forked from pool/slurm
Accepting request 454272 from home:eeich:branches:network:cluster
- Updated to 16.05.8.1 * Remove StoragePass from being printed out in the slurmdbd log at debug2 level. * Defer PATH search for task program until launch in slurmstepd. * Modify regression test1.89 to avoid leaving vestigial job. Also reduce logging to reduce likelyhood of Expect buffer overflow. * Do not PATH search for mult-prog launches if LaunchParamters=test_exec is enabled. * Fix for possible infinite loop in select/cons_res plugin when trying to satisfy a job's ntasks_per_core or socket specification. * If job is held for bad constraints make it so once updated the job doesn't go into JobAdminHeld. * sched/backfill - Fix logic to reserve resources for jobs that require a node reboot (i.e. to change KNL mode) in order to start. * When unpacking a node or front_end record from state and the protocol version is lower than the min version, set it to the min. * Remove redundant lookup for part_ptr when updating a reservation's nodes. * Fix memory and file descriptor leaks in slurmd daemon's sbcast logic. * Do not allocate specialized cores to jobs using the --exclusive option. * Cancel interactive job if Prolog failure with "PrologFlags=contain" or "PrologFlags=alloc" configured. Send new error prolog failure message to the salloc or srun command as needed. * Prevent possible out-of-bounds read in slurmstepd on an invalid #! line. * Fix check for PluginDir within slurmctld to work with multiple directories. * Cancel interactive jobs automatically on communication error to launching srun/salloc process. * Fix security issue caused by insecure file path handling triggered by the failure of a Prolog script. To exploit this a user needs to anticipate or cause the Prolog to fail for their job. CVE-2016-10030 (bsc#1018371). - Replace group/user add macros with function calls. - Disable building with netloc support: the netloc API is part of the devel branch of hwloc. Since this devel branch was included accidentally and has been reversed since, we need to disable this for the time being. - Conditionalized architecture specific pieces to support non-x86 architectures better. - Remove: unneeded 'BuildRequires: python' - Add: BuildRequires: freeipmi-devel BuildRequires: libibmad-devel BuildRequires: libibumad-devel so they are picked up by the slurm build. - Enable modifications from openHPC Project. - Enable lua API package build. - Add a recommends for slurm-munge to the slurm package: This is way, the munge auth method is available and slurm works out of the box. - Create /var/lib/slurm as StateSaveLocation directory. /tmp is dangerous. - Keep %{_libdir}/libpmi* and %{_libdir}/mpi_pmi2* on SUSE. OBS-URL: https://build.opensuse.org/request/show/454272 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=13
This commit is contained in:
parent
7bac92b6f9
commit
bd06e0c765
82
pam_slurm-Initialize-arrays-and-pass-sizes.patch
Normal file
82
pam_slurm-Initialize-arrays-and-pass-sizes.patch
Normal file
@ -0,0 +1,82 @@
|
||||
From: Sebastian Krahmer <krahmer@suse.com>
|
||||
Date: Thu Feb 2 09:49:38 2017 +0100
|
||||
Subject: [PATCH]pam_slurm: Initialize arrays and pass sizes
|
||||
Git-repo: https://github.com/SchedMD/slurm
|
||||
Git-commit: fbfbb90f6a2e7f134220991ed3263894ba365411
|
||||
References: bsc#1007053
|
||||
Signed-off-by: Egbert Eich <eich@suse.de>
|
||||
|
||||
PAM is security critical:
|
||||
- clear arrays
|
||||
- ensure strings are NULL-terminated.
