Compare commits

..

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

2
.gitignore vendored

@ -1 +1 @@
SOURCES/smartmontools-7.2.tar.gz
SOURCES/smartmontools-7.4.tar.gz

@ -1 +1 @@
8d68241096f6ed5b1bbcd8b427fa4a881c1f3e33 SOURCES/smartmontools-7.2.tar.gz
b0d7c9ca80768059607b92bf4e373e2822300d3f SOURCES/smartmontools-7.4.tar.gz

File diff suppressed because it is too large Load Diff

@ -24,10 +24,6 @@ case "$SMARTD_FAILTYPE" in
exit 0
esac
# direct write to terminals, do not use 'wall', because we don't want its ugly header
for t in $(who | awk '{ print $2; }' | grep -e '^tty' -e '^pts/')
do
echo "$MESSAGE
$SMARTD_MESSAGE" >/dev/$t 2>/dev/null ||:
done
echo "$MESSAGE
$SMARTD_MESSAGE" | wall -n 2>/dev/null ||:

@ -0,0 +1,11 @@
/etc/rc\.d/init\.d/(smartd|smartmontools) -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0)
/usr/sbin/smartd -- gen_context(system_u:object_r:fsdaemon_exec_t,s0)
/var/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
/var/lib/smartmontools(/.*)? gen_context(system_u:object_r:fsdaemon_var_lib_t,s0)
/etc/smartmontools/smartd_warning.(sh|d/.*) gen_context(system_u:object_r:smartdwarn_script_t,s0)
/usr/libexec/smartmontools/smartdnotify -- gen_context(system_u:object_r:smartdwarn_script_t,s0)

@ -0,0 +1,68 @@
## <summary>Smart disk monitoring daemon.</summary>
#######################################
## <summary>
## Read smartmon temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`smartmon_read_tmp_files',`
gen_require(`
type fsdaemon_tmp_t;
')
files_search_tmp($1)
allow $1 fsdaemon_tmp_t:file read_file_perms;
')
########################################
## <summary>
## All of the rules required to
## administrate an smartmon environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`smartmon_admin',`
gen_require(`
type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
type fsdaemon_var_lib_t, fsdaemon_initrc_exec_t;
type smartdwarn_t, smartdwarn_script_t;
')
allow $1 fsdaemon_t:process signal_perms;
ps_process_pattern($1, fsdaemon_t)
tunable_policy(`deny_ptrace',`',`
allow $1 fsdaemon_t:process ptrace;
')
init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 fsdaemon_initrc_exec_t system_r;
allow $2 system_r;
admin_pattern($1, smartdwarn_script_t)
files_list_tmp($1)
admin_pattern($1, fsdaemon_tmp_t)
files_list_pids($1)
admin_pattern($1, fsdaemon_var_run_t)
files_list_var_lib($1)
admin_pattern($1, fsdaemon_var_lib_t)
')

