diff --git a/SOURCES/fapolicyd-unlink-fifo1.patch b/SOURCES/fapolicyd-unlink-fifo1.patch new file mode 100644 index 0000000..e92f3b6 --- /dev/null +++ b/SOURCES/fapolicyd-unlink-fifo1.patch @@ -0,0 +1,50 @@ +From 8cf74e7f147836e81c3583a046e4dc2b4673a14c Mon Sep 17 00:00:00 2001 +From: Radovan Sroka +Date: Thu, 11 Mar 2021 14:45:50 +0100 +Subject: [PATCH] Ensure that fifo will be removed after termination + +- unlink_fifo() will be called after every succesful termination +because dnf/yum can hang if the pipe exists after daemon termination + +- move preconstruct_fifo() out of the scope because it is needed also +when the daemon is configured to run as root + +Signed-off-by: Radovan Sroka +--- + src/daemon/fapolicyd.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/daemon/fapolicyd.c b/src/daemon/fapolicyd.c +index 5dce666..c29611c 100644 +--- a/src/daemon/fapolicyd.c ++++ b/src/daemon/fapolicyd.c +@@ -446,6 +446,17 @@ int main(int argc, const char *argv[]) + openlog("fapolicyd", LOG_PID, LOG_DAEMON); + } + ++ // Set the exit function so there is always a fifo cleanup ++ if (atexit(unlink_fifo)) { ++ msg(LOG_ERR, "Cannot set exit function"); ++ exit(1); ++ } ++ ++ if (preconstruct_fifo(&config)) { ++ msg(LOG_ERR, "Cannot contruct a pipe"); ++ exit(1); ++ } ++ + // Setup filesystem to watch list + init_fs_list(config.watch_fs); + +@@ -454,8 +465,6 @@ int main(int argc, const char *argv[]) + + // If we are not going to be root, then setup necessary capabilities + if (config.uid != 0) { +- if (preconstruct_fifo(&config)) +- exit(1); + capng_clear(CAPNG_SELECT_BOTH); + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, + CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_SYS_PTRACE, +-- +2.26.2 + diff --git a/SOURCES/fapolicyd-unlink-fifo2.patch b/SOURCES/fapolicyd-unlink-fifo2.patch new file mode 100644 index 0000000..ea1f6f1 --- /dev/null +++ b/SOURCES/fapolicyd-unlink-fifo2.patch @@ -0,0 +1,35 @@ +From 7c2726e8d9c3aa5f8f6710a7ea147bf99877e1a5 Mon Sep 17 00:00:00 2001 +From: Radovan Sroka +Date: Tue, 16 Mar 2021 12:49:48 +0100 +Subject: [PATCH] Fixed problem with startup failed on unlink() (#120) + +- introduced in 128e22d0c638aed81337a6dbbfa664e5bfc9ea06 + +- daemon does not start when unlinking non existing db +- fapolicyd-cli returned error when there is no db to unlink + +Signed-off-by: Radovan Sroka +--- + src/library/database.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/library/database.c b/src/library/database.c +index a010923..59816cb 100644 +--- a/src/library/database.c ++++ b/src/library/database.c +@@ -718,13 +718,13 @@ int unlink_db(void) + + snprintf(path, sizeof(path), "%s/data.mdb", data_dir); + rc = unlink(path); +- if (rc) { ++ if (rc == -1 && errno != ENOENT) { + msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno)); + ret_val = 1; + } + snprintf(path, sizeof(path), "%s/lock.mdb", data_dir); + rc = unlink(path); +- if (rc) { ++ if (rc == -1 && errno != ENOENT) { + msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno)); + ret_val = 1; + } diff --git a/SOURCES/fapolicyd-unlink1.patch b/SOURCES/fapolicyd-unlink1.patch new file mode 100644 index 0000000..37dc715 --- /dev/null +++ b/SOURCES/fapolicyd-unlink1.patch @@ -0,0 +1,25 @@ +From a0d93349003100ec773c3253e515c7162737c4c2 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Wed, 3 Mar 2021 13:16:07 -0500 +Subject: [PATCH] Add error message for debugging + +--- + src/library/database.