fuse

BZ#1017362

When multiple users use a gluster volume to run their application, there might be security issues as information of other users can be accessed. With the subdirectory mount feature, a user can access only their part of the storage, and nothing more. This brings abstraction properly to multiple users consuming the storage. Mounting a part of the gluster volume (i.e. a subdirectory) provides namespace isolation for users by separating out their directories. Thus, multiple users can use the storage without namespace collisions with other users.

glusterd

BZ#1505433

Rebooting or restarting glusterd service on a node did not retain the brick port information. This resulted in a mismatch of port information in the ‘gluster volume status’ command, and the actual port that the brick process uses. With this fix, glusterd persists brick port information on every brick restart and thus avoids port mismatch.

sharding

BZ#1482994

Previously, when creating a Virtual Machine (VM) using a template, the shard translator returned an incorrect file size. As a result, VMs that were created using these templates were not bootable. This update corrects the link file operation in the shard translator so that the aggregated file size is returned correctly and VMs created from templates boot without any issues.

BZ#1468969

Previously, the default shard size was 4MB. This resulted in low I/O performance compared to larger shards for some common workloads. The default shard size has now been set to 64MB in order to address both self-heal and I/O performance needs.

gdeploy

BZ#1482987

Previously, the permission bits on the glusterfs.ca certificate file was restricted only to the owner to read the certificate. As a result, virtual machines did not start using libgfapi as the self signed certificates were generated using gdeploy. With this fix, the permissions of glusterfs.ca file must be changed to 644 before setting up SSL using the following command: chmod 644 /etc/ssl/glusterfs.ca. With the change in permissions, the virtual machines start as expected.

gluster-nagios-addons

BZ#1512609

Gluster brick process monitoring does not account for the new location of the brick process file. With this update, nagios monitoring checks the correct location of gluster brick PID file.

vulnerability

BZ#1487246

A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault.

BZ#1487247

A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS.

BZ#1487251

A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS.

BZ#1487252

A file information leak flaw was found in implementation of the CheckConfig method in handler_qcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user.