@ -0,0 +1,195 @@
policy_module(smartmon, 1.13.0)
########################################
#
# Declarations
#
## <desc>
## <p>
## Determine whether smartmon can support
## devices on 3ware controllers.
## </p>
## </desc>
gen_tunable(smartmon_3ware, false)
require {
class capability dac_override;
type tty_device_t, user_devpts_t, system_mail_t;
}
type fsdaemon_t;
type fsdaemon_exec_t;
init_daemon_domain(fsdaemon_t, fsdaemon_exec_t)
type fsdaemon_initrc_exec_t;
init_script_file(fsdaemon_initrc_exec_t)
# runs smartd_warning.sh and smartd_warning.d/*
type smartdwarn_t;
type smartdwarn_script_t;
type_transition fsdaemon_t smartdwarn_script_t:process smartdwarn_t;
role system_r types smartdwarn_t;
files_type(smartdwarn_script_t)
application_domain(smartdwarn_t, smartdwarn_script_t)
domtrans_pattern(fsdaemon_t, smartdwarn_script_t, smartdwarn_t)
corecmd_exec_bin(smartdwarn_t)
corecmd_exec_shell(smartdwarn_t)
# reads list of users
auth_read_passwd_file(smartdwarn_t)
hostname_domtrans(smartdwarn_t)
# smartd_warning.sh to run smartd_warning.d/* scripts
allow smartdwarn_t smartdwarn_script_t:file execute_no_trans;
# for wall cmd
init_read_utmp(smartdwarn_t)
allow smartdwarn_t tty_device_t:chr_file { open write };
allow smartdwarn_t user_devpts_t:chr_file { open write };
allow smartdwarn_t self:capability { setgid dac_override };
files_manage_generic_tmp_files(smartdwarn_t)
term_open_unallocated_ttys(smartdwarn_t)
term_search_ptys(smartdwarn_t)
userdom_use_user_terminals(smartdwarn_t)
optional_policy(`
systemd_exec_systemctl(smartdwarn_t)
')
optional_policy(`
mta_send_mail(smartdwarn_t)
mta_manage_home_rw(smartdwarn_t)
')
# optional_policy(`
# unconfined_domain(smartdwarn_t)
# ')
type fsdaemon_var_run_t;
files_pid_file(fsdaemon_var_run_t)
type fsdaemon_var_lib_t;
files_type(fsdaemon_var_lib_t)
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
ifdef(`enable_mls',`
init_ranged_daemon_domain(fsdaemon_t, fsdaemon_exec_t, mls_systemhigh)
')
########################################
#
# Local policy
#
allow fsdaemon_t self:capability { dac_read_search dac_override kill setpcap setgid sys_rawio sys_admin };
dontaudit fsdaemon_t self:capability sys_tty_config;
allow fsdaemon_t self:process { getcap setcap signal_perms };
allow fsdaemon_t self:fifo_file rw_fifo_file_perms;
allow fsdaemon_t self:unix_stream_socket { accept listen };
manage_dirs_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
manage_files_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
files_tmp_filetrans(fsdaemon_t, fsdaemon_tmp_t, { file dir })
manage_files_pattern(fsdaemon_t, fsdaemon_var_run_t, fsdaemon_var_run_t)
files_pid_filetrans(fsdaemon_t, fsdaemon_var_run_t, file)
manage_dirs_pattern(fsdaemon_t, fsdaemon_var_lib_t, fsdaemon_var_lib_t)
manage_files_pattern(fsdaemon_t, fsdaemon_var_lib_t, fsdaemon_var_lib_t)
files_var_lib_filetrans(fsdaemon_t, fsdaemon_var_lib_t, { dir file })
kernel_read_kernel_sysctls(fsdaemon_t)
kernel_read_network_state(fsdaemon_t)
kernel_read_software_raid_state(fsdaemon_t)
kernel_read_system_state(fsdaemon_t)
auth_use_nsswitch(fsdaemon_t)
corecmd_exec_all_executables(fsdaemon_t)
corenet_all_recvfrom_netlabel(fsdaemon_t)
corenet_udp_sendrecv_generic_if(fsdaemon_t)
corenet_udp_sendrecv_generic_node(fsdaemon_t)
corenet_udp_sendrecv_all_ports(fsdaemon_t)
dev_read_sysfs(fsdaemon_t)
dev_read_urand(fsdaemon_t)
domain_use_interactive_fds(fsdaemon_t)
files_exec_etc_files(fsdaemon_t)
files_read_etc_runtime_files(fsdaemon_t)
fs_getattr_all_fs(fsdaemon_t)
fs_search_auto_mountpoints(fsdaemon_t)
fs_read_removable_files(fsdaemon_t)
mls_file_read_all_levels(fsdaemon_t)
storage_create_fixed_disk_dev(fsdaemon_t)
storage_dev_filetrans_named_fixed_disk(fsdaemon_t)
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
storage_raw_read_removable_device(fsdaemon_t)
storage_read_scsi_generic(fsdaemon_t)
storage_write_scsi_generic(fsdaemon_t)
term_dontaudit_search_ptys(fsdaemon_t)
domain_signull_all_domains(fsdaemon_t)
auth_read_passwd(fsdaemon_t)
init_read_utmp(fsdaemon_t)
libs_exec_ld_so(fsdaemon_t)
libs_exec_lib_files(fsdaemon_t)
logging_send_syslog_msg(fsdaemon_t)
seutil_sigchld_newrole(fsdaemon_t)
sysnet_dns_name_resolve(fsdaemon_t)
userdom_dontaudit_use_unpriv_user_fds(fsdaemon_t)
userdom_dontaudit_search_user_home_dirs(fsdaemon_t)
userdom_dontaudit_manage_admin_dir(fsdaemon_t)
userdom_use_user_terminals(fsdaemon_t)
tunable_policy(`smartmon_3ware',`
allow fsdaemon_t self:process setfscreate;
storage_create_fixed_disk_dev(fsdaemon_t)
storage_delete_fixed_disk_dev(fsdaemon_t)
storage_dev_filetrans_fixed_disk(fsdaemon_t)
selinux_validate_context(fsdaemon_t)
seutil_read_file_contexts(fsdaemon_t)
')
# this should be no longer needed with smartdwarn_t
# optional_policy(`
# mta_send_mail(fsdaemon_t)
# mta_manage_home_rw(fsdaemon_t)
# ')
# still creator of the pipe (stdout, stderr) for smartd_warning and mail
allow system_mail_t fsdaemon_t:fifo_file { getattr read write append ioctl lock };
optional_policy(`
udev_read_db(fsdaemon_t)
')
optional_policy(`
virt_read_images(fsdaemon_t)
')

