[MIR] Glusterfs

Bug #1274247 reported by André Bauer on 2014-01-29
82
This bug affects 12 people
Affects Status Importance Assigned to Milestone
glusterfs (Ubuntu)
High
Unassigned
libvirt (Ubuntu)
Undecided
Unassigned
qemu (Ubuntu)
Undecided
Unassigned
samba (Ubuntu)
Undecided
Unassigned
tgt (Ubuntu)
Undecided
Unassigned

Bug Description

Availability:
- Currently in universe

Rationale:
- Dependency for qemu's native glusterfs-support (bug 1246924)
- Debian enabled glusterfs support in samba and we have to carry a delta to disable it
- Preferred Shared FS option for Ubuntu

Security:
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=glusterfs

Some security history; nothing that impacts 3.10.3 AFAICT.

Quality Assurance:
- Package works out of the box with no prompting

Standards Compliance:
- FHS and Debian Policy compliant

Maintenance:
- Maintainer: Ubuntu Developers <email address hidden>
- Original-Maintainer: Patrick Matthäi <email address hidden>
- Well maintained in Debian; small Ubuntu delta which will be fed back.
- ubuntu-openstack team.

Dependencies:
- All in main.

Michael Terry (mterry) on 2014-01-29
affects: ubuntu → glusterfs (Ubuntu)
Michael Terry (mterry) wrote :

@ubuntu-server, do you folks want to add & maintain glusterfs support to qemu?

@monotek, thanks for the report! I'm just asking the current Ubuntu overseers of qemu whether this is a change they want to maintain. If so, we can move forward.

Changed in glusterfs (Ubuntu):
assignee: nobody → Ubuntu Server Team (ubuntu-server)
status: New → Incomplete
Louis Zuckerman (semiosis) wrote :

Latest glusterfs (3.4.2 currently) is in Universe for Trusty already (https://code.launchpad.net/~semiosis/ubuntu/trusty/glusterfs/fix-for-1268064/+merge/201280).

Let me know how I can be of assistance for this MIR.

Michael Terry (mterry) wrote :

Ah, thanks for the blueprint link. That confirms that ubuntu-server wants this. Thanks!

Changed in glusterfs (Ubuntu):
assignee: Ubuntu Server Team (ubuntu-server) → nobody
status: Incomplete → New
Michael Terry (mterry) wrote :

Between the system daemon, it being a networked filesystem, and the past CVEs, this'll need a security audit.

Changed in glusterfs (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
James Page (james-page) wrote :

@mterry

ubuntu-server team are happy to enable glusterfs support in qemu

Changed in glusterfs (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → Seth Arnold (seth-arnold)
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glusterfs (Ubuntu):
status: New → Confirmed
trendzetter (trendzetter) wrote :

Please let this make it into 14.04

Dave Walker (davewalker) on 2014-03-16
Changed in glusterfs (Ubuntu):
status: Confirmed → New
André Bauer (monotek) wrote :

There is a ppa available now with qemu/glusterfs support:

https://launchpad.net/~semiosis/+archive/ubuntu-qemu-glusterfs

Louis Zuckerman (semiosis) wrote :

@sarnold - Is there any update?

Louis Zuckerman (semiosis) wrote :

Another motivation...

Samba now supports glusterfs natively through the API. If glusterfs were in main (and glusterfs-common added to samba's build deps) this feature would be enabled. It's already included in samba in trusty, just not enabled during build because the glusterfs lib is missing.

André Bauer (monotek) wrote :

If somebody is interested... there is also a ppa for samba with glusterfs support: https://launchpad.net/~monotek/+archive/samba-vfs-glusterfs

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glusterfs (Ubuntu):
status: New → Confirmed
Seth Arnold (seth-arnold) wrote :

I reviewed glusterfs version 3.4.2-1ubuntu1 as checked into trusty. This
should not be considered a full security audit, but rather a quick gauge
of maintainability.

I'm not going to fill in the full review checklist; I don't think that
the results would be that useful for anyone, so here's just a list
of what I found while reading the code:

- cppcheck reports ~20 real coding mistakes, perhaps a few false positives
- get_uuid_via_daemon() doesn't check fork() for error return
- rdd_valid_config() buffer overflow rdd_config.out_file.path
- gf_cli_print_limit_list() doesn't check sprintf(abspath) return value
- rb_malloc() and rb_free() ignore their allocator argument
  Not a security problem, but might be very surprising
- int_to_data() data_from_[u]int{64,32,16,8}() data_from_double()
  all re-calculate the length rather than use the return value from
  gf_asprintf(). (Not a security problem, just redundant.)

