uuidd: fix open/lock state issue

* warn on open/lock state issue * enable access to /var/lib/libuuid/, because ProtectSystem=strict make it read-only openat(AT_FDCWD, "/var/lib/libuuid/clock.txt", O_RDWR|O_CREAT|O_CLOEXEC, 0660) = -1 EROFS (Read-only file system) Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2040366 Upstream: http://github.com/util-linux/util-linux/commit/f27876f9c1056bf41fd940d5c4990b4277e0024f Upstream: http://github.com/util-linux/util-linux/commit/417982d0236a12756923d88e627f5e4facf8951c Signed-off-by: Karel Zak <[email protected]>
redhat-plumbers · Jan 25, 2022 · e2cfe37 · e2cfe37
1 parent 88da20e
commit e2cfe37
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
@@ -494,7 +494,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
 			break;
 		case UUIDD_OP_TIME_UUID:
 			num = 1;
-			__uuid_generate_time(uu, &num);
+			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+				warnx(_("failed to open/lock clock counter"));
 			if (uuidd_cxt->debug) {
 				uuid_unparse(uu, str);
 				fprintf(stderr, _("Generated time UUID: %s\n"), str);
@@ -504,7 +505,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
 			break;
 		case UUIDD_OP_RANDOM_UUID:
 			num = 1;
-			__uuid_generate_random(uu, &num);
+			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+				warnx(_("failed to open/lock clock counter"));
 			if (uuidd_cxt->debug) {
 				uuid_unparse(uu, str);
 				fprintf(stderr, _("Generated random UUID: %s\n"), str);
@@ -513,7 +515,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
 			reply_len = sizeof(uu);
 			break;
 		case UUIDD_OP_BULK_TIME_UUID:
-			__uuid_generate_time(uu, &num);
+			if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+				warnx(_("failed to open/lock clock counter"));
 			if (uuidd_cxt->debug) {
 				uuid_unparse(uu, str);
 				fprintf(stderr, P_("Generated time UUID %s "

diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in
@@ -18,6 +18,7 @@ ProtectKernelModules=yes
 ProtectControlGroups=yes
 RestrictAddressFamilies=AF_UNIX
 MemoryDenyWriteExecute=yes
+ReadWritePaths=/var/lib/libuuid/
 SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io
 
 [Install]