@ -1,32 +0,0 @@
diff -up smartmontools-7.2/smartd.cpp.capnotify smartmontools-7.2/smartd.cpp
--- smartmontools-7.2/smartd.cpp.capnotify 2020-11-23 19:25:16.000000000 +0100
+++ smartmontools-7.2/smartd.cpp 2021-06-16 12:06:03.985526022 +0200
@@ -1020,6 +1020,8 @@ static void capabilities_drop_now()
capng_clear(CAPNG_SELECT_BOTH);
capng_updatev(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE|CAPNG_PERMITTED),
CAP_SYS_ADMIN, CAP_MKNOD, CAP_SYS_RAWIO, -1);
+ capng_updatev(CAPNG_ADD, (capng_type_t)(CAPNG_BOUNDING_SET),
+ CAP_SETGID, CAP_SETUID, CAP_CHOWN, CAP_FOWNER, CAP_DAC_OVERRIDE, -1);
capng_apply(CAPNG_SELECT_BOTH);
}
@@ -1030,9 +1032,8 @@ static void capabilities_check_config(de
for (unsigned i = 0; i < configs.size(); i++) {
dev_config & cfg = configs[i];
if (!cfg.emailaddress.empty() || !cfg.emailcmdline.empty()) {
- PrintOut(LOG_INFO, "Device: %s, --capabilites is set, mail will be suppressed.\n",
+ PrintOut(LOG_INFO, "Device: %s, --capabilites is set, mail notification may not work.\n",
cfg.name.c_str());
- cfg.emailaddress.clear(); cfg.emailcmdline.clear();
}
}
}
@@ -1633,7 +1634,7 @@ static void Usage()
#ifdef HAVE_LIBCAP_NG
PrintOut(LOG_INFO," -C, --capabilities\n");
PrintOut(LOG_INFO," Drop unneeded Linux process capabilities.\n"
- " Warning: Mail notification does not work when used.\n\n");
+ " Warning: Mail notification may not work when used.\n\n");
#endif
PrintOut(LOG_INFO," -d, --debug\n");
PrintOut(LOG_INFO," Start smartd in debug mode\n\n");

