
fd2e1e |
return 0;
|
|
|
fd2e1e |
}
|
|
|
fd2e1e |
|
|
|
fd2e1e |
diff --git a/src/library/database.c b/src/library/database.c
|
|
|
fd2e1e |
index 831ec74..a010923 100644
|
|
|
fd2e1e |
--- a/src/library/database.c
|
|
|
fd2e1e |
+++ b/src/library/database.c
|
|
|
fd2e1e |
@@ -1,6 +1,6 @@
|
|
|
fd2e1e |
/*
|
|
|
fd2e1e |
* database.c - Trust database
|
|
|
fd2e1e |
- * Copyright (c) 2016,2018-20 Red Hat Inc.
|
|
|
fd2e1e |
+ * Copyright (c) 2016,2018-21 Red Hat Inc.
|
|
|
fd2e1e |
* All Rights Reserved.
|
|
|
fd2e1e |
*
|
|
|
fd2e1e |
* This software may be freely redistributed and/or modified under the
|
|
|
fd2e1e |
@@ -711,23 +711,32 @@ static int check_database_copy(void)
|
|
|
fd2e1e |
/*
|
|
|
fd2e1e |
* This function removes the trust database files.
|
|
|
fd2e1e |
*/
|
|
|
fd2e1e |
-void unlink_db(void)
|
|
|
fd2e1e |
+int unlink_db(void)
|
|
|
fd2e1e |
{
|
|
|
fd2e1e |
- int rc;
|
|
|
fd2e1e |
+ int rc, ret_val = 0;
|
|
|
fd2e1e |
char path[64];
|
|
|
fd2e1e |
|
|
|
fd2e1e |
snprintf(path, sizeof(path), "%s/data.mdb", data_dir);
|
|
|
fd2e1e |
rc = unlink(path);
|
|
|
fd2e1e |
- if (rc)
|
|
|
fd2e1e |
+ if (rc) {
|
|
|
fd2e1e |
msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno));
|
|
|
fd2e1e |
+ ret_val = 1;
|
|
|
fd2e1e |
+ }
|
|
|
fd2e1e |
snprintf(path, sizeof(path), "%s/lock.mdb", data_dir);
|
|
|
fd2e1e |
rc = unlink(path);
|
|
|
fd2e1e |
- if (rc)
|
|
|
fd2e1e |
+ if (rc) {
|
|
|
fd2e1e |
msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno));
|
|
|
fd2e1e |
+ ret_val = 1;
|
|
|
fd2e1e |
+ }
|
|
|
fd2e1e |
+
|
|
|
fd2e1e |
+ return ret_val;
|
|
|
fd2e1e |
}
|
|
|
fd2e1e |
|
|
|
fd2e1e |
|
|
|
fd2e1e |
/*
|
|
|
fd2e1e |
+ * DB version 1 = unique keys (0.8 - 0.9.2)
|
|
|
fd2e1e |
+ * DB version 2 = allow duplicate keys (0.9.3 - )
|
|
|
fd2e1e |
+ *
|
|
|
fd2e1e |
* This function is used to detect if we are using version1 of the database.
|
|
|
fd2e1e |
* If so, we have to delete the database and rebuild it. We cannot mix
|
|
|
fd2e1e |
* database versions because lmdb doesn't do that.
|
|
|
fd2e1e |
@@ -744,7 +753,8 @@ static int migrate_database(void)
|
|
|
fd2e1e |
msg(LOG_INFO, "Database migration will be performed.");
|
|
|
fd2e1e |
|
|
|
fd2e1e |
// Then we have a version1 db since it does not track versions
|
|
|
fd2e1e |
- unlink_db();
|
|
|
fd2e1e |
+ if (unlink_db())
|
|
|
fd2e1e |
+ return 1;
|
|
|
fd2e1e |
|
|
|
fd2e1e |
// Create the new, db version tracker and write current version
|
|
|
fd2e1e |
fd = open(vpath, O_CREAT|O_EXCL|O_WRONLY, 0640);
|
|
|
fd2e1e |
diff --git a/src/library/database.h b/src/library/database.h
|
|
|
fd2e1e |
index e828503..f4516b2 100644
|
|
|
fd2e1e |
--- a/src/library/database.h
|
|
|
fd2e1e |
+++ b/src/library/database.h
|
|
|
fd2e1e |
@@ -1,6 +1,6 @@
|
|
|
fd2e1e |
/*
|
|
|
fd2e1e |
* database.h - Header file for trust database
|
|
|
fd2e1e |
- * Copyright (c) 2018-20 Red Hat Inc.
|
|
|
fd2e1e |
+ * Copyright (c) 2018-21 Red Hat Inc.
|
|
|
fd2e1e |
* All Rights Reserved.
|
|
|
fd2e1e |
*
|
|
|
fd2e1e |
* This software may be freely redistributed and/or modified under the
|
|
|
fd2e1e |
@@ -41,7 +41,7 @@ int init_database(conf_t *config);
|
|
|
fd2e1e |
int check_trust_database(const char *path, struct file_info *info, int fd);
|
|
|
fd2e1e |
void close_database(void);
|
|
|
fd2e1e |
void database_report(FILE *f);
|
|
|
fd2e1e |
-void unlink_db(void);
|
|
|
fd2e1e |
+int unlink_db(void);
|
|
|
fd2e1e |
void unlink_fifo(void);
|
|
|
fd2e1e |
|
|
|
fd2e1e |
#endif
|