sheepdog broken out of the box
Coroutine stack size of 1M is not enough for the corosync backend, and placing objects in /tmp is a vulnerability. While at it, do not double-fork the daemon.
This commit is contained in:
parent
f25932db85
commit
c210216b0b
|
@ -0,0 +1,15 @@
|
||||||
|
cpg_dispatch requires 0x101568 bytes of stack.
|
||||||
|
|
||||||
|
diff --git a/lib/coroutine.c b/lib/coroutine.c
|
||||||
|
index 5b2ed79..1e1060c 100644
|
||||||
|
--- a/lib/coroutine.c
|
||||||
|
+++ b/lib/coroutine.c
|
||||||
|
@@ -52,7 +52,7 @@ enum co_action {
|
||||||
|
#define POOL_MAX_SIZE 64
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#define STACK_MAX_SIZE (1 << 20) /* 1 MB */
|
||||||
|
+#define STACK_MAX_SIZE (2 << 20) /* 1 MB */
|
||||||
|
|
||||||
|
struct coroutine {
|
||||||
|
coroutine_entry_func_t *entry;
|
|
@ -3,8 +3,7 @@ Description=Sheepdog QEMU/KVM Block Storage
|
||||||
After=syslog.target
|
After=syslog.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/sbin/sheep
|
ExecStart=/usr/sbin/sheep -f /var/lib/sheepdog
|
||||||
Type=forking
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -9,6 +9,7 @@ Source0: collie-sheepdog-v0.3.0-0-gbb41896.tar.gz
|
||||||
#get source from github here https://github.com/collie/sheepdog/tarball/v0.3.0
|
#get source from github here https://github.com/collie/sheepdog/tarball/v0.3.0
|
||||||
Source1: sheepdog.service
|
Source1: sheepdog.service
|
||||||
Patch0: update_cpg_to_cs_defines.patch
|
Patch0: update_cpg_to_cs_defines.patch
|
||||||
|
Patch1: coroutine-stack-size.patch
|
||||||
|
|
||||||
# Runtime bits
|
# Runtime bits
|
||||||
Requires: corosync
|
Requires: corosync
|
||||||
|
@ -40,6 +41,7 @@ a distributed object storage system for KVM.
|
||||||
%prep
|
%prep
|
||||||
%setup -qn collie-sheepdog-bb41896
|
%setup -qn collie-sheepdog-bb41896
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
|
|
Loading…
Reference in New Issue