@ -1,231 +0,0 @@
From 7c207dd5d06efccdee7258f832d4216fe5d1d998 Mon Sep 17 00:00:00 2001
From: "Milan P. Gandhi" <mgandhi@redhat.com>
Date: Mon, 17 Oct 2022 14:25:34 +0530
Subject: [PATCH 3/3] scsiprint.cpp: applied patch proposed by Yannick Hemery
to merge both 'supported' log pages
---
smartmontools-7.1/scsicmds.h | 5 ++
smartmontools-7.1/scsiprint.cpp | 103 +++++++++++++++++---------------
2 files changed, 59 insertions(+), 49 deletions(-)
diff --git a/smartmontools-7.1/scsicmds.h b/smartmontools-7.1/scsicmds.h
index 516f773..9bd8b21 100644
--- a/smartmontools-7.1/scsicmds.h
+++ b/smartmontools-7.1/scsicmds.h
@@ -167,6 +167,11 @@ struct scsi_readcap_resp {
uint16_t l_a_lba; /* Lowest Aligned Logical Block Address */
};
+struct scsi_supp_log_pages {
+ uint8_t page_code;
+ uint8_t subpage_code;
+};
+
/* SCSI Peripheral types (of interest) */
#define SCSI_PT_DIRECT_ACCESS 0x0
#define SCSI_PT_SEQUENTIAL_ACCESS 0x1
diff --git a/smartmontools-7.1/scsiprint.cpp b/smartmontools-7.1/scsiprint.cpp
index 81bed88..21a4929 100644
--- a/smartmontools-7.1/scsiprint.cpp
+++ b/smartmontools-7.1/scsiprint.cpp
@@ -39,6 +39,9 @@ uint8_t gBuf[GBUF_SIZE];
#define LOG_RESP_LONG_LEN ((62 * 256) + 252)
#define LOG_RESP_TAPE_ALERT_LEN 0x144
+/* Supported log pages + Supported log pages and subpages maximum count */
+#define SCSI_SUPP_LOG_PAGES_MAX_COUNT (252 + (62 * 128) + 126)
+
/* Log pages supported */
static bool gSmartLPage = false; /* Informational Exceptions log page */
static bool gTempLPage = false;
@@ -118,14 +121,17 @@ static void
scsiGetSupportedLogPages(scsi_device * device)
{
bool got_subpages = false;
- int k, bump, err, resp_len, num_unreported, num_unreported_spg;
- int resp_len_pg0_0 = 0;
- int resp_len_pg0_ff = 0; /* in SPC-4, response length of supported
- * log pages _and_ log subpages */
+ int k, err, resp_len, num_unreported, num_unreported_spg;
+ int supp_lpg_and_spg_count = 0;
+
const uint8_t * up;
uint8_t sup_lpgs[LOG_RESP_LEN];
+ struct scsi_supp_log_pages supp_lpg_and_spg[SCSI_SUPP_LOG_PAGES_MAX_COUNT];
memset(gBuf, 0, LOG_RESP_LEN);
+ memset(supp_lpg_and_spg, 0, sizeof(supp_lpg_and_spg));
+
+ /* Get supported log pages */
if ((err = scsiLogSense(device, SUPPORTED_LPAGES, 0, gBuf,
LOG_RESP_LEN, 0 /* do double fetch */))) {
if (scsi_debugmode > 0)
@@ -140,12 +146,23 @@ scsiGetSupportedLogPages(scsi_device * device)
logSenStr, scsiErrString(err));
if (err)
return;
- memcpy(sup_lpgs, gBuf, LOG_RESP_LEN);
- } else if ((scsi_version >= SCSI_VERSION_SPC_4) &&
- (scsi_version <= SCSI_VERSION_HIGHEST)) {
+ }
+
+ memcpy(sup_lpgs, gBuf, LOG_RESP_LEN);
+ resp_len = gBuf[3];
+ up = gBuf + LOGPAGEHDRSIZE;
+
+ for (k = 0; k < resp_len; k += 1) {
+ uint8_t page_code = 0x3f & up[k];
+ supp_lpg_and_spg[supp_lpg_and_spg_count++] = {page_code, 0};
+ }
+
+ /* Get supported log pages and subpages. Most drives seems to include the
+ supported log pages here as well, but some drives such as the Samsung
+ PM1643a will only report the additional log pages with subpages here */
+ if ((scsi_version >= SCSI_VERSION_SPC_4) &&
+ (scsi_version <= SCSI_VERSION_HIGHEST)) {
/* unclear what code T10 will choose for SPC-6 */
- memcpy(sup_lpgs, gBuf, LOG_RESP_LEN);
- resp_len_pg0_0 = sup_lpgs[3];
if ((err = scsiLogSense(device, SUPPORTED_LPAGES, SUPP_SPAGE_L_SPAGE,
gBuf, LOG_RESP_LONG_LEN,
-1 /* just single not double fetch */))) {
@@ -153,6 +170,7 @@ scsiGetSupportedLogPages(scsi_device * device)
pout("%s for supported pages and subpages failed [%s]\n",
logSenStr, scsiErrString(err));
} else {
+ /* Ensure we didn't get the same answer than without the subpages */
if (0 == memcmp(gBuf, sup_lpgs, LOG_RESP_LEN)) {
if (scsi_debugmode > 0)
pout("%s: %s ignored subpage field, bad\n",
@@ -163,48 +181,34 @@ scsiGetSupportedLogPages(scsi_device * device)
pout("%s supported subpages is bad SPF=%u SUBPG=%u\n",
logSenRspStr, !! (0x40 & gBuf[0]), gBuf[2]);
} else {
- resp_len_pg0_ff = sg_get_unaligned_be16(gBuf + 2);
got_subpages = true;
}
}
- } else {