|
||||
|
||||
Signed-off-by: Egbert Eich <eich@suse.com>
|
||||
---
|
||||
contribs/pam/pam_slurm.c | 20 +++++++++++---------
|
||||
1 file changed, 11 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/contribs/pam/pam_slurm.c b/contribs/pam/pam_slurm.c
|
||||
index 0968a9c..ee179d5 100644
|
||||
--- a/contribs/pam/pam_slurm.c
|
||||
+++ b/contribs/pam/pam_slurm.c
|
||||
@@ -266,9 +266,9 @@ static int
|
||||
_gethostname_short (char *name, size_t len)
|
||||
{
|
||||
int error_code, name_len;
|
||||
- char *dot_ptr, path_name[1024];
|
||||
+ char *dot_ptr, path_name[1024] = {0};
|
||||
|
||||
- error_code = gethostname(path_name, sizeof(path_name));
|
||||
+ error_code = gethostname(path_name, sizeof(path_name) - 1);
|
||||
if (error_code)
|
||||
return error_code;
|
||||
|
||||
@@ -296,11 +296,11 @@ static int
|
||||
_slurm_match_allocation(uid_t uid)
|
||||
{
|
||||
int authorized = 0, i;
|
||||
- char hostname[MAXHOSTNAMELEN];
|
||||
+ char hostname[MAXHOSTNAMELEN] = {0};
|
||||
char *nodename = NULL;
|
||||
job_info_msg_t * msg;
|
||||
|
||||
- if (_gethostname_short(hostname, sizeof(hostname)) < 0) {
|
||||
+ if (_gethostname_short(hostname, sizeof(hostname) - 1) < 0) {
|
||||
_log_msg(LOG_ERR, "gethostname: %m");
|
||||
return 0;
|
||||
}
|
||||
@@ -409,7 +409,7 @@ _send_denial_msg(pam_handle_t *pamh, struct _options *opts,
|
||||
*/
|
||||
extern void libpam_slurm_init (void)
|
||||
{
|
||||
- char libslurmname[64];
|
||||
+ char libslurmname[64] = {0};
|
||||
|
||||
if (slurm_h)
|
||||
return;
|
||||
@@ -417,10 +417,10 @@ extern void libpam_slurm_init (void)
|
||||
/* First try to use the same libslurm version ("libslurm.so.24.0.0"),
|
||||
* Second try to match the major version number ("libslurm.so.24"),
|
||||
* Otherwise use "libslurm.so" */
|
||||
- if (snprintf(libslurmname, sizeof(libslurmname),
|
||||
+ if (snprintf(libslurmname, sizeof(libslurmname) - 1,
|
||||
"libslurm.so.%d.%d.%d", SLURM_API_CURRENT,
|
||||
SLURM_API_REVISION, SLURM_API_AGE) >=
|
||||
- sizeof(libslurmname) ) {
|
||||
+ sizeof(libslurmname) - 1) {
|
||||
_log_msg (LOG_ERR, "Unable to write libslurmname\n");
|
||||
} else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) {
|
||||
return;
|
||||
@@ -429,8 +429,10 @@ extern void libpam_slurm_init (void)
|
||||
libslurmname, dlerror ());
|
||||
}
|
||||
|
||||
- if (snprintf(libslurmname, sizeof(libslurmname), "libslurm.so.%d",
|
||||
- SLURM_API_CURRENT) >= sizeof(libslurmname) ) {
|
||||
+ memset(libslurmname, 0, sizeof(libslurmname));
|
||||
+
|
||||
+ if (snprintf(libslurmname, sizeof(libslurmname) - 1, "libslurm.so.%d",
|
||||
+ SLURM_API_CURRENT) >= sizeof(libslurmname) - 1) {
|
||||
_log_msg (LOG_ERR, "Unable to write libslurmname\n");
|
||||
} else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) {
|
||||
return;
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7d3c30c1683fd207dda22f4078e038d110fa5bce133828fbd8e1ae6317f2ad38
|
||||
size 8582827
|
3
slurm-16-05-8-1.tar.gz
Normal file
3
slurm-16-05-8-1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2c162d56138360543a9a0f2486ae671c588883685a80eda028e9e17541a1f7b1
|
||||
size 8432017
|
@ -1,3 +1,64 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 1 20:17:47 UTC 2017 - eich@suse.com
|
||||
|
||||
- Updated to 16.05.8.1
|
||||
* Remove StoragePass from being printed out in the slurmdbd log at debug2
|
||||
level.
|
||||
* Defer PATH search for task program until launch in slurmstepd.
|
||||
* Modify regression test1.89 to avoid leaving vestigial job. Also reduce
|
||||
logging to reduce likelyhood of Expect buffer overflow.
|
||||
* Do not PATH search for mult-prog launches if LaunchParamters=test_exec is
|
||||
enabled.
|
||||
* Fix for possible infinite loop in select/cons_res plugin when trying to
|
||||
satisfy a job's ntasks_per_core or socket specification.
