rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Try procatt speedup patch again

Browse Source
This commit is contained in:
Dan Walsh 2013-01-23 14:26:18 -05:00
parent f297425de0
commit 0a9b6f58d0
2 changed files with 250 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

246
libselinux-rhat.patch
View File

@ -6699,6 +6699,252 @@ index 2d7369e..2a00807 100644
va_end(ap); va_end(ap);
} }
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 83381e4..c1d4990 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -1,6 +1,7 @@
#include <sys/syscall.h>
#include <unistd.h>
#include <fcntl.h>
+#include <pthread.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
@@ -8,33 +9,135 @@
#include "selinux_internal.h"
#include "policy.h"
+static __thread pid_t cpid;
+static __thread pid_t tid;
+static __thread security_context_t prev_current;
+static __thread security_context_t prev_exec;
+static __thread security_context_t prev_fscreate;
+static __thread security_context_t prev_keycreate;
+static __thread security_context_t prev_sockcreate;
+
+static pthread_once_t once = PTHREAD_ONCE_INIT;
+static pthread_key_t destructor_key;
+static int destructor_key_initialized = 0;
+static __thread char destructor_initialized;
+
static pid_t gettid(void)
{
return syscall(__NR_gettid);
}
-static int getprocattrcon_raw(security_context_t * context,
- pid_t pid, const char *attr)
+static void procattr_thread_destructor(void __attribute__((unused)) *unused)
+{
+ free(prev_current);
+ free(prev_exec);
+ free(prev_fscreate);
+ free(prev_keycreate);
+ free(prev_sockcreate);
+}
+
+static void free_procattr(void)
+{
+ procattr_thread_destructor(NULL);
+ tid = 0;
+ cpid = getpid();
+ prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
+}
+
+void __attribute__((destructor)) procattr_destructor(void);
+
+void hidden __attribute__((destructor)) procattr_destructor(void)
+{
+ if (destructor_key_initialized)
+ __selinux_key_delete(destructor_key);
+}
+
+static inline void init_thread_destructor(void)
+{
+ if (destructor_initialized == 0) {
+ __selinux_setspecific(destructor_key, (void *)1);
+ destructor_initialized = 1;
+ }
+}
+
+static void init_procattr(void)
+{
+ if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
+ pthread_atfork(NULL, NULL, free_procattr);
+ destructor_key_initialized = 1;
+ }
+}
+
+static int openattr(pid_t pid, const char *attr, int flags)
{
- char *path, *buf;
- size_t size;
int fd, rc;
- ssize_t ret;
- pid_t tid;
- int errno_hold;
+ char *path;
if (pid > 0)
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
else {
- tid = gettid();
+ if (!tid)
+ tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
}
if (rc < 0)
return -1;
- fd = open(path, O_RDONLY);
+ fd = open(path, flags);
free(path);
- if (fd < 0)
+ return fd;
+}
+
+static int getprocattrcon_raw(security_context_t * context,
+ pid_t pid, const char *attr)
+{
+ char *buf;
+ size_t size;
+ int fd;
+ ssize_t ret;
+ int errno_hold;
+ security_context_t prev_context;
+
+ __selinux_once(once, init_procattr);
+ init_thread_destructor();
+
+ if (cpid != getpid())
+ free_procattr();
+
+ switch (attr[0]) {
+ case 'c':
+ prev_context = prev_current;
+ break;
+ case 'e':
+ prev_context = prev_exec;
+ break;
+ case 'f':
+ prev_context = prev_fscreate;
+ break;
+ case 'k':
+ prev_context = prev_keycreate;
+ break;
+ case 's':
+ prev_context = prev_sockcreate;
+ break;
+ case 'p':
+ prev_context = NULL;
+ break;
+ default:
+ errno = ENOENT;
+ return -1;
+ };
+
+ if (prev_context) {
+ *context = strdup(prev_context);
+ if (!(*context)) {
+ return -1;
+ }
+ return 0;
+ }
+
+ fd = openattr(pid, attr, O_RDONLY);
+ if (fd < 0)
return -1;
size = selinux_page_size;
@@ -90,40 +193,70 @@ static int getprocattrcon(security_context_t * context,
static int setprocattrcon_raw(security_context_t context,
pid_t pid, const char *attr)
{
- char *path;
- int fd, rc;
- pid_t tid;
+ int fd;
ssize_t ret;
int errno_hold;
+ security_context_t *prev_context;
- if (pid > 0)
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- else {
- tid = gettid();
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- }
- if (rc < 0)
- return -1;
+ __selinux_once(once, init_procattr);
+ init_thread_destructor();
- fd = open(path, O_RDWR);
- free(path);
+ if (cpid != getpid())
+ free_procattr();
+
+ switch (attr[0]) {
+ case 'c':
+ prev_context = &prev_current;
+ break;
+ case 'e':
+ prev_context = &prev_exec;
+ break;
+ case 'f':
+ prev_context = &prev_fscreate;
+ break;
+ case 'k':
+ prev_context = &prev_keycreate;
+ break;
+ case 's':
+ prev_context = &prev_sockcreate;
+ break;
+ default:
+ errno = ENOENT;
+ return -1;
+ };
+
+ if (!context && !*prev_context)
+ return 0;
+ if (context && *prev_context && !strcmp(context, *prev_context))
+ return 0;
+
+ fd = openattr(pid, attr, O_RDWR);
if (fd < 0)
return -1;
- if (context)
+ if (context) {
+ ret = -1;
+ context = strdup(context);
+ if (!context)
+ goto out;
do {
ret = write(fd, context, strlen(context) + 1);
} while (ret < 0 && errno == EINTR);
- else
+ } else {
do {
ret = write(fd, NULL, 0); /* clear */
} while (ret < 0 && errno == EINTR);
+ }
+out:
errno_hold = errno;
close(fd);
errno = errno_hold;
- if (ret < 0)
+ if (ret < 0) {
+ free(context);
return -1;
- else
+ } else {
+ *prev_context = context;
return 0;
+ }
}
static int setprocattrcon(const security_context_t context,
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
index 296f357..cb65666 100644 index 296f357..cb65666 100644
--- a/libselinux/src/selinux_config.c --- a/libselinux/src/selinux_config.c

5
libselinux.spec
View File

@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.1.12 Version: 2.1.12
Release: 17%{?dist} Release: 18%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: %{name}-%{version}.tgz Source: %{name}-%{version}.tgz
@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
- Try procatt speedup patch again
* Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17 * Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
- Roll back procattr speedups since it seems to be screwing up systemd labeling. - Roll back procattr speedups since it seems to be screwing up systemd labeling.