From bbbfe3b74267bd62af516d099ae3cea0b0508e72 Mon Sep 17 00:00:00 2001
From: markeryang <yanglongkang@h-partners.com>
Date: Fri, 7 Jun 2024 06:59:09 +0000
Subject: [PATCH] fix uuidd can't access lock/status file

---
 ...port-uuidd-fix-open-lock-state-issue.patch | 70 +++++++++++++++++++
 util-linux.spec                               | 10 ++-
 2 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 backport-uuidd-fix-open-lock-state-issue.patch

diff --git a/backport-uuidd-fix-open-lock-state-issue.patch b/backport-uuidd-fix-open-lock-state-issue.patch
new file mode 100644
index 0000000..0e25750
--- /dev/null
+++ b/backport-uuidd-fix-open-lock-state-issue.patch
@@ -0,0 +1,70 @@
+From b7bb8d16eabaf51207ec1f2f9435c45a38bb8e7a Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 25 Mar 2024 13:50:08 +0800
+Subject: [PATCH] uuidd: fix open/lock state issue
+
+* warn on open/lock state issue
+
+* enable access to /var/lib/libuuid/, because ProtectSystem=strict make it read-only
+
+  openat(AT_FDCWD, "/var/lib/libuuid/clock.txt",
+     O_RDWR|O_CREAT|O_CLOEXEC, 0660) = -1 EROFS (Read-only file system)
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2040366
+Upstream: http://github.com/util-linux/util-linux/commit/f27876f9c1056bf41fd940d5c4990b4277e0024f
+Upstream: http://github.com/util-linux/util-linux/commit/417982d0236a12756923d88e627f5e4facf8951c
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/uuidd.c          | 9 ++++++---
+ misc-utils/uuidd.service.in | 1 +
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
+index fa8db17..78a37d2 100644
+--- a/misc-utils/uuidd.c
++++ b/misc-utils/uuidd.c
+@@ -494,7 +494,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
+ 			break;
+ 		case UUIDD_OP_TIME_UUID:
+ 			num = 1;
+-			__uuid_generate_time(uu, &num);
++			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
++				warnx(_("failed to open/lock clock counter"));
+ 			if (uuidd_cxt->debug) {
+ 				uuid_unparse(uu, str);
+ 				fprintf(stderr, _("Generated time UUID: %s\n"), str);
+@@ -504,7 +505,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
+ 			break;
+ 		case UUIDD_OP_RANDOM_UUID:
+ 			num = 1;
+-			__uuid_generate_random(uu, &num);
++			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
++				warnx(_("failed to open/lock clock counter"));
+ 			if (uuidd_cxt->debug) {
+ 				uuid_unparse(uu, str);
+ 				fprintf(stderr, _("Generated random UUID: %s\n"), str);
+@@ -513,7 +515,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
+ 			reply_len = sizeof(uu);
+ 			break;
+ 		case UUIDD_OP_BULK_TIME_UUID:
+-			__uuid_generate_time(uu, &num);
++			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
++				warnx(_("failed to open/lock clock counter"));
+ 			if (uuidd_cxt->debug) {
+ 				uuid_unparse(uu, str);
+ 				fprintf(stderr, P_("Generated time UUID %s "
+diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in
+index b4c9c46..e64ca59 100644
+--- a/misc-utils/uuidd.service.in
++++ b/misc-utils/uuidd.service.in
+@@ -18,6 +18,7 @@ ProtectKernelModules=yes
+ ProtectControlGroups=yes
+ RestrictAddressFamilies=AF_UNIX
+ MemoryDenyWriteExecute=yes
++ReadWritePaths=/var/lib/libuuid/
+ SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io
+ 
+ [Install]
+-- 
+2.27.0
+
diff --git a/util-linux.spec b/util-linux.spec
index 94e9bda..c6015e6 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -3,7 +3,7 @@
 
 Name:           util-linux
 Version:        2.37.2
-Release:        31
+Release:        32
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -156,6 +156,7 @@ Patch9001:      SKIPPED-no-root-permissions-test.patch
 %ifarch sw_64
 Patch9002:      util-linux-Add-sw64-architecture.patch
 %endif
+Patch9003:      backport-uuidd-fix-open-lock-state-issue.patch
 
 BuildRequires:  audit-libs-devel >= 1.0.6 gettext-devel libselinux-devel ncurses-devel pam-devel zlib-devel popt-devel
 BuildRequires:  libutempter-devel systemd-devel systemd libuser-devel libcap-ng-devel python3-devel gcc autoconf automake
@@ -523,6 +524,13 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
 
 %changelog
+* Fri Jun 07 2024 yanglongkang <yanglongkang@h-partners.com> - 2.37.2-32
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync community patches
+       backport-uuidd-fix-open-lock-state-issue.patch
+
 * Tue May 7 2024 zhangyao <zhangyao108@huawei.com> - 2.37.2-31
 - Type:bugfix
 - CVE:NA
-- 
Gitee