diff options
Diffstat (limited to 'recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch')
-rw-r--r-- | recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch b/recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch deleted file mode 100644 index 0e24c56b..00000000 --- a/recipes-extended/glusterfs/files/0001-shared-storage-Prevent-mounting-shared-storage-from-.patch +++ /dev/null @@ -1,70 +0,0 @@ -From d1936056d77abcfda14386235a88ed553341a429 Mon Sep 17 00:00:00 2001 -From: Mohammed Rafi KC <rkavunga@redhat.com> -Date: Mon, 26 Mar 2018 20:27:34 +0530 -Subject: [PATCH 1/3] shared storage: Prevent mounting shared storage from - non-trusted client - -gluster shared storage is a volume used for internal storage for -various features including ganesha, geo-rep, snapshot. - -So this volume should not be exposed to the client, as it is -a special volume for internal use. - -This fix wont't generate non trusted volfile for shared storage volume. - -Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c -fixes: bz#1568844 -BUG: 1568844 -Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> - -Upstream-Status: Backport -Fix CVE-2018-1088 - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - ---- - xlators/mgmt/glusterd/src/glusterd-volgen.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c -index 0a0668e..308c41f 100644 ---- a/xlators/mgmt/glusterd/src/glusterd-volgen.c -+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c -@@ -5721,6 +5721,7 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo, - int i = 0; - int ret = -1; - char filepath[PATH_MAX] = {0,}; -+ char *volname = NULL; - char *types[] = {NULL, NULL, NULL}; - dict_t *dict = NULL; - xlator_t *this = NULL; -@@ -5728,6 +5729,26 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo, - - this = THIS; - -+ volname = volinfo->is_snap_volume ? -+ volinfo->parent_volname : volinfo->volname; -+ -+ -+ if (volname && !strcmp (volname, GLUSTER_SHARED_STORAGE) && -+ client_type != GF_CLIENT_TRUSTED) { -+ /* -+ * shared storage volume cannot be mounted from non trusted -+ * nodes. So we are not creating volfiles for non-trusted -+ * clients for shared volumes as well as snapshot of shared -+ * volumes. -+ */ -+ -+ ret = 0; -+ gf_msg_debug ("glusterd", 0, "Skipping the non-trusted volfile" -+ "creation for shared storage volume. Volume %s", -+ volname); -+ goto out; -+ } -+ - enumerate_transport_reqs (volinfo->transport_type, types); - dict = dict_new (); - if (!dict) --- -2.7.4 - |