From b3c52af5b139e6344d4a20664e32073af7f32cb7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 11:54:27 +0000 Subject: import libosinfo-1.9.0-5.el9 --- diff --git a/SOURCES/0002-loader-work-around-lstat-EACCES-regression-in-_g_loc.patch b/SOURCES/0002-loader-work-around-lstat-EACCES-regression-in-_g_loc.patch new file mode 100644 index 0000000..2a53b8b --- /dev/null +++ b/SOURCES/0002-loader-work-around-lstat-EACCES-regression-in-_g_loc.patch @@ -0,0 +1,220 @@ +From e5bdc6759195dbcfc4e7dcb02bf59190a3debe06 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 9 Feb 2022 13:14:54 +0100 +Subject: [PATCH] loader: work around lstat()/EACCES regression in + _g_local_file_info_get() + +In glib commit 71e7b5800a31 ("Handle MLS selinux policy better", +2010-07-08), which was made for +, an lstat() failure +with error code EACCES was *masked* in function _g_local_file_info_get(). + +Consequently, if osinfo_loader_find_files() calls g_file_query_info() on a +file that is inaccessible due to (e.g.) a missing "x" (search) permission +on a leading directory, then g_file_query_info() succeeds, our +"skipMissing" branch is dead, g_file_info_get_attribute_uint32() is +reached, and it returns G_FILE_TYPE_UNKNOWN. + +As a consequence, the outer osinfo_loader_process_default_path() function +can fail, even though it passes skipMissing=TRUE to +osinfo_loader_process_list(). Example: + +> $ HOME=/root \ +> OSINFO_SYSTEM_DIR=/usr/share/osinfo \ +> build/tools/osinfo-query os +> Error loading OS data: Can't read path /root/.config/osinfo + +Arguably, this situation should be handled by simply skipping the +inaccessible path, as if all leading directories could be searched, and +only the last pathname compontent (the filename entry) didn't exist in its +direct parent directory. + +The glib regression was reported in 2017: + + https://bugzilla.gnome.org/show_bug.cgi?id=777187 + +and then migrated to gitlab: + + https://gitlab.gnome.org/GNOME/glib/-/issues/1237 + +but it's still not solved today. + +Work around the issue by honoring "skipMissing" on the G_FILE_TYPE_UNKNOWN +branch. Demonstration: + +> $ HOME=/root \ +> OSINFO_SYSTEM_DIR=/usr/share/osinfo \ +> build/tools/osinfo-query os +> +> ** (osinfo-query:9924): WARNING **: 13:23:12.776: Can't read path /root/.config/osinfo +> Short ID | Name | Version | ID +> ----------------+------------------+---------+---------------------------------------- +> alpinelinux3.5 | Alpine Linux 3.5 | 3.5 | http://alpinelinux.org/alpinelinux/3.5 +> ... + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2051559 +Signed-off-by: Laszlo Ersek +--- + osinfo/osinfo_loader.c | 15 ++++++ + tests/test-loader.c | 105 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 120 insertions(+) + +diff --git a/osinfo/osinfo_loader.c b/osinfo/osinfo_loader.c +index 96ca6ee..e244b3f 100644 +--- a/osinfo/osinfo_loader.c ++++ b/osinfo/osinfo_loader.c +@@ -2377,6 +2377,21 @@ static void osinfo_loader_find_files(OsinfoLoader *loader, + } else if (type == G_FILE_TYPE_UNKNOWN) { + g_autofree gchar *path = g_file_get_path(file); + g_autofree gchar *msg = g_strdup_printf("Can't read path %s", path); ++ if (skipMissing) { ++ /* This is a work-around for ++ * . If the ++ * lstat() call underlying our g_file_query_info() call at the top ++ * of this function fails for "path" with EACCES, then ++ * g_file_query_info() should fail, and the "skipMissing" branch up ++ * there should suppress the error and return cleanly. ++ * Unfortunately, _g_local_file_info_get() masks the lstat() ++ * failure, g_file_info_get_attribute_uint32() is reached above, ++ * and returns G_FILE_TYPE_UNKNOWN for the file that could never be ++ * accessed. So we need to consider "skipMissing" here too. ++ */ ++ g_warning("%s", msg); ++ return; ++ } + OSINFO_LOADER_SET_ERROR(&error, msg); + g_propagate_error(err, error); + } else { +diff --git a/tests/test-loader.c b/tests/test-loader.c +index 6644943..bb86585 100644 +--- a/tests/test-loader.c ++++ b/tests/test-loader.c +@@ -16,6 +16,8 @@ + */ + + #include ++#include ++#include + + static void + test_basic(void) +@@ -31,6 +33,101 @@ test_basic(void) + g_object_unref(loader); + } + ++typedef struct { ++ gchar *tmp_parent; ++ gchar *tmp_child; ++ gchar *orig_userdir; ++ gchar *expected_warning; ++} TestEaccesFixture; ++ ++static void ++eacces_fixture_setup(TestEaccesFixture *fixture, gconstpointer user_data) ++{ ++ gpointer rp; ++ gint ri; ++ gboolean rb; ++ ++ /* create a temporary directory with permissions 0700 */ ++ fixture->tmp_parent = g_strdup_printf("%s/%s", g_get_tmp_dir(), ++ "test_eacces.XXXXXX"); ++ rp = g_mkdtemp_full(fixture->tmp_parent, 0700); ++ g_assert_nonnull(rp); ++ ++ /* create a child directory called "osinfo" in it, with permissions 0700 */ ++ fixture->tmp_child = g_strdup_printf("%s/osinfo", fixture->tmp_parent); ++ ri = g_mkdir(fixture->tmp_child, 0700); ++ g_assert_cmpint(ri, ==, 0); ++ ++ /* revoke the search permission (0100) from the parent */ ++ ri = g_chmod(fixture->tmp_parent, 0600); ++ g_assert_cmpint(ri, ==, 0); ++ ++ /* stash the current value of OSINFO_USER_DIR */ ++ fixture->orig_userdir = g_strdup(g_getenv("OSINFO_USER_DIR")); ++ ++ /* point osinfo_loader_get_user_path() inside ++ * osinfo_loader_process_default_path() to the child directory ++ */ ++ rb = g_setenv("OSINFO_USER_DIR", fixture->tmp_child, TRUE); ++ g_assert_true(rb); ++ ++ /* format the pattern for the warning expected later on */ ++ fixture->expected_warning = g_strdup_printf("Can't read path %s", ++ fixture->tmp_child); ++} ++ ++static void ++eacces_fixture_teardown(TestEaccesFixture *fixture, gconstpointer user_data) ++{ ++ gboolean rb; ++ gint ri; ++ ++ /* free the expected warning pattern */ ++ g_free(fixture->expected_warning); ++ ++ /* restore the OSINFO_USER_DIR variable */ ++ if (fixture->orig_userdir) { ++ rb = g_setenv("OSINFO_USER_DIR", fixture->orig_userdir, TRUE); ++ g_assert_true(rb); ++ g_free(fixture->orig_userdir); ++ } else { ++ g_unsetenv("OSINFO_USER_DIR"); ++ } ++ ++ /* restore search permission on the parent */ ++ ri = g_chmod(fixture->tmp_parent, 0700); ++ g_assert_cmpint(ri, ==, 0); ++ ++ /* remove both directories */ ++ ri = g_rmdir(fixture->tmp_child); ++ g_assert_cmpint(ri, ==, 0); ++ g_free(fixture->tmp_child); ++ ++ ri = g_rmdir(fixture->tmp_parent); ++ g_assert_cmpint(ri, ==, 0); ++ g_free(fixture->tmp_parent); ++} ++ ++static void ++test_eacces(TestEaccesFixture *fixture, gconstpointer user_data) ++{ ++ OsinfoLoader *loader = osinfo_loader_new(); ++ GError *error = NULL; ++ ++ g_assert_true(OSINFO_IS_LOADER(loader)); ++ ++ /* this should trigger an EACCES in glib's lstat(), but not break db ++ * loading; also we expect the warning here ++ */ ++ g_test_expect_message(G_LOG_DOMAIN, G_LOG_LEVEL_WARNING, ++ fixture->expected_warning); ++ osinfo_loader_process_default_path(loader, &error); ++ g_assert_no_error(error); ++ g_test_assert_expected_messages(); ++ ++ g_object_unref(loader); ++} ++ + int + main(int argc, char *argv[]) + { +@@ -38,6 +135,14 @@ main(int argc, char *argv[]) + + g_test_add_func("/loader/basic", test_basic); + ++ /* the following test depends on a directory with file mode bits 0600 being ++ * unsearchable for the owner, so skip it if the test is running as root ++ */ ++ if (geteuid() != 0) { ++ g_test_add("/loader/eacces", TestEaccesFixture, NULL, ++ eacces_fixture_setup, test_eacces, eacces_fixture_teardown); ++ } ++ + /* Upfront so we don't confuse valgrind */ + osinfo_entity_get_type(); + osinfo_db_get_type(); +-- +2.34.1 + diff --git a/SPECS/libosinfo.spec b/SPECS/libosinfo.spec index 14787e5..94303ec 100644 --- a/SPECS/libosinfo.spec +++ b/SPECS/libosinfo.spec @@ -3,13 +3,14 @@ Summary: A library for managing OS information for virtualization Name: libosinfo Version: 1.9.0 -Release: 4%{?dist} +Release: 5%{?dist} License: LGPLv2+ Source: https://releases.pagure.io/%{name}/%{name}-%{version}.tar.xz URL: https://libosinfo.org/ ### Patches ### Patch0001: 0001-loader-add-check-for-unknown-file-type.patch +Patch0002: 0002-loader-work-around-lstat-EACCES-regression-in-_g_loc.patch BuildRequires: meson BuildRequires: gcc @@ -97,6 +98,10 @@ Libraries, includes, etc. to compile with the libosinfo library %{_datadir}/vala/vapi/libosinfo-1.0.vapi %changelog +* Fri Feb 11 2022 Victor Toso - 1.9.0-5 +- Warn on EACCES error when skipMissing is set + Resolves: rhbz#2051559 + * Wed Dec 01 2021 Victor Toso - 1.9.0-4 - Improve error message on failure to access database due permission Related: rhbz#1942431