Apply patch from eparis to fix leaked file descriptor in new labeling code
This commit is contained in:
rhatdan
parent
e1c914df47
commit
5a7e010f07
@ -21,6 +21,13 @@ index 6b9089d..aba6e33 100644
|
|||||||
extern const char *selinux_failsafe_context_path(void);
|
extern const char *selinux_failsafe_context_path(void);
|
||||||
extern const char *selinux_removable_context_path(void);
|
extern const char *selinux_removable_context_path(void);
|
||||||
extern const char *selinux_default_context_path(void);
|
extern const char *selinux_default_context_path(void);
|
||||||
|
diff --git a/libselinux/man/man3/mode_to_security_class.3 b/libselinux/man/man3/mode_to_security_class.3
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..bda9daf
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/libselinux/man/man3/mode_to_security_class.3
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+.so man3/security_class_to_string.3
|
||||||
diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3
|
diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3
|
||||||
index 140737e..e82e1d8 100644
|
index 140737e..e82e1d8 100644
|
||||||
--- a/libselinux/man/man3/security_class_to_string.3
|
--- a/libselinux/man/man3/security_class_to_string.3
|
||||||
@ -207,7 +214,7 @@ index 825f295..d11c8dc 100644
|
|||||||
- S_(BOOLEAN_SUBS, "/booleans.subs")
|
- S_(BOOLEAN_SUBS, "/booleans.subs")
|
||||||
+ S_(BOOLEAN_SUBS, "/booleans.subs_dist")
|
+ S_(BOOLEAN_SUBS, "/booleans.subs_dist")
|
||||||
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
||||||
index 02b3cd2..fad8bbd 100644
|
index 02b3cd2..301e4d6 100644
|
||||||
--- a/libselinux/src/label_file.c
|
--- a/libselinux/src/label_file.c
|
||||||
+++ b/libselinux/src/label_file.c
|
+++ b/libselinux/src/label_file.c
|
||||||
@@ -8,6 +8,7 @@
|
@@ -8,6 +8,7 @@
|
||||||
@ -231,7 +238,7 @@ index 02b3cd2..fad8bbd 100644
|
|||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@@ -229,6 +235,167 @@ static int process_line(struct selabel_handle *rec,
|
@@ -229,6 +235,173 @@ static int process_line(struct selabel_handle *rec,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -254,21 +261,27 @@ index 02b3cd2..fad8bbd 100644
|
|||||||
+ if (rc >= sizeof(mmap_path))
|
+ if (rc >= sizeof(mmap_path))
|
||||||
+ return -1;
|
+ return -1;
|
||||||
+
|
+
|
||||||
+ mmapfd = open(mmap_path, O_RDONLY);
|
+ mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
|
||||||
+ if (!mmapfd)
|
+ if (!mmapfd)
|
||||||
+ return -1;
|
+ return -1;
|
||||||
+
|
+
|
||||||
+ rc = fstat(mmapfd, &mmap_stat);
|
+ rc = fstat(mmapfd, &mmap_stat);
|
||||||
+ if (rc < 0)
|
+ if (rc < 0) {
|
||||||
|
+ close(mmapfd);
|
||||||
+ return -1;
|
+ return -1;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ /* if mmap is old, ignore it */
|
+ /* if mmap is old, ignore it */
|
||||||
+ if (mmap_stat.st_mtime < stat->st_mtime)
|
+ if (mmap_stat.st_mtime < stat->st_mtime) {
|
||||||
|
+ close(mmapfd);
|
||||||
+ return -1;
|
+ return -1;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ if (mmap_stat.st_mtime == stat->st_mtime &&
|
+ if (mmap_stat.st_mtime == stat->st_mtime &&
|
||||||
+ mmap_stat.st_mtim.tv_nsec < stat->st_mtim.tv_nsec)
|
+ mmap_stat.st_mtim.tv_nsec < stat->st_mtim.tv_nsec) {
|
||||||
|
+ close(mmapfd);
|
||||||
+ return -1;
|
+ return -1;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ /* ok, read it in... */
|
+ /* ok, read it in... */
|
||||||
+ len = mmap_stat.st_size;
|
+ len = mmap_stat.st_size;
|
||||||
@ -399,7 +412,7 @@ index 02b3cd2..fad8bbd 100644
|
|||||||
static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix)
|
static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix)
|
||||||
{
|
{
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
@@ -261,6 +428,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
@@ -261,6 +434,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -410,7 +423,7 @@ index 02b3cd2..fad8bbd 100644
|
|||||||
/*
|
/*
|
||||||
* The do detailed validation of the input and fill the spec array
|
* The do detailed validation of the input and fill the spec array
|
||||||
*/
|
*/
|
||||||
@@ -270,6 +441,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
@@ -270,6 +447,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
@ -418,7 +431,7 @@ index 02b3cd2..fad8bbd 100644
|
|||||||
free(line_buf);
|
free(line_buf);
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
|
|
||||||
@@ -357,6 +529,8 @@ static void closef(struct selabel_handle *rec)
|
@@ -357,6 +535,8 @@ static void closef(struct selabel_handle *rec)
|
||||||
|
|
||||||
for (i = 0; i < data->nspec; i++) {
|
for (i = 0; i < data->nspec; i++) {
|
||||||
spec = &data->spec_arr[i];
|
spec = &data->spec_arr[i];
|
||||||
@ -427,7 +440,7 @@ index 02b3cd2..fad8bbd 100644
|
|||||||
free(spec->regex_str);
|
free(spec->regex_str);
|
||||||
free(spec->type_str);
|
free(spec->type_str);
|
||||||
free(spec->lr.ctx_raw);
|
free(spec->lr.ctx_raw);
|
||||||
@@ -369,6 +543,8 @@ static void closef(struct selabel_handle *rec)
|
@@ -369,6 +549,8 @@ static void closef(struct selabel_handle *rec)
|
||||||
|
|
||||||
for (i = 0; i < (unsigned int)data->num_stems; i++) {
|
for (i = 0; i < (unsigned int)data->num_stems; i++) {
|
||||||
stem = &data->stem_arr[i];
|
stem = &data->stem_arr[i];
|
||||||
|
|||||||
@ -10,7 +10,7 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 2.1.12
|
Version: 2.1.12
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: %{name}-%{version}.tgz
|
Source: %{name}-%{version}.tgz
|
||||||
@ -241,6 +241,9 @@ rm -rf %{buildroot}
|
|||||||
%{ruby_sitearch}/selinux.so
|
%{ruby_sitearch}/selinux.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-7
|
||||||
|
- Apply patch from eparis to fix leaked file descriptor in new labeling code
|
||||||
|
|
||||||
* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6
|
* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6
|
||||||
- Add new function mode_to_security_class which takes mode instead of a string.
|
- Add new function mode_to_security_class which takes mode instead of a string.
|
||||||
- Possibly will be used with coreutils.
|
- Possibly will be used with coreutils.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user