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/library/database.c b/src/library/database.c +index db52000..9497c06 100644 +--- a/src/library/database.c ++++ b/src/library/database.c +@@ -161,8 +161,10 @@ static int init_db(const conf_t *config) + return 4; + + int rc = mdb_env_open(env, data_dir, flags, 0660); +- if (rc) ++ if (rc) { ++ msg(LOG_ERR, "env_open error: %s", mdb_strerror(rc)); + return 5; ++ } + + MDB_maxkeysize = mdb_env_get_maxkeysize(env); + integrity = config->integrity; diff --git a/SOURCES/fapolicyd-unlink2.patch b/SOURCES/fapolicyd-unlink2.patch new file mode 100644 index 0000000..0e1fb4a --- /dev/null +++ b/SOURCES/fapolicyd-unlink2.patch @@ -0,0 +1,33 @@ +From 1b862f3b7c489928f1861396cebb763ae0654371 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Wed, 3 Mar 2021 13:22:10 -0500 +Subject: [PATCH] Add error message for debugging + +--- + src/library/database.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/library/database.c b/src/library/database.c +index 9497c06..831ec74 100644 +--- a/src/library/database.c ++++ b/src/library/database.c +@@ -713,12 +713,17 @@ static int check_database_copy(void) + */ + void unlink_db(void) + { ++ int rc; + char path[64]; + + snprintf(path, sizeof(path), "%s/data.mdb", data_dir); +- unlink(path); ++ rc = unlink(path); ++ if (rc) ++ msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno)); + snprintf(path, sizeof(path), "%s/lock.mdb", data_dir); +- unlink(path); ++ rc = unlink(path); ++ if (rc) ++ msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno)); + } + + diff --git a/SOURCES/fapolicyd-unlink3.patch b/SOURCES/fapolicyd-unlink3.patch new file mode 100644 index 0000000..571cab5 --- /dev/null +++ b/SOURCES/fapolicyd-unlink3.patch @@ -0,0 +1,114 @@ +From 128e22d0c638aed81337a6dbbfa664e5bfc9ea06 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Wed, 3 Mar 2021 13:34:58 -0500 +Subject: [PATCH] If db migration fails due to unlinking problem, fail startup + +--- + ChangeLog | 1 + + src/cli/fapolicyd-cli.c | 5 +++-- + src/library/database.c | 22 ++++++++++++++++------ + src/library/database.h | 4 ++-- + 4 files changed, 22 insertions(+), 10 deletions(-) + +diff --git a/src/cli/fapolicyd-cli.c b/src/cli/fapolicyd-cli.c +index 994c9a6..fb9081b 100644 +--- a/src/cli/fapolicyd-cli.c ++++ b/src/cli/fapolicyd-cli.c +@@ -1,6 +1,6 @@ + /* + * fapolicy-cli.c - CLI tool for fapolicyd +- * Copyright (c) 2019,2020 Red Hat Inc. ++ * Copyright (c) 2019-2021 Red Hat Inc. + * All Rights Reserved. + * + * This software may be freely redistributed and/or modified under the +@@ -89,7 +89,8 @@ static char *get_line(FILE *f, unsigned *lineno) + + static int do_delete_db(void) + { +- unlink_db(); ++ if (unlink_db()) ++ return 1; + return 0; + } + +diff --git a/src/library/database.c b/src/library/database.c +index 831ec74..a010923 100644 +--- a/src/library/database.c ++++ b/src/library/database.c +@@ -1,6 +1,6 @@ + /* + * database.c - Trust database +- * Copyright (c) 2016,2018-20 Red Hat Inc. ++ * Copyright (c) 2016,2018-21 Red Hat Inc. + * All Rights Reserved. + * + * This software may be freely redistributed and/or modified under the +@@ -711,23 +711,32 @@ static int check_database_copy(void) + /* + * This function removes the trust database files. + */ +-void unlink_db(void) ++int unlink_db(void) + { +- int rc; ++ int rc, ret_val = 0; + char