|
||||
* If job is held for bad constraints make it so once updated the job doesn't
|
||||
go into JobAdminHeld.
|
||||
* sched/backfill - Fix logic to reserve resources for jobs that require a
|
||||
node reboot (i.e. to change KNL mode) in order to start.
|
||||
* When unpacking a node or front_end record from state and the protocol
|
||||
version is lower than the min version, set it to the min.
|
||||
* Remove redundant lookup for part_ptr when updating a reservation's nodes.
|
||||
* Fix memory and file descriptor leaks in slurmd daemon's sbcast logic.
|
||||
* Do not allocate specialized cores to jobs using the --exclusive option.
|
||||
* Cancel interactive job if Prolog failure with "PrologFlags=contain" or
|
||||
"PrologFlags=alloc" configured. Send new error prolog failure message to
|
||||
the salloc or srun command as needed.
|
||||
* Prevent possible out-of-bounds read in slurmstepd on an invalid #! line.
|
||||
* Fix check for PluginDir within slurmctld to work with multiple directories.
|
||||
* Cancel interactive jobs automatically on communication error to launching
|
||||
srun/salloc process.
|
||||
* Fix security issue caused by insecure file path handling triggered by the
|
||||
failure of a Prolog script. To exploit this a user needs to anticipate or
|
||||
cause the Prolog to fail for their job. CVE-2016-10030 (bsc#1018371).
|
||||
- Replace group/user add macros with function calls.
|
||||
- Disable building with netloc support: the netloc API is part of the devel
|
||||
branch of hwloc. Since this devel branch was included accidentally and has
|
||||
been reversed since, we need to disable this for the time being.
|
||||
- Conditionalized architecture specific pieces to support non-x86 architectures
|
||||
better.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 3 17:21:58 UTC 2017 - eich@suse.com
|
||||
|
||||
- Remove: unneeded 'BuildRequires: python'
|
||||
- Add:
|
||||
BuildRequires: freeipmi-devel
|
||||
BuildRequires: libibmad-devel
|
||||
BuildRequires: libibumad-devel
|
||||
so they are picked up by the slurm build.
|
||||
- Enable modifications from openHPC Project.
|
||||
- Enable lua API package build.
|
||||
- Add a recommends for slurm-munge to the slurm package:
|
||||
This is way, the munge auth method is available and slurm
|
||||
works out of the box.
|
||||
- Create /var/lib/slurm as StateSaveLocation directory.
|
||||
/tmp is dangerous.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 30 15:16:05 UTC 2016 - eich@suse.com
|
||||
|
||||
- Keep %{_libdir}/libpmi* and %{_libdir}/mpi_pmi2* on SUSE.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 22 21:42:04 UTC 2016 - eich@suse.com
|
||||
|
||||
|
93
slurm.spec
93
slurm.spec
@ -21,14 +21,28 @@
|
||||
%define vers_t() %(%trunc)
|
||||
|
||||
%if 0%{?suse_version} >= 1220 || 0%{?sle_version} >= 120000
|
||||
%define with_systemd 1
|
||||
%define with_systemd 1
|
||||
%endif
|
||||
%if 0%{suse_version} >= 1310
|
||||
%define have_netloc 1
|
||||
|
||||
%if 0
|
||||
%define have_netloc 1
|
||||
%endif
|
||||
|
||||
%ifarch x86_64
|
||||
%define have_libnuma 1
|
||||
%else
|
||||
%ifarch %{ix86}
|
||||
%if 0%{?sle_version} >= 120200
|
||||
%define have_libnuma 1
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%define libslurm libslurm29
|
||||
%define ver_exp 16-05-5-1
|
||||
