From fe6b2faab2a8325c88ff8363ed81a9609dbad601 Mon Sep 17 00:00:00 2001 From: zouzhimin Date: Mon, 6 May 2024 09:56:22 +0800 Subject: [PATCH] Filesystem: fail when incorrect device mounted on mountpoint --- ...when-incorrect-device-mounted-on-mou.patch | 113 ++++++++++++++++++ resource-agents.spec | 31 +++-- 2 files changed, 131 insertions(+), 13 deletions(-) create mode 100644 Filesystem-fail-when-incorrect-device-mounted-on-mou.patch diff --git a/Filesystem-fail-when-incorrect-device-mounted-on-mou.patch b/Filesystem-fail-when-incorrect-device-mounted-on-mou.patch new file mode 100644 index 0000000..719e923 --- /dev/null +++ b/Filesystem-fail-when-incorrect-device-mounted-on-mou.patch @@ -0,0 +1,113 @@ +From 66a5308d2e8f61093716a076f4386416dc18045c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 22 Apr 2024 11:26:09 +0200 +Subject: [PATCH] Filesystem: fail when incorrect device mounted on mountpoint, + and dont unmount the mountpoint in this case, or if mountpoint set to "/" + +--- + heartbeat/Filesystem | 71 ++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 58 insertions(+), 13 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index e1378f78..cec71f1a 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -582,10 +582,16 @@ Filesystem_start() + fi + + # See if the device is already mounted. +- if Filesystem_status >/dev/null 2>&1 ; then +- ocf_log info "Filesystem $MOUNTPOINT is already mounted." +- return $OCF_SUCCESS +- fi ++ Filesystem_status ++ case "$?" in ++ $OCF_SUCCESS) ++ ocf_log info "Filesystem $MOUNTPOINT is already mounted." ++ return $OCF_SUCCESS ++ ;; ++ $OCF_ERR_CONFIGURED) ++ return $OCF_ERR_CONFIGURED ++ ;; ++ esac + + fstype_supported || exit $OCF_ERR_INSTALLED + +@@ -801,10 +807,42 @@ Filesystem_stop() + # + Filesystem_status() + { +- match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}" +- if list_mounts | grep "$match_string" >/dev/null 2>&1; then +- rc=$OCF_SUCCESS +- msg="$MOUNTPOINT is mounted (running)" ++ local match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}" ++ local mounted_device=$(list_mounts | grep "$match_string" | awk '{print $1}') ++ ++ if [ -n "$mounted_device" ]; then ++ if [ "X$blockdevice" = "Xyes" ]; then ++ if [ -e "$DEVICE" ] ; then ++ local canonicalized_device="$(readlink -f "$DEVICE")" ++ if [ $? -ne 0 ]; then ++ ocf_exit_reason "Could not canonicalize $DEVICE because readlink failed" ++ exit $OCF_ERR_GENERIC ++ fi ++ else ++ local canonicalized_device="$DEVICE" ++ fi ++ if [ -e "$mounted_device" ] ; then ++ local canonicalized_mounted_device="$(readlink -f "$mounted_device")" ++ if [ $? -ne 0 ]; then ++ ocf_exit_reason "Could not canonicalize $mounted_device because readlink failed" ++ exit $OCF_ERR_GENERIC ++ fi ++ else ++ local canonicalized_mounted_device="$mounted_device" ++ fi ++ if [ "$canonicalized_device" != "$canonicalized_mounted_device" ]; then ++ if ocf_is_probe || [ "$__OCF_ACTION" = "stop" ]; then ++ ocf_log debug "Another device ($mounted_device) is already mounted on $MOUNTPOINT" ++ rc=$OCF_NOT_RUNNING ++ else ++ ocf_exit_reason "Another device ($mounted_device) is already mounted on $MOUNTPOINT" ++ rc=$OCF_ERR_CONFIGURED ++ fi ++ fi ++ else ++ rc=$OCF_SUCCESS ++ msg="$MOUNTPOINT is mounted (running)" ++ fi + else + rc=$OCF_NOT_RUNNING + msg="$MOUNTPOINT is unmounted (stopped)" +@@ -1041,9 +1079,18 @@ else + else + CANONICALIZED_MOUNTPOINT="$MOUNTPOINT" + fi +- # At this stage, $MOUNTPOINT does not contain trailing "/" unless