libselinux-3.4-3
- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
This commit is contained in:
Petr Lautrbach
parent
09ab6cd3e9
commit
23c7e1b6bd
170
0002-Revert-libselinux-restorecon-pin-file-to-avoid-TOCTO.patch
Normal file
170
0002-Revert-libselinux-restorecon-pin-file-to-avoid-TOCTO.patch
Normal file
@ -0,0 +1,170 @@
|
||||
From 35b6ca70efca88e849e27a5c5524394da5f47693 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:37:12 +0200
|
||||
Subject: [PATCH] Revert "libselinux: restorecon: pin file to avoid TOCTOU
|
||||
issues"
|
||||
Content-type: text/plain
|
||||
|
||||
This reverts commit 7e979b56fd2cee28f647376a7233d2ac2d12ca50.
|
||||
|
||||
The reverted commit broke `setfiles` when it was run from a chroot
|
||||
without /proc mounted, e.g.
|
||||
|
||||
# setfiles -e /proc -e /sys /sys /etc/selinux/targeted/contexts/files/file_contexts /
|
||||
[strace]
|
||||
openat(AT_FDCWD, "/", O_RDONLY|O_EXCL|O_NOFOLLOW|O_PATH) = 3
|
||||
newfstatat(3, "", {st_mode=S_IFDIR|0555, st_size=4096, ...}, AT_EMPTY_PATH) = 0
|
||||
mmap(NULL, 2101248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1697c91000
|
||||
fgetxattr(3, "security.selinux", 0x55be8881d3f0, 255) = -1 EBADF (Bad file descriptor)
|
||||
fcntl(3, F_GETFL) = 0x220000 (flags O_RDONLY|O_NOFOLLOW|O_PATH)
|
||||
getxattr("/proc/self/fd/3", "security.selinux", 0x55be8881d3f0, 255) = -1 ENOENT (No such file or directory)
|
||||
[/strace]
|
||||
setfiles: Could not set context for /: No such file or directory
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
libselinux/src/selinux_restorecon.c | 43 ++++++++++++-----------------
|
||||
1 file changed, 18 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
||||
index dc222b425c95..a50005353265 100644
|
||||
--- a/libselinux/src/selinux_restorecon.c
|
||||
+++ b/libselinux/src/selinux_restorecon.c
|
||||
@@ -623,13 +623,13 @@ out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
-static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool first)
|
||||
+static int restorecon_sb(const char *pathname, const struct stat *sb,
|
||||
+ struct rest_flags *flags, bool first)
|
||||
{
|
||||
char *newcon = NULL;
|
||||
char *curcon = NULL;
|
||||
char *newtypecon = NULL;
|
||||
- int fd = -1, rc;
|
||||
- struct stat stat_buf;
|
||||
+ int rc;
|
||||
bool updated = false;
|
||||
const char *lookup_path = pathname;
|
||||
float pc;
|
||||
@@ -644,21 +644,13 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
|
||||
lookup_path += rootpathlen;
|
||||
}
|
||||
|
||||
- fd = open(pathname, O_PATH | O_NOFOLLOW | O_EXCL);
|
||||
- if (fd < 0)
|
||||
- goto err;
|
||||
-
|
||||
- rc = fstat(fd, &stat_buf);
|
||||
- if (rc < 0)
|
||||
- goto err;
|
||||
-
|
||||
if (rootpath != NULL && lookup_path[0] == '\0')
|
||||
/* this is actually the root dir of the alt root. */
|
||||
rc = selabel_lookup_raw(fc_sehandle, &newcon, "/",
|
||||
- stat_buf.st_mode);
|
||||
+ sb->st_mode);
|
||||
else
|
||||
rc = selabel_lookup_raw(fc_sehandle, &newcon, lookup_path,
|
||||
- stat_buf.st_mode);
|
||||
+ sb->st_mode);
|
||||
|
||||
if (rc < 0) {
|
||||
if (errno == ENOENT) {
|
||||
@@ -667,10 +659,10 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
|
||||
"Warning no default label for %s\n",
|
||||
lookup_path);
|
||||
|
||||
- goto out; /* no match, but not an error */
|
||||
+ return 0; /* no match, but not an error */
|
||||
}
|
||||
|
||||
- goto err;
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
if (flags->progress) {
|
||||
@@ -690,17 +682,19 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
|
||||
}
|
||||
|
||||
if (flags->add_assoc) {
|
||||
- rc = filespec_add(stat_buf.st_ino, newcon, pathname, flags);
|
||||
+ rc = filespec_add(sb->st_ino, newcon, pathname, flags);
|
||||
|
||||
if (rc < 0) {
|
||||
selinux_log(SELINUX_ERROR,
|
||||
"filespec_add error: %s\n", pathname);
|
||||
- goto out1;
|
||||
+ freecon(newcon);
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
if (rc > 0) {
|
||||
/* Already an association and it took precedence. */
|
||||
- goto out;
|
||||
+ freecon(newcon);
|
||||
+ return 0;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -708,7 +702,7 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
|
||||
selinux_log(SELINUX_INFO, "%s matched by %s\n",
|
||||
pathname, newcon);
|
||||
|
||||
- if (fgetfilecon_raw(fd, &curcon) < 0) {
|
||||
+ if (lgetfilecon_raw(pathname, &curcon) < 0) {
|
||||
if (errno != ENODATA)
|
||||
goto err;
|
||||
|
||||
@@ -741,7 +735,7 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
|
||||
}
|
||||
|
||||
if (!flags->nochange) {
|
||||
- if (fsetfilecon(fd, newcon) < 0)
|
||||
+ if (lsetfilecon(pathname, newcon) < 0)
|
||||
goto err;
|
||||
updated = true;
|
||||
}
|
||||
@@ -766,8 +760,6 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi
|
||||
out:
|
||||
rc = 0;
|
||||
out1:
|
||||
- if (fd >= 0)
|
||||
- close(fd);
|
||||
freecon(curcon);
|
||||
freecon(newcon);
|
||||
return rc;
|
||||
@@ -865,6 +857,7 @@ static void *selinux_restorecon_thread(void *arg)
|
||||
FTSENT *ftsent;
|
||||
int error;
|
||||
char ent_path[PATH_MAX];
|
||||
+ struct stat ent_st;
|
||||
bool first = false;
|
||||
|
||||
if (state->parallel)
|
||||
@@ -962,11 +955,11 @@ loop_body:
|
||||
/* fall through */
|
||||
default:
|
||||
strcpy(ent_path, ftsent->fts_path);
|
||||
-
|
||||
+ ent_st = *ftsent->fts_statp;
|
||||
if (state->parallel)
|
||||
pthread_mutex_unlock(&state->mutex);
|
||||
|
||||
- error = restorecon_sb(ent_path, &state->flags,
|
||||
+ error = restorecon_sb(ent_path, &ent_st, &state->flags,
|
||||
first);
|
||||
|
||||
if (state->parallel) {
|
||||
@@ -1162,7 +1155,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- error = restorecon_sb(pathname, &state.flags, true);
|
||||
+ error = restorecon_sb(pathname, &sb, &state.flags, true);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
--
|
||||
2.36.1
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 3.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: Public Domain
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz
|
||||
@ -17,6 +17,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
|
||||
Patch0002: 0002-Revert-libselinux-restorecon-pin-file-to-avoid-TOCTO.patch
|
||||
# Patch list end
|
||||
BuildRequires: gcc make
|
||||
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
|
||||
@ -213,6 +214,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
||||
%{ruby_vendorarchdir}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
|
||||
- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
|
||||
|
||||
* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
|
||||
- rebuilt
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user