- memcpy(sup_lpgs, gBuf, LOG_RESP_LEN);
- resp_len_pg0_0 = sup_lpgs[3];
}
if (got_subpages) {
resp_len = sg_get_unaligned_be16(gBuf + 2);
- if (resp_len_pg0_ff <= resp_len_pg0_0) {
- /* something is rotten ....., ignore SUPP_SPAGE_L_SPAGE */
- resp_len = resp_len_pg0_0;
- bump = 1;
- up = sup_lpgs + LOGPAGEHDRSIZE;
- got_subpages = false;
- (void)got_subpages; // not yet used below, suppress warning
- } else {
- resp_len = resp_len_pg0_ff;
- bump = 2;
- up = gBuf + LOGPAGEHDRSIZE;
+ up = gBuf + LOGPAGEHDRSIZE;
+ for (k = 0; k < resp_len; k += 2) {
+ uint8_t page_code = 0x3f & up[k];
+ uint8_t subpage_code = up[k+1];
+ supp_lpg_and_spg[supp_lpg_and_spg_count++] = {page_code, subpage_code};
}
- } else {
- resp_len = resp_len_pg0_0;
- bump = 1;
- up = sup_lpgs + LOGPAGEHDRSIZE;
}
+ num_unreported = 0;
num_unreported_spg = 0;
- for (num_unreported = 0, k = 0; k < resp_len; k += bump, up += bump) {
- uint8_t pg_num = 0x3f & up[0];
- uint8_t sub_pg_num = (0x40 & up[0]) ? up[1] : 0;
+ for (k = 0; k < supp_lpg_and_spg_count; k += 1) {
+ struct scsi_supp_log_pages supp_lpg = supp_lpg_and_spg[k];
- switch (pg_num)
+ switch (supp_lpg.page_code)
{
case SUPPORTED_LPAGES:
- if (! ((NO_SUBPAGE_L_SPAGE == sub_pg_num) ||
- (SUPP_SPAGE_L_SPAGE == sub_pg_num))) {
+ if (! ((NO_SUBPAGE_L_SPAGE == supp_lpg.subpage_code) ||
+ (SUPP_SPAGE_L_SPAGE == supp_lpg.subpage_code))) {
if (scsi_debugmode > 1)
pout("%s: Strange Log page number: 0x0,0x%x\n",
- __func__, sub_pg_num);
+ __func__, supp_lpg.subpage_code);
}
break;
case READ_ERROR_COUNTER_LPAGE:
@@ -223,13 +227,13 @@ scsiGetSupportedLogPages(scsi_device * device)
gNonMediumELPage = true;
break;
case TEMPERATURE_LPAGE:
- if (NO_SUBPAGE_L_SPAGE == sub_pg_num)
+ if (NO_SUBPAGE_L_SPAGE == supp_lpg.subpage_code)
gTempLPage = true;
- else if (ENVIRO_REP_L_SPAGE == sub_pg_num)
+ else if (ENVIRO_REP_L_SPAGE == supp_lpg.subpage_code)
gEnviroReportingLPage = true;
- else if (ENVIRO_LIMITS_L_SPAGE == sub_pg_num)
+ else if (ENVIRO_LIMITS_L_SPAGE == supp_lpg.subpage_code)
gEnviroLimitsLPage = true;
- else if (SUPP_SPAGE_L_SPAGE != sub_pg_num) {
+ else if (SUPP_SPAGE_L_SPAGE != supp_lpg.subpage_code) {
++num_unreported;
++num_unreported_spg;
}
@@ -238,11 +242,11 @@ scsiGetSupportedLogPages(scsi_device * device)
reporting of <lpage>,0xff so it is not an error. */
break;
case STARTSTOP_CYCLE_COUNTER_LPAGE:
- if (NO_SUBPAGE_L_SPAGE == sub_pg_num)
+ if (NO_SUBPAGE_L_SPAGE == supp_lpg.subpage_code)
gStartStopLPage = true;
- else if (UTILIZATION_L_SPAGE == sub_pg_num)
+ else if (UTILIZATION_L_SPAGE == supp_lpg.subpage_code)
gUtilizationLPage = true;
- else if (SUPP_SPAGE_L_SPAGE != sub_pg_num) {
+ else if (SUPP_SPAGE_L_SPAGE != supp_lpg.subpage_code) {
++num_unreported;
++num_unreported_spg;
}
@@ -254,15 +258,15 @@ scsiGetSupportedLogPages(scsi_device * device)
gSmartLPage = true;
break;
case BACKGROUND_RESULTS_LPAGE:
- if (NO_SUBPAGE_L_SPAGE == sub_pg_num)
+ if (NO_SUBPAGE_L_SPAGE == supp_lpg.subpage_code)
gBackgroundResultsLPage = true;
- else if (PEND_DEFECTS_L_SPAGE == sub_pg_num)
+ else if (PEND_DEFECTS_L_SPAGE == supp_lpg.subpage_code)
gPendDefectsLPage = true;
- else if (BACKGROUND_OP_L_SPAGE == sub_pg_num)
+ else if (BACKGROUND_OP_L_SPAGE == supp_lpg.subpage_code)
gBackgroundOpLPage = true;
- else if (LPS_MISALIGN_L_SPAGE == sub_pg_num)
+ else if (LPS_MISALIGN_L_SPAGE == supp_lpg.subpage_code)
gLPSMisalignLPage = true;
- else if (SUPP_SPAGE_L_SPAGE != sub_pg_num) {
+ else if (SUPP_SPAGE_L_SPAGE != supp_lpg.subpage_code) {
++num_unreported;
++num_unreported_spg;
}
@@ -296,9 +300,10 @@ scsiGetSupportedLogPages(scsi_device * device)
gSeagateFactoryLPage = true;
break;
default:
- if (pg_num < 0x30) { /* don't count VS pages */
+ if (supp_lpg.page_code < 0x30) { /* don't count VS pages */
++num_unreported;
- if ((sub_pg_num > 0) && (SUPP_SPAGE_L_SPAGE != sub_pg_num))
+ if ((supp_lpg.subpage_code > 0) &&
+ (SUPP_SPAGE_L_SPAGE != supp_lpg.subpage_code))
++num_unreported_spg;
}
break;
--
2.35.1