%define ver_exp 16-05-8-1
|
||||
|
||||
%define slurm_u %name
|
||||
%define slurm_g %name
|
||||
|
||||
Name: slurm
|
||||
Version: %{vers_f %ver_exp}
|
||||
@ -44,14 +58,19 @@ Patch0: slurm-2.4.4-rpath.patch
|
||||
Patch1: slurm-2.4.4-init.patch
|
||||
Patch2: slurmd-Fix-slurmd-for-new-API-in-hwloc-2.0.patch
|
||||
Patch3: plugins-cgroup-Fix-slurmd-for-new-API-in-hwloc-2.0.patch
|
||||
Patch4: pam_slurm-Initialize-arrays-and-pass-sizes.patch
|
||||
Requires: slurm-plugins = %{version}
|
||||
%if 0%{?suse_version} <= 1140
|
||||
Requires(pre): pwdutils
|
||||
%else
|
||||
Requires(pre): shadow
|
||||
%endif
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gtk2-devel
|
||||
BuildRequires: libbitmask-devel
|
||||
BuildRequires: libcpuset-devel
|
||||
BuildRequires: libhwloc-devel
|
||||
%ifarch x86_64
|
||||
%if 0%{?have_libnuma}
|
||||
BuildRequires: libnuma-devel
|
||||
%endif
|
||||
BuildRequires: mysql-devel >= 5.0.0
|
||||
@ -59,8 +78,17 @@ BuildRequires: ncurses-devel
|
||||
BuildRequires: openssl-devel >= 0.9.6
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: postgresql-devel >= 8.0.0
|
||||
BuildRequires: python
|
||||
BuildRequires: readline-devel
|
||||
%if 0%{?suse_version} > 1310 || 0%{?sle_version}
|
||||
BuildRequires: libibmad-devel
|
||||
BuildRequires: libibumad-devel
|
||||
%endif
|
||||
%if 0%{?suse_version} > 1140
|
||||
BuildRequires: libhwloc-devel
|
||||
%ifarch %{ix86} x86_64
|
||||
BuildRequires: freeipmi-devel
|
||||
%endif
|
||||
%endif
|
||||
%if 0%{?with_systemd}
|
||||
%{?systemd_requires}
|
||||
BuildRequires: systemd
|
||||
@ -68,6 +96,7 @@ BuildRequires: systemd
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
%endif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Recommends: %{name}-munge
|
||||
|
||||
%description
|
||||
SLURM is an open source, fault-tolerant, and highly
|
||||
@ -243,6 +272,15 @@ Linux Utility for Resource Managment (SLURM) is in use. Access is granted
|
||||
to root, any user with an SLURM-launched job currently running on the node,
|
||||
or any user who has allocated resources on the node according to the SLURM
|
||||
|
||||
%package lua
|
||||
Summary: Lua API for SLURM
|
||||
Group: Development/Libraries/Other
|
||||
Requires: slurm = %{version}
|
||||
BuildRequires: lua-devel
|
||||
|
||||
%description lua
|
||||
LUA API package for SLURM. This package includes the lua API to provide a
|
||||
helpful interface to SLURM through LUA.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{name}-%{ver_exp}
|
||||
@ -250,17 +288,18 @@ or any user who has allocated resources on the node according to the SLURM
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
chmod 0644 doc/html/*.{gif,jpg}
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
%configure --enable-shared \
|
||||
--disable-static \
|
||||
--without-rpath \
|
||||
%{!?have_netloc:--without-netloc} \
|
||||
--sysconfdir=%{_sysconfdir}/%{name}
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%makeinstall
|
||||
%make_install
|
||||
make install-contrib DESTDIR=$RPM_BUILD_ROOT PERL_MM_PARAMS="INSTALLDIRS=vendor"
|
||||
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/slurm.conf.template
|
||||
rm -f $RPM_BUILD_ROOT/%{_sbindir}/slurmconfgen.py
|
||||
@ -294,10 +333,11 @@ install -D -m755 contribs/sjstat ${RPM_BUILD_ROOT}%{_bindir}/sjstat
