Karel Zak 3fbed7
From a80ba745cc54d5ba726e48065aebe6dac50dedd2 Mon Sep 17 00:00:00 2001
Karel Zak 991206
From: Karel Zak <kzak@redhat.com>
Karel Zak 991206
Date: Mon, 24 Jan 2022 14:08:08 +0100
Karel Zak 991206
Subject: uuidd: fix open/lock state issue
Karel Zak 991206
Karel Zak 991206
* warn on open/lock state issue
Karel Zak 991206
Karel Zak 991206
* enable access to /var/lib/libuuid/, because ProtectSystem=strict make it read-only
Karel Zak 991206
Karel Zak 991206
  openat(AT_FDCWD, "/var/lib/libuuid/clock.txt",
Karel Zak 991206
     O_RDWR|O_CREAT|O_CLOEXEC, 0660) = -1 EROFS (Read-only file system)
Karel Zak 991206
Karel Zak 991206
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2040366
Karel Zak 991206
Upstream: http://github.com/util-linux/util-linux/commit/f27876f9c1056bf41fd940d5c4990b4277e0024f
Karel Zak 991206
Upstream: http://github.com/util-linux/util-linux/commit/417982d0236a12756923d88e627f5e4facf8951c
Karel Zak 991206
Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak 991206
---
Karel Zak 991206
 misc-utils/uuidd.c          | 9 ++++++---
Karel Zak 991206
 misc-utils/uuidd.service.in | 1 +
Karel Zak 991206
 2 files changed, 7 insertions(+), 3 deletions(-)
Karel Zak 991206
Karel Zak 991206
diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
Karel Zak 991206
index fa8db173b..78a37d2e8 100644
Karel Zak 991206
--- a/misc-utils/uuidd.c
Karel Zak 991206
+++ b/misc-utils/uuidd.c
Karel Zak 991206
@@ -494,7 +494,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
Karel Zak 991206
 			break;
Karel Zak 991206
 		case UUIDD_OP_TIME_UUID:
Karel Zak 991206
 			num = 1;
Karel Zak 991206
-			__uuid_generate_time(uu, &num);
Karel Zak 991206
+			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
Karel Zak 991206
+				warnx(_("failed to open/lock clock counter"));
Karel Zak 991206
 			if (uuidd_cxt->debug) {
Karel Zak 991206
 				uuid_unparse(uu, str);
Karel Zak 991206
 				fprintf(stderr, _("Generated time UUID: %s\n"), str);
Karel Zak 991206
@@ -504,7 +505,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
Karel Zak 991206
 			break;
Karel Zak 991206
 		case UUIDD_OP_RANDOM_UUID:
Karel Zak 991206
 			num = 1;
Karel Zak 991206
-			__uuid_generate_random(uu, &num);
Karel Zak 991206
+			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
Karel Zak 991206
+				warnx(_("failed to open/lock clock counter"));
Karel Zak 991206
 			if (uuidd_cxt->debug) {
Karel Zak 991206
 				uuid_unparse(uu, str);
Karel Zak 991206
 				fprintf(stderr, _("Generated random UUID: %s\n"), str);
Karel Zak 991206
@@ -513,7 +515,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
Karel Zak 991206
 			reply_len = sizeof(uu);
Karel Zak 991206
 			break;
Karel Zak 991206
 		case UUIDD_OP_BULK_TIME_UUID:
Karel Zak 991206
-			__uuid_generate_time(uu, &num);
Karel Zak 991206
+			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
Karel Zak 991206
+				warnx(_("failed to open/lock clock counter"));
Karel Zak 991206
 			if (uuidd_cxt->debug) {
Karel Zak 991206
 				uuid_unparse(uu, str);
Karel Zak 991206
 				fprintf(stderr, P_("Generated time UUID %s "
Karel Zak 991206
diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in
Karel Zak 991206
index b4c9c4635..e64ca59b5 100644
Karel Zak 991206
--- a/misc-utils/uuidd.service.in
Karel Zak 991206
+++ b/misc-utils/uuidd.service.in
Karel Zak 991206
@@ -18,6 +18,7 @@ ProtectKernelModules=yes
Karel Zak 991206
 ProtectControlGroups=yes
Karel Zak 991206
 RestrictAddressFamilies=AF_UNIX
Karel Zak 991206
 MemoryDenyWriteExecute=yes
Karel Zak 991206
+ReadWritePaths=/var/lib/libuuid/
Karel Zak 991206
 SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io
Karel Zak 991206
 
Karel Zak 991206
 [Install]
Karel Zak 991206
-- 
Karel Zak 991206
2.34.1
Karel Zak 991206