Fix tid handling for setfscreatecon, old patch still broken in libvirt
This commit is contained in:
Dan Walsh
parent
f0a059565a
commit
775a744b5d
@ -5865,10 +5865,15 @@ index ae21175..948aff1 100644
|
|||||||
+.BR getsebool (8),
|
+.BR getsebool (8),
|
||||||
+.BR setsebool (8)
|
+.BR setsebool (8)
|
||||||
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
|
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
|
||||||
index ac019df..613a4ed 100644
|
index ac019df..c4f5d4c 100644
|
||||||
--- a/libselinux/src/Makefile
|
--- a/libselinux/src/Makefile
|
||||||
+++ b/libselinux/src/Makefile
|
+++ b/libselinux/src/Makefile
|
||||||
@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
|
@@ -16,11 +16,11 @@ PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
|
||||||
|
PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
|
||||||
|
RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
|
||||||
|
RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
|
||||||
|
-RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
|
||||||
|
+RUBYINC ?= $(shell pkg-config --cflags ruby)
|
||||||
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
|
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
|
||||||
LIBBASE=$(shell basename $(LIBDIR))
|
LIBBASE=$(shell basename $(LIBDIR))
|
||||||
|
|
||||||
@ -6695,7 +6700,7 @@ index 2d7369e..2a00807 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
|
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
|
||||||
index 83381e4..a2bcabb 100644
|
index 83381e4..70355c1 100644
|
||||||
--- a/libselinux/src/procattr.c
|
--- a/libselinux/src/procattr.c
|
||||||
+++ b/libselinux/src/procattr.c
|
+++ b/libselinux/src/procattr.c
|
||||||
@@ -1,6 +1,7 @@
|
@@ -1,6 +1,7 @@
|
||||||
@ -6706,16 +6711,17 @@ index 83381e4..a2bcabb 100644
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@@ -8,33 +9,106 @@
|
@@ -8,33 +9,98 @@
|
||||||
#include "selinux_internal.h"
|
#include "selinux_internal.h"
|
||||||
#include "policy.h"
|
#include "policy.h"
|
||||||
|
|
||||||
+static __thread pid_t tid = -1;
|
+static __thread pid_t cpid;
|
||||||
+static __thread security_context_t prev_current = NULL;
|
+static __thread pid_t tid;
|
||||||
+static __thread security_context_t prev_exec = NULL;
|
+static __thread security_context_t prev_current;
|
||||||
+static __thread security_context_t prev_fscreate = NULL;
|
+static __thread security_context_t prev_exec;
|
||||||
+static __thread security_context_t prev_keycreate = NULL;
|
+static __thread security_context_t prev_fscreate;
|
||||||
+static __thread security_context_t prev_sockcreate = NULL;
|
+static __thread security_context_t prev_keycreate;
|
||||||
|
+static __thread security_context_t prev_sockcreate;
|
||||||
+
|
+
|
||||||
+static pthread_once_t once = PTHREAD_ONCE_INIT;
|
+static pthread_once_t once = PTHREAD_ONCE_INIT;
|
||||||
+static pthread_key_t destructor_key;
|
+static pthread_key_t destructor_key;
|
||||||
@ -6727,6 +6733,8 @@ index 83381e4..a2bcabb 100644
|
|||||||
return syscall(__NR_gettid);
|
return syscall(__NR_gettid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
-static int getprocattrcon_raw(security_context_t * context,
|
||||||
|
- pid_t pid, const char *attr)
|
||||||
+static void procattr_thread_destructor(void __attribute__((unused)) *unused)
|
+static void procattr_thread_destructor(void __attribute__((unused)) *unused)
|
||||||
+{
|
+{
|
||||||
+ free(prev_current);
|
+ free(prev_current);
|
||||||
@ -6739,7 +6747,7 @@ index 83381e4..a2bcabb 100644
|
|||||||
+static void free_procattr(void)
|
+static void free_procattr(void)
|
||||||
+{
|
+{
|
||||||
+ procattr_thread_destructor(NULL);
|
+ procattr_thread_destructor(NULL);
|
||||||
+ tid = -1;
|
+ cpid = tid = 0;
|
||||||
+ prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
|
+ prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -6768,66 +6776,61 @@ index 83381e4..a2bcabb 100644
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static int openattr(pid_t pid, const char *attr, int flags)
|
+static int openattr(pid_t pid, const char *attr, int flags)
|
||||||
+{
|
{
|
||||||
+ int firsttime = (pid == 0);
|
- char *path, *buf;
|
||||||
+ int fd=-1, rc;
|
- size_t size;
|
||||||
|
int fd, rc;
|
||||||
|
- ssize_t ret;
|
||||||
|
- pid_t tid;
|
||||||
|
- int errno_hold;
|
||||||
+ char *path;
|
+ char *path;
|
||||||
+ do {
|
|
||||||
+ if (pid > 0) {
|
if (pid > 0)
|
||||||
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||||
+ } else {
|
else {
|
||||||
+ if (tid == -1) {
|
- tid = gettid();
|
||||||
+ firsttime = 0;
|
+ if (!tid)
|
||||||
+ tid = gettid();
|
+ tid = gettid();
|
||||||
+ }
|
