Apply patch from eparis to fix leaked file descriptor in new labeling code
This commit is contained in:
rhatdan
parent
e1c914df47
commit
5a7e010f07
@ -21,6 +21,13 @@ index 6b9089d..aba6e33 100644
|
||||
extern const char *selinux_failsafe_context_path(void);
|
||||
extern const char *selinux_removable_context_path(void);
|
||||
extern const char *selinux_default_context_path(void);
|
||||
diff --git a/libselinux/man/man3/mode_to_security_class.3 b/libselinux/man/man3/mode_to_security_class.3
|
||||
new file mode 100644
|
||||
index 0000000..bda9daf
|
||||
--- /dev/null
|
||||
+++ b/libselinux/man/man3/mode_to_security_class.3
|
||||
@@ -0,0 +1 @@
|
||||
+.so man3/security_class_to_string.3
|
||||
diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3
|
||||
index 140737e..e82e1d8 100644
|
||||
--- a/libselinux/man/man3/security_class_to_string.3
|
||||
@ -207,7 +214,7 @@ index 825f295..d11c8dc 100644
|
||||
- S_(BOOLEAN_SUBS, "/booleans.subs")
|
||||
+ S_(BOOLEAN_SUBS, "/booleans.subs_dist")
|
||||
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
||||
index 02b3cd2..fad8bbd 100644
|
||||
index 02b3cd2..301e4d6 100644
|
||||
--- a/libselinux/src/label_file.c
|
||||
+++ b/libselinux/src/label_file.c
|
||||
@@ -8,6 +8,7 @@
|
||||
@ -231,7 +238,7 @@ index 02b3cd2..fad8bbd 100644
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <unistd.h>
|
||||
@@ -229,6 +235,167 @@ static int process_line(struct selabel_handle *rec,
|
||||
@@ -229,6 +235,173 @@ static int process_line(struct selabel_handle *rec,
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -254,21 +261,27 @@ index 02b3cd2..fad8bbd 100644
|
||||
+ if (rc >= sizeof(mmap_path))
|
||||
+ return -1;
|
||||
+
|
||||
+ mmapfd = open(mmap_path, O_RDONLY);
|
||||
+ mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
|
||||
+ if (!mmapfd)
|
||||
+ return -1;
|
||||
+
|
||||
+ rc = fstat(mmapfd, &mmap_stat);
|
||||
+ if (rc < 0)
|
||||
+ if (rc < 0) {
|
||||
+ close(mmapfd);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* if mmap is old, ignore it */
|
||||
+ if (mmap_stat.st_mtime < stat->st_mtime)
|
||||
+ if (mmap_stat.st_mtime < stat->st_mtime) {
|
||||
+ close(mmapfd);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (mmap_stat.st_mtime == stat->st_mtime &&
|
||||
+ mmap_stat.st_mtim.tv_nsec < stat->st_mtim.tv_nsec)
|
||||
+ mmap_stat.st_mtim.tv_nsec < stat->st_mtim.tv_nsec) {
|
||||
+ close(mmapfd);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* ok, read it in... */
|
||||
+ len = mmap_stat.st_size;
|
||||
@ -399,7 +412,7 @@ index 02b3cd2..fad8bbd 100644
|
||||
static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix)
|
||||
{
|
||||
FILE *fp;
|
||||
@@ -261,6 +428,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
||||
@@ -261,6 +434,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -410,7 +423,7 @@ index 02b3cd2..fad8bbd 100644
|
||||
/*
|
||||
* The do detailed validation of the input and fill the spec array
|
||||
*/
|
||||
@@ -270,6 +441,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
||||
@@ -270,6 +447,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
@ -418,7 +431,7 @@ index 02b3cd2..fad8bbd 100644
|
||||
free(line_buf);
|
||||
fclose(fp);
|
||||
|
||||
@@ -357,6 +529,8 @@ static void closef(struct selabel_handle *rec)
|
||||
@@ -357,6 +535,8 @@ static void closef(struct selabel_handle *rec)
|
||||
|
||||
for (i = 0; i < data->nspec; i++) {
|
||||
spec = &data->spec_arr[i];
|
||||
@ -427,7 +440,7 @@ index 02b3cd2..fad8bbd 100644
|
||||
free(spec->regex_str);
|
||||
free(spec->type_str);
|
||||
free(spec->lr.ctx_raw);
|
||||
@@ -369,6 +543,8 @@ static void closef(struct selabel_handle *rec)
|
||||
@@ -369,6 +549,8 @@ static void closef(struct selabel_handle *rec)
|
||||
|
||||
for (i = 0; i < (unsigned int)data->num_stems; i++) {
|
||||
stem = &data->stem_arr[i];
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.1.12
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: %{name}-%{version}.tgz
|
||||
@ -241,6 +241,9 @@ rm -rf %{buildroot}
|
||||
%{ruby_sitearch}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-7
|
||||
- Apply patch from eparis to fix leaked file descriptor in new labeling code
|
||||
|
||||
* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6
|
||||
- Add new function mode_to_security_class which takes mode instead of a string.
|
||||
- Possibly will be used with coreutils.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user