it is "/" +- # TODO: / mounted via Filesystem sounds dangerous. On stop, we'll +- # kill the whole system. Is that a good idea? ++ ++ if echo "$CANONICALIZED_MOUNTPOINT" | grep -q "^\s*/\s*$"; then ++ if ocf_is_probe; then ++ ocf_log debug "/ cannot be managed in a cluster" ++ exit $OCF_NOT_RUNNING ++ elif [ "$__OCF_ACTION" = "start" ] || [ "$__OCF_ACTION" = "monitor" ] || [ "$__OCF_ACTION" = "status" ]; then ++ ocf_exit_reason "/ cannot be managed in a cluster" ++ exit $OCF_ERR_CONFIGURED ++ elif [ "$__OCF_ACTION" = "stop" ]; then ++ exit $OCF_SUCCESS ++ fi ++ fi + fi + + # Check to make sure the utilites are found +@@ -1124,5 +1171,3 @@ case $OP in + ;; + esac + exit $? +- +- +-- +2.25.1 + diff --git a/resource-agents.spec b/resource-agents.spec index 51300e4..438fd7c 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -1,30 +1,32 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.13.0 -Release: 20 +Release: 21 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents Source0: https://github.com/ClusterLabs/resource-agents/archive/v%{version}.tar.gz Patch0000: fix-failed-to-parse-pid-from-pid-file.patch Patch0001: Fix-PRIMARY_IFACE-variable.patch -Patch0002: fix-loopback-handling.patch -Patch0003: fix-handler-out-of-scope-leak.patch -Patch0004: fix-uninitialized-value-covscan-error.patch -Patch0005: Avoid-false-positive-for-VG-activation.patch -Patch0006: Don-t-build-with-ansi-by-default.patch +Patch0002: fix-loopback-handling.patch +Patch0003: fix-handler-out-of-scope-leak.patch +Patch0004: fix-uninitialized-value-covscan-error.patch +Patch0005: Avoid-false-positive-for-VG-activation.patch +Patch0006: Don-t-build-with-ansi-by-default.patch Patch0007: Fix-docker-RA-behavior-when-Docker-isn-t-running.patch Patch0008: Low-IPaddr2-Remove-stray-backslash.patch Patch0009: Doc-Delay-Drop-old-comments.patch -Patch0010: portblock-accept-numeric-protocol-from-iptables.patch +Patch0010: portblock-accept-numeric-protocol-from-iptables.patch Patch0011: all-agents-remove-S-state-status-that-are-either-ign.patch Patch0012: nfsserver-fix-server-scope-functionality-for-both-po.patch -Patch0013: Fix-openstack-info-Ensure-no-newlines-in-openstack.patch -Patch0014: portblock-remove-write-to-tcp_tw_recycle.patch -Patch0015: findifsh-fix-corner-cases.patch -Patch0016: fix-OCF_SUCESS-name-in-db2_notify.patch +Patch0013: Fix-openstack-info-Ensure-no-newlines-in-openstack.patch +Patch0014: portblock-remove-write-to-tcp_tw_recycle.patch +Patch0015: findifsh-fix-corner-cases.patch +Patch0016: fix-OCF_SUCESS-name-in-db2_notify.patch Patch0017: docs-writing-python-agents-update-required-Python-ve.patch -Patch0018: galera-allow-joiner-to-report-non-Primary-during-ini.patch -Patch0019: doc-writing-python-agents-add-description-of-is_prob.patch +Patch0018: galera-allow-joiner-to-report-non-Primary-during-ini.patch +Patch0019: doc-writing-python-agents-add-description-of-is_prob.patch +Patch0020: Filesystem-fail-when-incorrect-device-mounted-on-mou.patch + Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} BuildRequires: automake autoconf pkgconfig gcc perl-interpreter perl-generators python3-devel @@ -122,6 +124,9 @@ export CFLAGS="$(echo '%{optflags}')" %{_mandir}/man8/{ocf-tester.8*,ldirectord.8*} %changelog +* Mon May 06 2024 zouzhimin - 4.13.0-21 +- Filesystem: fail when incorrect device mounted on mountpoint + * Thu Apr 25 2024 zouzhimin - 4.13.0-20 - doc: writing-python-agents: add description of is_probe() and distro() -- Gitee