|
||||
|
||||
%if 0%{?OHPC_BUILD}
|
||||
# 6/16/15 karl.w.schulz@intel.com - do not package Slurm's version of libpmi with OpenHPC.
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libpmi*
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/mpi_pmi2*
|
||||
## rm -f $RPM_BUILD_ROOT/%%{_libdir}/libpmi*
|
||||
## rm -f $RPM_BUILD_ROOT/%%{_libdir}/mpi_pmi2*
|
||||
# 9/8/14 karl.w.schulz@intel.com - provide starting config file
|
||||
head -n -2 $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf.example | grep -v ReturnToService > $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
|
||||
sed -i 's#\(StateSaveLocation=\).*#\1%_localstatedir/lib/slurm#' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
|
||||
echo "# OpenHPC default configuration" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
|
||||
echo "PropagateResourceLimitsExcept=MEMLOCK" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
|
||||
echo "SlurmdLogFile=/var/log/slurm.log" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
|
||||
@ -309,6 +349,7 @@ echo "PartitionName=normal Nodes=c[1-4] Default=YES MaxTime=24:00:00 State=UP" >
|
||||
echo "ReturnToService=1" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf
|
||||
# 9/17/14 karl.w.schulz@intel.com - Add option to drop VM cache during epilog
|
||||
sed -i '/^# No other SLURM jobs,/i \\n# Drop clean caches (OpenHPC)\necho 3 > /proc/sys/vm/drop_caches\n\n#' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.epilog.clean
|
||||
%{__mkdir_p} $RPM_BUILD_ROOT%_localstatedir/lib/slurm
|
||||
%endif
|
||||
|
||||
# Delete unpackaged files:
|
||||
@ -359,18 +400,23 @@ libdir=%{_libdir}
|
||||
Cflags: -I\${includedir}
|
||||
Libs: -L\${libdir} -lslurm
|
||||
Description: Slurm API
|
||||
Name: %{pname}
|
||||
Name: %{name}
|
||||
Version: %{version}
|
||||
EOF
|
||||
|
||||
|
||||
%fdupes -s $RPM_BUILD_ROOT
|
||||
|
||||
%if 0%{?with_systemd}
|
||||
%pre
|
||||
%if 0%{?with_systemd}
|
||||
%service_add_pre slurmd.service
|
||||
%service_add_pre slurmctld.service
|
||||
%endif
|
||||
%define slurmdir %{_sysconfdir}/slurm
|
||||
%define slurmdescr "SLURM workload manager"
|
||||
getent group %name >/dev/null || groupadd -r %name
|
||||
getent passwd %name >/dev/null || useradd -r -g %name -d %slurmdir -s /bin/false -c %{slurmdescr} %name
|
||||
exit 0
|
||||
|
||||
%post
|
||||
%if 0%{?with_systemd}
|
||||
@ -512,6 +558,7 @@ EOF
|
||||
%{_sbindir}/rcslurm
|
||||
%endif
|
||||
%{?with_systemd:%{_sbindir}/rcslurmctld}
|
||||
%{?OHPC_BUILD:%attr(0755, %slurm_u, %slurm_g) %_localstatedir/lib/slurm}
|
||||
|
||||
%files openlava
|
||||
%defattr(-,root,root)
|
||||
@ -537,8 +584,8 @@ EOF
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_prefix}/include/slurm
|
||||
%{!?OHPC_BUILD:%{_libdir}/libpmi.so}
|
||||
%{!?OHPC_BUILD:%{_libdir}/libpmi2.so}
|
||||
%{_libdir}/libpmi.so
|
||||
%{_libdir}/libpmi2.so
|
||||
%{_libdir}/libslurm.so
|
||||
%{_libdir}/libslurmdb.so
|
||||
%{_libdir}/slurm/src/*
|
||||
@ -553,7 +600,7 @@ EOF
|
||||
%files sched-wiki
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/slurm/sched_wiki*.so
|
||||
%{_mandir}/man5/wiki.*
|
||||
#%%{_mandir}/man5/wiki.*
|
||||
|
||||
%files auth-none
|
||||
%defattr(-,root,root)
|
||||
@ -683,6 +730,20 @@ EOF
|
||||
%{_libdir}/slurm/mcs_group.so
|
||||
%{_libdir}/slurm/mcs_none.so
|
||||
%{_libdir}/slurm/mcs_user.so
|
||||
%if 0%{?suse_version} > 1310
|
||||
%{_libdir}/slurm/acct_gather_infiniband_ofed.so
|
||||
%endif
|
||||
%if 0%{?suse_version} > 1140
|
||||
%ifarch %{ix86} x86_64
|
||||
%{_libdir}/slurm/acct_gather_energy_ipmi.so
|
||||
%endif
|
||||
%endif
|
||||
%{_libdir}/slurm/node_features_knl_generic.so
|
||||
|
||||
%files lua
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/slurm/job_submit_lua.so
|
||||
%{_libdir}/slurm/proctrack_lua.so
|
||||
|
||||
%files torque
|
||||
%defattr(-,root,root)
|
||||
|
Loading…
Reference in New Issue
Block a user