Because a filesystem is supposed to be extremely high quality, I'm very
concerned about the issues found with cppcheck and the issues I found
by hand. While nothing looked security-relevant on a first glance, the
architecture of a clustered filesystem may turn otherwise benign issues
into serious security issues. Unchecked error returns, null-pointer
dereferences, and buffer overflows are all together too much.

The general coding style is good and shows discipline and promise, but
I don't believe we should bless this current codebase. Perhaps we can
reconsider this for a future release: in the meantime, please address
the cppcheck issues. (I see on the glusterfs wiki that recently Coverity
scans are being run on glusterfs; hopefully this work will land before
the next Ubuntu release.)

Security team NACK for glusterfs in main for 14.04 LTS. With the proper
quality work, this may be suitable for support in future releases.

Thanks

Seth Arnold (seth-arnold) wrote :
Changed in glusterfs (Ubuntu):
assignee: Seth Arnold (seth-arnold) → nobody
Louis Zuckerman (semiosis) wrote :

Seth,

Thank you for your time & hard work reviewing the GlusterFS code for this MIR. I've opened a bug in the GlusterFS bug tracker and will engage the core GlusterFS developers regarding your feedback.

https://bugzilla.redhat.com/show_bug.cgi?id=1086460

Best regards,

Louis Zuckerman

André Bauer (monotek) wrote :

For trusty users there is a new ppa available with qemu 2.0 and glusterfs support:

https://launchpad.net/~monotek/+archive/qemu-glusterfs

André Bauer (monotek) wrote :

If this should be added in the future please get sure to also update apparmor profile for libvirt-qemu:

edit /etc/apparmor.d/abstractions/libvirt-qemu and add:

# for glusterfs
/proc/sys/net/ipv4/ip_local_reserved_ports r,
/usr/lib/@{multiarch}/glusterfs/**.so mr,
/tmp/** rw,

André Bauer (monotek) wrote :

Whats the status of this?

Imho most of the mentioned stuff should be fixed meanwhile -> https://bugzilla.redhat.com/show_bug.cgi?id=1086460

Could somebod recheck against the new gluster packages please? -> https://launchpad.net/~gluster

Michael Terry (mterry) wrote :

Looks like upstream fixed the cppcheck errors, which is great! But that was just one item in Seth's list.

To advance this MIR, we'd need another look over from Seth. But I'm leery of throwing it back to him when there hasn't been significant progress. But I'm not close to the matter and could be convinced that there has been significant progress.

André Bauer (monotek) on 2016-02-14
description: updated
André Bauer (monotek) wrote :

Could somebody review the current version 3.7.x?
Would be nice to see this in 16.04.

Michael Terry (mterry) wrote :

Alright, I'll give to Seth again, but this is too close to FF to expect it to be reviewed before then.

Changed in glusterfs (Ubuntu):
assignee: nobody → Seth Arnold (seth-arnold)
ISIDOROS (imoulas) wrote :

is there any distribution that solves this bug? i'm using ubuntu 14.04, updated cluster to 3.6 and is not working.

André Bauer (monotek) wrote :

@ imoulas

No. Only way at the moment is to compile by yourself or to use my Qemu/Samba PPA:

https://launchpad.net/~monotek

André Bauer (monotek) wrote :

Is there any progress?
Would be nice to see it at least in 16.10.

Stephen (belrik) wrote :

Any update on this?

Just FYI - for now this is a support we drop in libvirt and qemu due to component mismatches.
Subscribing myself to re-enable once resolved.

André Bauer (monotek) wrote :

Could you clarify what this means please?
Libgfapi support will be dropped completly?
If so, from which version?

Hi André,
nothing will be dropped more than it is already.

I just wanted to mention that Debian recently enabled glusterfs support in qemu (and has for quite a while in libvirt) and I have to carry a Delta to Debian that disables that until glusterfs is in main.
Since you host a ppa with those enabled you know that already for sure.

But the only mentioning what actually benefits from getting glusterfs into main so far was the link to your ppa (thanks for your work btw!) - I had the feeling it wasn't obvious enough and wanted to point that out more clearly.

So no new extra change by/due-to me, but more an extra hint what could benefit from including glusterfs as requested in this mir.

