diff --git a/SOURCES/0006-libselinux-Close-old-selabel-handle-when-setting-a-n.patch b/SOURCES/0006-libselinux-Close-old-selabel-handle-when-setting-a-n.patch new file mode 100644 index 0000000..abfeb08 --- /dev/null +++ b/SOURCES/0006-libselinux-Close-old-selabel-handle-when-setting-a-n.patch @@ -0,0 +1,32 @@ +From 6c2adcc23145bfff9f607fb00fa8c3597dd0435f Mon Sep 17 00:00:00 2001 +From: James Carter +Date: Wed, 22 Jan 2025 10:58:27 -0500 +Subject: [PATCH] libselinux: Close old selabel handle when setting a new one +Content-type: text/plain + +In selinux_restorecon_set_sehandle(), close the old selabel handle +(if it exists) before setting the new one. + +Signed-off-by: James Carter +--- + libselinux/src/selinux_restorecon.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 111b89aa8dc9..1664514ac9e6 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -1365,6 +1365,10 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) + unsigned char *fc_digest; + size_t num_specfiles, fc_digest_len; + ++ if (fc_sehandle) { ++ selabel_close(fc_sehandle); ++ } ++ + fc_sehandle = hndl; + if (!fc_sehandle) + return; +-- +2.48.1 + diff --git a/SPECS/libselinux.spec b/SPECS/libselinux.spec index ebf1773..76e067a 100644 --- a/SPECS/libselinux.spec +++ b/SPECS/libselinux.spec @@ -4,7 +4,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 3.6 -Release: 2%{?dist} +Release: 3%{?dist} License: Public Domain # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/libselinux-3.6.tar.gz @@ -21,6 +21,7 @@ Patch0002: 0002-Revert-Do-not-automatically-install-Russian-translat.patch Patch0003: 0003-Revert-libselinux-Remove-the-Russian-translations.patch Patch0004: 0004-Revert-libselinux-Remove-the-Russian-translations.patch Patch0005: 0005-libselinux-restorecon-Include-selinux-label.h.patch +Patch0006: 0006-libselinux-Close-old-selabel-handle-when-setting-a-n.patch # Patch list end BuildRequires: gcc make BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel @@ -219,6 +220,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %{ruby_vendorarchdir}/selinux.so %changelog +* Tue Jan 28 2025 Petr Lautrbach - 3.6-3 +- Close old selabel handle when setting a new one (RHEL-76472) + * Tue Aug 06 2024 Vit Mojzis - 3.6-2 - restorecon: Include (RHEL-50821, RHEL-54385)