libselinux/0006-libselinux-initialize-last_policyload-in-selinux_sta.patch

55 lines
1.6 KiB
Diff
Raw Normal View History

From a63f93d83b57f1a10712c5fcd29be246e8eff20d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 25 Aug 2020 17:32:05 +0200
Subject: [PATCH] libselinux: initialize last_policyload in
selinux_status_open()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If not initialized to the current policyload count, an enforcing change
will trigger policyload-callbacks in selinux_status_updated().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libselinux/src/sestatus.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index ca2d3bbf9cb2..9ff2785d876a 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -278,9 +278,10 @@ static int fallback_cb_policyload(int policyload)
*/
int selinux_status_open(int fallback)
{
- int fd;
- char path[PATH_MAX];
- long pagesize;
+ int fd;
+ char path[PATH_MAX];
+ long pagesize;
+ uint32_t seqno;
if (!selinux_mnt) {
errno = ENOENT;
@@ -304,6 +305,14 @@ int selinux_status_open(int fallback)
selinux_status_fd = fd;
last_seqno = (uint32_t)(-1);
+ /* sequence must not be changed during references */
+ do {
+ seqno = read_sequence(selinux_status);
+
+ last_policyload = selinux_status->policyload;
+
+ } while (seqno != read_sequence(selinux_status));
+
/* No need to use avc threads if the kernel status page is available */
avc_using_threads = 0;
--
2.29.0