@ -1,38 +0,0 @@
diff -up smartmontools-7.2/os_linux.cpp.permsfix smartmontools-7.2/os_linux.cpp
--- smartmontools-7.2/os_linux.cpp.permsfix 2021-11-02 22:08:51.956425716 +0100
+++ smartmontools-7.2/os_linux.cpp 2021-11-02 22:09:55.928583584 +0100
@@ -1022,7 +1022,7 @@ bool linux_aacraid_device::open()
return set_err(ENOENT, "aac entry not found in /proc/devices");
//Create misc device file in /dev/ used for communication with driver
- if(mknod(dev_name,S_IFCHR,makedev(mjr,aHost)))
+ if(mknod(dev_name,S_IFCHR|0600,makedev(mjr,aHost)))
return set_err(errno,"cannot create %s:%s",dev_name,strerror(errno));
afd = ::open(dev_name,O_RDWR);
@@ -1298,14 +1298,14 @@ bool linux_megaraid_device::open()
while (fgets(line, sizeof(line), fp) != NULL) {
int n1 = 0;
if (sscanf(line, "%d megaraid_sas_ioctl%n", &mjr, &n1) == 1 && n1 == 22) {
- n1=mknod("/dev/megaraid_sas_ioctl_node", S_IFCHR, makedev(mjr, 0));
+ n1=mknod("/dev/megaraid_sas_ioctl_node", S_IFCHR|0600, makedev(mjr, 0));
if(report > 0)
pout("Creating /dev/megaraid_sas_ioctl_node = %d\n", n1 >= 0 ? 0 : errno);
if (n1 >= 0 || errno == EEXIST)
break;
}
else if (sscanf(line, "%d megadev%n", &mjr, &n1) == 1 && n1 == 11) {
- n1=mknod("/dev/megadev0", S_IFCHR, makedev(mjr, 0));
+ n1=mknod("/dev/megadev0", S_IFCHR|0600, makedev(mjr, 0));
if(report > 0)
pout("Creating /dev/megadev0 = %d\n", n1 >= 0 ? 0 : errno);
if (n1 >= 0 || errno == EEXIST)
@@ -2970,7 +2970,7 @@ bool linux_smart_interface::get_dev_mega
n1=0;
if (sscanf(line, "%d megaraid_sas_ioctl%n", &mjr, &n1) == 1 && n1 == 22) {
scan_megasas = true;
- n1=mknod("/dev/megaraid_sas_ioctl_node", S_IFCHR, makedev(mjr, 0));
+ n1=mknod("/dev/megaraid_sas_ioctl_node", S_IFCHR|0600, makedev(mjr, 0));
if(scsi_debugmode > 0)
pout("Creating /dev/megaraid_sas_ioctl_node = %d\n", n1 >= 0 ? 0 : errno);
if (n1 >= 0 || errno == EEXIST)