Note: Add "tgt" to the list of packages that disable a feature because it is waiting for this MIR.

André Bauer (monotek) wrote :

@paelzer

Thanks for clarifying :-)

So we have now dependencies for:

libvirt
qemu
samba
tgt

Added tgt to my PPA now: https://launchpad.net/~monotek

Stephen (belrik) wrote :

I'm using GlusterFS but hitting problems with qemu/gluster/libgfapi in 16.04 that don't exist in 14.04. I guess this is due to the GlusterFS components not being fully supported in Ubuntu.

I've used Andre's ppa repos for a long while now but since moving to 16.04 I have had to move back to FUSE mounts due to some issues opening connections from qemu to the bricks for these direct connections (port 49152 typically). Is Gluster likely to land in main anytime soon so that more these issues have more eyeballs on them?

Thanks for your work.

James Page (james-page) on 2017-06-05
Changed in glusterfs (Ubuntu):
assignee: Seth Arnold (seth-arnold) → James Page (james-page)
importance: Undecided → High
status: Confirmed → In Progress
milestone: none → ubuntu-17.10
James Page (james-page) wrote :

I've uploaded glusterfs 3.10.3 to artful today; please can glusterfs be re-reviewed for main inclusion for Ubuntu 17.10.

Changed in glusterfs (Ubuntu):
status: In Progress → New
description: updated
description: updated
James Page (james-page) on 2017-06-14
tags: added: openstack-mir

I'm looking at libvirt soon'ish which is one of the places this would have to be enabled.
Any updates to this MIR?

Andreas Hasenack (ahasenack) wrote :

Debian's samba has enabled glusterfs support, we will have to drop that from our build-depends until (or if) this MIR is accepted.

Changed in glusterfs (Ubuntu):
assignee: James Page (james-page) → Seth Arnold (seth-arnold)
description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glusterfs (Ubuntu):
status: New → Confirmed
Changed in glusterfs (Ubuntu):
assignee: Seth Arnold (seth-arnold) → Ubuntu Security Team (ubuntu-security)
Snowman (snowmanko) wrote :

Any updates related to this MIR ?

Adding tasks for packages carrying Delta due to this (those that I know of)

Changed in libvirt (Ubuntu):
status: New → Triaged
Changed in samba (Ubuntu):
status: New → Triaged
Changed in tgt (Ubuntu):
status: New → Triaged

Since nothing seems to happen here other than people including myself waiting&asking for updates I'll get in contact with the security Team on this - maybe there are reasons not to do so, just unclear to us?

Snowman (snowmanko) wrote :

@thanks I think many gluster users will be interested in this

David Britton (davidpbritton) wrote :

https://wiki.ubuntu.com/MainInclusionProcess

One of the requirements for Main inclusion is an owning team for
maintenance of the package and support of customers of the package.
Ubuntu Server (which this packae would naturally fall) will not be
maintainig this at the current time.

ubuntu-server: nack

Matthias Klose (doko) wrote :

still needs re-review by the security team, and a bug subscriber.

Changed in glusterfs (Ubuntu):
milestone: ubuntu-17.10 → ubuntu-18.10
Robie Basak (racb) wrote :

As there isn't currently a team volunteering to take on maintenance of this package in main, I think Won't Fix is appropriate. If this changes it we can always reopen the bug.

Robie Basak (racb) wrote :

Or do we want a security review prior to that regardless?

Snowman (snowmanko) wrote :

Let's do both, it seems we will not get it anyway :( this request was not closed for 4 years..

Jamie Strandboge (jdstrand) wrote :

If there is no one willing to step up to maintain this in Ubuntu, then it is not a candidate for main inclusion. Since David Britton NAKed it, I'm unsubscribing the server team. If another team wants to have it included in main, please feel free to resubscribe the security team.

Changed in glusterfs (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
milestone: ubuntu-18.10 → none

Since this didn't find an owning Team per comment #41 we should update the status to reflect that.

The extra tasks are all packages that would have dropped Delta due to that, they will become invalid.
The main task of glusterfs will become "Won't Fix"

Changed in glusterfs (Ubuntu):
status: Confirmed → Won't Fix
Changed in libvirt (Ubuntu):
status: Triaged → Invalid
Changed in qemu (Ubuntu):
status: New → Invalid
Changed in samba (Ubuntu):
status: Triaged → Invalid
Changed in tgt (Ubuntu):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.