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||||
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
}
|
||||||
+ }
|
if (rc < 0)
|
||||||
+ if (rc < 0)
|
return -1;
|
||||||
+ return -1;
|
|
||||||
+
|
- fd = open(path, O_RDONLY);
|
||||||
+ fd = open(path, flags);
|
+ fd = open(path, flags);
|
||||||
+ free(path); path=NULL;
|
free(path);
|
||||||
+ if (fd >= 0)
|
- if (fd < 0)
|
||||||
+ break;
|
|
||||||
+ tid = -1;
|
|
||||||
+
|
|
||||||
+ } while (firsttime);
|
|
||||||
+
|
|
||||||
+ return fd;
|
+ return fd;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
static int getprocattrcon_raw(security_context_t * context,
|
+static int getprocattrcon_raw(security_context_t * context,
|
||||||
pid_t pid, const char *attr)
|
+ pid_t pid, const char *attr)
|
||||||
{
|
+{
|
||||||
- char *path, *buf;
|
|
||||||
+ char *buf;
|
+ char *buf;
|
||||||
size_t size;
|
+ size_t size;
|
||||||
- int fd, rc;
|
|
||||||
+ int fd;
|
+ int fd;
|
||||||
ssize_t ret;
|
+ ssize_t ret;
|
||||||
- pid_t tid;
|
+ int errno_hold;
|
||||||
int errno_hold;
|
+
|
||||||
|
|
||||||
- if (pid > 0)
|
|
||||||
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
|
||||||
- else {
|
|
||||||
- tid = gettid();
|
|
||||||
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
|
||||||
- }
|
|
||||||
- if (rc < 0)
|
|
||||||
- return -1;
|
|
||||||
+ __selinux_once(once, init_procattr);
|
+ __selinux_once(once, init_procattr);
|
||||||
+ init_thread_destructor();
|
+ init_thread_destructor();
|
||||||
|
+
|
||||||
- fd = open(path, O_RDONLY);
|
|
||||||
- free(path);
|
|
||||||
- if (fd < 0)
|
|
||||||
+ fd = openattr(pid, attr, O_RDONLY);
|
+ fd = openattr(pid, attr, O_RDONLY);
|
||||||
+ if (fd < 0)
|
+ if (fd < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
size = selinux_page_size;
|
size = selinux_page_size;
|
||||||
@@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context,
|
@@ -77,6 +143,9 @@ static int getprocattrcon(security_context_t * context,
|
||||||
|
int ret;
|
||||||
|
security_context_t rcontext;
|
||||||
|
|
||||||
|
+ if (cpid != getpid())
|
||||||
|
+ free_procattr();
|
||||||
|
+
|
||||||
|
ret = getprocattrcon_raw(&rcontext, pid, attr);
|
||||||
|
|
||||||
|
if (!ret) {
|
||||||
|
@@ -90,40 +159,69 @@ static int getprocattrcon(security_context_t * context,
|
||||||
static int setprocattrcon_raw(security_context_t context,
|
static int setprocattrcon_raw(security_context_t context,
|
||||||
pid_t pid, const char *attr)
|
pid_t pid, const char *attr)
|
||||||
{
|
{
|
||||||
@ -6849,6 +6852,11 @@ index 83381e4..a2bcabb 100644
|
|||||||
- return -1;
|
- return -1;
|
||||||
+ __selinux_once(once, init_procattr);
|
+ __selinux_once(once, init_procattr);
|
||||||
+ init_thread_destructor();
|
+ init_thread_destructor();
|
||||||
|
|
||||||
|
- fd = open(path, O_RDWR);
|
||||||
|
- free(path);
|
||||||
|
+ if (cpid != getpid())
|
||||||
|
+ free_procattr();
|
||||||
+
|
+
|
||||||
+ switch (attr[0]) {
|
+ switch (attr[0]) {
|
||||||
+ case 'c':
|
+ case 'c':
|
||||||
@ -6874,9 +6882,7 @@ index 83381e4..a2bcabb 100644
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+ if (context && *prev_context && !strcmp(context, *prev_context))
|
+ if (context && *prev_context && !strcmp(context, *prev_context))
|
||||||
+ return 0;
|
+ return 0;
|
||||||
|
+
|
||||||
- fd = open(path, O_RDWR);
|
|
||||||
- free(path);
|
|
||||||
+ fd = openattr(pid, attr, O_RDWR);
|
+ fd = openattr(pid, attr, O_RDWR);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
%global with_python3 1
|
%global with_python3 1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%define ruby_inc %(pkg-config --cflags ruby-1.9)
|
%define ruby_inc %(pkg-config --cflags ruby)
|
||||||
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
|
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
|
||||||
%define libsepolver 2.1.8-6
|
%define libsepolver 2.1.8-6
|
||||||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||||
@ -10,7 +10,7 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 2.1.12
|
Version: 2.1.12
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: %{name}-%{version}.tgz
|
Source: %{name}-%{version}.tgz
|
||||||
@ -241,6 +241,9 @@ rm -rf %{buildroot}
|
|||||||
%{ruby_sitearch}/selinux.so
|
%{ruby_sitearch}/selinux.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-16
|
||||||
|
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
|
||||||
|
|
||||||
* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
|
* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
|
||||||
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
|
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user