|
 |
d0283b |
From 8e724393079784edbf779678df6937dd838c4149 Mon Sep 17 00:00:00 2001
|
|
|
d0283b |
From: Tony Asleson <tasleson@redhat.com>
|
|
|
d0283b |
Date: Thu, 26 May 2022 10:44:02 -0500
|
|
|
d0283b |
Subject: [PATCH 7/9] lvmdbusd: Remove the use of sub shell for lvm shell
|
|
|
d0283b |
|
|
|
d0283b |
This reduces the number of processes and improves security.
|
|
|
d0283b |
|
|
|
d0283b |
(cherry picked from commit 7a2090655d3ab5abde83b981594ed527e2a7f1f7)
|
|
|
d0283b |
---
|
|
|
d0283b |
daemons/lvmdbusd/lvm_shell_proxy.py.in | 24 +++++++++++-------------
|
|
|
d0283b |
1 file changed, 11 insertions(+), 13 deletions(-)
|
|
|
d0283b |
|
|
|
d0283b |
diff --git a/daemons/lvmdbusd/lvm_shell_proxy.py.in b/daemons/lvmdbusd/lvm_shell_proxy.py.in
|
|
|
d0283b |
index 40639442c..1a5051a92 100644
|
|
|
d0283b |
--- a/daemons/lvmdbusd/lvm_shell_proxy.py.in
|
|
|
d0283b |
+++ b/daemons/lvmdbusd/lvm_shell_proxy.py.in
|
|
|
d0283b |
@@ -129,31 +129,29 @@ class LVMShellProxy(object):
|
|
|
d0283b |
except FileExistsError:
|
|
|
d0283b |
pass
|
|
|
d0283b |
|
|
|
d0283b |
- # We have to open non-blocking as the other side isn't open until
|
|
|
d0283b |
- # we actually fork the process.
|
|
|
d0283b |
+ # Open the fifo for use to read and for lvm child process to write to.
|
|
|
d0283b |
self.report_fd = os.open(tmp_file, os.O_NONBLOCK)
|
|
|
d0283b |
self.report_stream = os.fdopen(self.report_fd, 'rb', 0)
|
|
|
d0283b |
+ lvm_fd = os.open(tmp_file, os.O_WRONLY)
|
|
|
d0283b |
|
|
|
d0283b |
- # Setup the environment for using our own socket for reporting
|
|
|
d0283b |
- local_env = {}
|
|
|
d0283b |
- local_env["LC_ALL"] = "C"
|
|
|
d0283b |
- local_env["LVM_REPORT_FD"] = "32"
|
|
|
d0283b |
- local_env["LVM_COMMAND_PROFILE"] = "lvmdbusd"
|
|
|
d0283b |
-
|
|
|
d0283b |
- # Disable the abort logic if lvm logs too much, which easily happens
|
|
|
d0283b |
- # when utilizing the lvm shell.
|
|
|
d0283b |
- local_env["LVM_LOG_FILE_MAX_LINES"] = "0"
|
|
|
d0283b |
+ # Set up the environment for using our own socket for reporting and disable the abort
|
|
|
d0283b |
+ # logic if lvm logs too much, which easily happens when utilizing the lvm shell.
|
|
|
d0283b |
+ local_env = {"LC_ALL": "C", "LVM_REPORT_FD": "%s" % lvm_fd, "LVM_COMMAND_PROFILE": "lvmdbusd",
|
|
|
d0283b |
+ "LVM_LOG_FILE_MAX_LINES": "0"}
|
|
|
d0283b |
|
|
|
d0283b |
# run the lvm shell
|
|
|
d0283b |
self.lvm_shell = subprocess.Popen(
|
|
|
d0283b |
- [LVM_CMD + " 32>%s" % tmp_file],
|
|
|
d0283b |
+ [LVM_CMD],
|
|
|
d0283b |
stdin=subprocess.PIPE, stdout=subprocess.PIPE, env=local_env,
|
|
|
d0283b |
- stderr=subprocess.PIPE, close_fds=True, shell=True)
|
|
|
d0283b |
+ stderr=subprocess.PIPE, close_fds=True, pass_fds=(lvm_fd,), shell=False)
|
|
|
d0283b |
|
|
|
d0283b |
try:
|
|
|
d0283b |
make_non_block(self.lvm_shell.stdout)
|
|
|
d0283b |
make_non_block(self.lvm_shell.stderr)
|
|
|
d0283b |
|
|
|
d0283b |
+ # Close our copy of the lvm_fd, child process is open in its process space
|
|
|
d0283b |
+ os.close(lvm_fd)
|
|
|
d0283b |
+
|
|
|
d0283b |
# wait for the first prompt
|
|
|
d0283b |
errors = self._read_until_prompt(no_output=True)[2]
|
|
|
d0283b |
if errors and len(errors):
|
|
|
d0283b |
--
|
|
|
d0283b |
2.37.1
|
|
|
d0283b |
|