@ -0,0 +1,32 @@
diff -up smartmontools-7.4/farmprint.cpp.fix_sast smartmontools-7.4/farmprint.cpp
--- smartmontools-7.4/farmprint.cpp.fix_sast 2024-08-06 16:38:15.152139278 +0200
+++ smartmontools-7.4/farmprint.cpp 2024-08-06 16:39:35.309972436 +0200
@@ -173,6 +173,7 @@ void ataPrintFarmLog(const ataFarmLog& f
farm_format_id_string(firmwareRev, farm_byte_swap(farmLog.driveInformation.firmwareRev2), farm_byte_swap(farmLog.driveInformation.firmwareRev));
char modelNumber[sizeof(farmLog.driveInformation.modelNumber) + 1];
+ modelNumber[0] = '\0';
for (uint8_t i = 0; i < sizeof(farmLog.driveInformation.modelNumber) / sizeof(farmLog.driveInformation.modelNumber[0]); i++) {
farm_format_id_string(&modelNumber[strlen(modelNumber)], farm_byte_swap(farmLog.driveInformation.modelNumber[i]));
}
diff -up smartmontools-7.4/scsicmds.cpp.fix_sast smartmontools-7.4/scsicmds.cpp
--- smartmontools-7.4/scsicmds.cpp.fix_sast 2024-08-06 16:32:18.058427672 +0200
+++ smartmontools-7.4/scsicmds.cpp 2024-08-06 16:37:56.041940650 +0200
@@ -200,7 +200,7 @@ scsi_device::cmd_support_level(uint8_t o
supported_vpd_pages::supported_vpd_pages(scsi_device * device) : num_valid(0)
{
- unsigned char b[0xfc] = {}; /* pre SPC-3 INQUIRY max response size */
+ unsigned char b[260] = {}; /* pre SPC-3 INQUIRY max response size, but also allow sizeof(pages)+4 for memcpy bellow */
if (device && (0 == scsiInquiryVpd(device, SCSI_VPD_SUPPORTED_VPD_PAGES,
b, sizeof(b)))) {
@@ -1807,7 +1807,7 @@ scsiModePageOffset(const uint8_t * resp,
bd_len = resp[3];
offset = bd_len + 4;
}
- if ((offset + 2) > len) {
+ if ((offset + 2) >= len) {
pout("scsiModePageOffset: raw_curr too small, offset=%d "
"resp_len=%d bd_len=%d\n", offset, resp_len, bd_len);
offset = -1;