path[64]; + + snprintf(path, sizeof(path), "%s/data.mdb", data_dir); + rc = unlink(path); +- if (rc) ++ if (rc) { + msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno)); ++ ret_val = 1; ++ } + snprintf(path, sizeof(path), "%s/lock.mdb", data_dir); + rc = unlink(path); +- if (rc) ++ if (rc) { + msg(LOG_ERR, "Could not unlink %s (%s)", path, strerror(errno)); ++ ret_val = 1; ++ } ++ ++ return ret_val; + } + + + /* ++ * DB version 1 = unique keys (0.8 - 0.9.2) ++ * DB version 2 = allow duplicate keys (0.9.3 - ) ++ * + * This function is used to detect if we are using version1 of the database. + * If so, we have to delete the database and rebuild it. We cannot mix + * database versions because lmdb doesn't do that. +@@ -744,7 +753,8 @@ static int migrate_database(void) + msg(LOG_INFO, "Database migration will be performed."); + + // Then we have a version1 db since it does not track versions +- unlink_db(); ++ if (unlink_db()) ++ return 1; + + // Create the new, db version tracker and write current version + fd = open(vpath, O_CREAT|O_EXCL|O_WRONLY, 0640); +diff --git a/src/library/database.h b/src/library/database.h +index e828503..f4516b2 100644 +--- a/src/library/database.h ++++ b/src/library/database.h +@@ -1,6 +1,6 @@ + /* + * database.h - Header file for trust database +- * Copyright (c) 2018-20 Red Hat Inc. ++ * Copyright (c) 2018-21 Red Hat Inc. + * All Rights Reserved. + * + * This software may be freely redistributed and/or modified under the +@@ -41,7 +41,7 @@ int init_database(conf_t *config); + int check_trust_database(const char *path, struct file_info *info, int fd); + void close_database(void); + void database_report(FILE *f); +-void unlink_db(void); ++int unlink_db(void); + void unlink_fifo(void); + + #endif diff --git a/SPECS/fapolicyd.spec b/SPECS/fapolicyd.spec index 7711c76..fd1a6c3 100644 --- a/SPECS/fapolicyd.spec +++ b/SPECS/fapolicyd.spec @@ -6,7 +6,7 @@ Summary: Application Whitelisting Daemon Name: fapolicyd Version: 1.0.2 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv3+ URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz @@ -38,6 +38,12 @@ Patch4: fapolicyd-cli-hang.patch # the fapolicyd package because it provides safe upgrade path Patch5: fapolicyd-dnf-plugin.patch +Patch6: fapolicyd-unlink1.patch +Patch7: fapolicyd-unlink2.patch +Patch8: fapolicyd-unlink3.patch +Patch9: fapolicyd-unlink-fifo1.patch +Patch10: fapolicyd-unlink-fifo2.patch + %description Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation @@ -70,6 +76,13 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon. %patch5 -p1 -b .plugin +%patch6 -p1 -b .unlink1 +%patch7 -p1 -b .unlink2 +%patch8 -p1 -b .unlink3 + +%patch9 -p1 -b .unlink_fifo1 +%patch10 -p1 -b .unlink_fifo2 + # generate rules for python sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.* sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.* @@ -189,6 +202,7 @@ end %post selinux %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%selinux_relabel_post -s %{selinuxtype} %postun selinux if [ $1 -eq 0 ]; then @@ -199,12 +213,12 @@ fi %selinux_relabel_post -s %{selinuxtype} %changelog -* Tue Mar 02 2021 Radovan Sroka - 1.0.2-4 +* Tue Mar 18 2021 Radovan Sroka - 1.0.2-5 RHEL 8.4.0 ERRATUM +- fixed multiple problems with unlink() - fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1896875 - * Tue Feb 16 2021 Radovan Sroka - 1.0.2-3 RHEL 8.4.0 ERRATUM - rebase to 1.0.2