Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/nova/patches/07-CVE-2013-7048.patch
author Drew Fisher <drew.fisher@oracle.com>
Mon, 31 Mar 2014 16:44:02 -0700
branchs11-update
changeset 3028 5e73a3a3f66a
permissions -rw-r--r--
PSARC/2013/350 OpenStack for Solaris (Umbrella) PSARC/2014/007 OpenStack client API components for Grizzly PSARC/2014/048 OpenStack Keystone (OpenStack Identity Service) PSARC/2014/049 OpenStack Nova (OpenStack Compute Service) PSARC/2014/054 OpenStack Cinder (OpenStack Block Storage Service) PSARC/2014/055 OpenStack Glance (OpenStack Image Service) PSARC/2014/058 OpenStack Horizon (OpenStack Dashboard) PSARC/2014/059 OpenStack Neutron (OpenStack Networking Service) 17531161 greenlet doesn't build with gcc 4.7.X 18143276 greenlet can crash with register window corruption on MP SPARC 18290089 integrate cinderclient 18290097 integrate glanceclient 18290102 integrate keystoneclient 18290109 integrate neutronclient 18290113 integrate novaclient 18290119 integrate swiftclient 18290125 integrate quantumclient 18307582 Request to integrate Cinder into userland 18307595 Request to integrate Glance into userland 18307626 Request to integrate Horizon into userland 18307641 Request to integrate Keystone into userland 18307650 Request to integrate Neutron into userland 18307659 Request to integrate Nova into userland 18321909 a few Python packages deliver both po and mo files 18362900 Dnsmasq's SMF method_credential is missing a privilege 18363793 Dnsmasq should use SIOCSXARP ioctl
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
3028
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff changeset 
     1
 
Upstream patch fixed in Grizzly 2013.1.5, Havana 2013.2.2, Icehouse
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff changeset 
     2
 












5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     3


commit 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     4


Author: Xavier Queralt <[email protected]>













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     5


Date:   Wed Nov 27 20:44:36 2013 +0100













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     6














5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     7


    Enforce permissions in snapshots temporary dir













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     8


    













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     9


    Live snapshots creates a temporary directory where libvirt driver













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    10


    creates a new image from the instance's disk using blockRebase.













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    11


    Currently this directory is created with 777 permissions making this













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    12


    directory accessible by all the users in the system.













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    13


    













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    14


    This patch changes the tempdir permissions so they have the o+x













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    15


    flag set, which is what libvirt needs to be able to write in it and













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    16


    













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    17


    Closes-Bug: #1227027













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    18


    Change-Id: I767ff5247b4452821727e92b668276004fc0f84d













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    19


    (cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    20














5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    21


diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    22


index 6b977cb..4cc85f1 100755













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    23


--- a/nova/virt/libvirt/driver.py













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    24


+++ b/nova/virt/libvirt/driver.py













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    25


@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    26


             try:













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    27


                 out_path = os.path.join(tmpdir, snapshot_name)













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    28


                 if live_snapshot:













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    29


-                    # NOTE (rmk): libvirt needs to be able to write to the













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    30


-                    #             temp directory, which is owned nova.













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    31


-                    utils.execute('chmod', '777', tmpdir, run_as_root=True)













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    32


+                    # NOTE(xqueralt): libvirt needs o+x in the temp directory













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    33


+                    os.chmod(tmpdir, 0o701)













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    34


                     self._live_snapshot(virt_dom, disk_path, out_path,













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    35


                                         image_format)













5e73a3a3f66a
PSARC/2013/350 OpenStack for Solaris (Umbrella)



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    36


                 else:















upstream/oracle/userland-gate