@ -1,6 +1,3 @@
# command line options for smartd
# Add -s /var/lib/smartmontools to enable state persistence
smartd_opts="-q never --capabilities"
# autogenerated config file options
# smartd_conf_opts="-H -m root"
# Add -s /var/lib/smartmontools/ to enable state persistence
smartd_opts="-q never --capabilities=mail"

@ -1,9 +1,15 @@
# defining macros needed by SELinux
%global with_selinux 1
%global selinuxtype targeted
%global moduletype contrib
%global modulename smartmon
Summary: Tools for monitoring SMART capable hard disks
Name: smartmontools
Version: 7.2
Release: 7%{?dist}
Version: 7.4
Release: 6%{?dist}
Epoch: 1
License: GPLv2+
License: GPL-2.0-or-later
URL: http://smartmontools.sourceforge.net/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Source2: smartmontools.sysconf
@ -11,18 +17,24 @@ Source4: smartdnotify
#semi-automatic update of drivedb.h
%global UrlSource5 https://sourceforge.net/p/smartmontools/code/HEAD/tree/trunk/smartmontools/drivedb.h?format=raw
Source5: drivedb.h
Source6: %{modulename}.te
Source7: %{modulename}.if
Source8: %{modulename}.fc
#fedora/rhel specific
Patch1: smartmontools-5.38-defaultconf.patch
Patch2: smartmontools-7.2-capnotify.patch
Patch3: smartmontools-7.2-permsfix.patch
Patch4: smartmontools-7.2-logsuppagefix3.patch
# reported upstream, issue#273, RHEL-44567
Patch2: smartmontools-7.4-fix_sast.patch
BuildRequires: make
BuildRequires: gcc-c++ readline-devel ncurses-devel automake util-linux groff gettext
BuildRequires: libselinux-devel libcap-ng-devel
BuildRequires: systemd systemd-devel
%{?systemd_requires}
%if 0%{?with_selinux}
# This ensures that the *-selinux package and all its dependencies are not pulled
# into containers and other systems that do not use SELinux
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
%endif
%description
The smartmontools package contains two utility programs (smartctl
@ -32,13 +44,37 @@ into most modern ATA and SCSI hard disks. In many cases, these
utilities will provide advanced warning of disk degradation and
failure.
%if 0%{?with_selinux}
%package selinux
Summary: SELinux policies for smartmontools
BuildArch: noarch
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
# expand %%{?selinux_require} macro as it pulls unnecessary requirements that cause an issue RHEL-55048,RHEL-54715
Requires: selinux-policy >= 40.13.6
BuildRequires: pkgconfig(systemd)
BuildRequires: selinux-policy
BuildRequires: selinux-policy-devel
Requires(post): selinux-policy-base >= 40.13.6
Requires(post): libselinux-utils
Requires(post): policycoreutils
# explicitely disabled Requires(post): policycoreutils-python-utils
# end of %%selinux_require macro
%description selinux
Custom SELinux policy module for smartmontools
%endif
%prep
%setup -q
%patch1 -p1 -b .defaultconf
%patch2 -p1 -b .capnotify
%patch3 -p1 -b .permsfix
%patch4 -p2 -b .logsuppagefix3
%patch -P 1 -p1 -b .defaultconf
%patch -P 2 -p1 -b .fix_sast
cp %{SOURCE5} .
%if 0%{?with_selinux}
mkdir selinux
cp -p %{SOURCE6} %{SOURCE7} %{SOURCE8} selinux/
%endif
%build
autoreconf -i
@ -51,6 +87,12 @@ cp drivedb.h ../drivedb.h ||:
%make_build CXXFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro,-z,now"
%if 0%{?with_selinux}
make -f %{_datadir}/selinux/devel/Makefile %{modulename}.pp
bzip2 -9 %{modulename}.pp
%endif
%install
%make_install
@ -63,6 +105,35 @@ rm -rf $RPM_BUILD_ROOT/etc/{rc.d,init.d}
rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}
mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name}
%if 0%{?with_selinux}
install -D -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
install -D -p -m 0644 selinux/%{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
%endif
%if 0%{?with_selinux}
# SELinux contexts are saved so that only affected files can be
# relabeled after the policy module installation
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
%selinux_relabel_post -s %{selinuxtype}
if [ "$1" -le "1" ]; then # First install
# the daemon needs to be restarted for the custom label to be applied
%systemd_postun_with_restart smartd.service
fi
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
%selinux_relabel_post -s %{selinuxtype}
# the daemon needs to be restarted for the custom label to be removed
%systemd_postun_with_restart smartd.service
fi
%endif
%preun
%systemd_preun smartd.service
@ -91,19 +162,86 @@ mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name}
%{_datadir}/%{name}
%{_sharedstatedir}/%{name}
%files selinux
%license COPYING
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog
* Mon May 29 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-7
- support reporting of Error Counter logging details (#2137279)
* Mon Aug 19 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:7.4-6
- do not add unnecessary require on policycoreutils-python-utils (RHEL-55048)
* Tue Aug 06 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:7.4-5
- fix static analysis findings (RHEL-44567)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:7.4-4
- Bump release for June 2024 mass rebuild
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:7.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Sep 27 2023 Alessandro Astone <ales.astone@gmail.com> - 1:7.4-2
- Amend SELinux to run hostname in its domain
* Tue Aug 01 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.4-1
- updated to 7.4
* Fri Jul 21 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-9
- more selinux changes
* Fri Jul 21 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-8
- use new selinux context for smartdnotify
* Thu Jul 20 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-7
- use different selinux context for notification scripts (#2139199)
* Wed Apr 05 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-6
- update license tag format (SPDX migration) for https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:7.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 04 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-4
- fix selinux directory permissions
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:7.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Mar 09 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-2
- use --capabilities=mail for exim mail notification (#2060526)
* Tue Mar 01 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:7.3-1
- updated to 7.3
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:7.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Nov 02 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-11
- fix /dev/megaraid_sas_ioctl_node mknode permissions (#1936824)
* Mon Aug 23 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-10
- more selinux fixes
* Mon Aug 16 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-9
- selinux should allow access to nvme devices (#1990463)
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:7.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jun 16 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-7
- make notification work with capabilities (#1954015)
* Wed Nov 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-6
- make notification work with capabilities (#1962593)
* Wed Apr 28 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-6
- simplify selinux policy path for ci tests
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:7.2-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Apr 19 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:7.2-5
- add selinux sub-package
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:7.2-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1:7.2-4
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Loading…
Cancel
Save