setfscreatecon after fork was broken by the Set*con patch.
- We needed to reset the thread variables after a fork.
This commit is contained in:
Dan Walsh
parent
a9a8a9f55f
commit
7a71cdb44d
@ -5864,6 +5864,49 @@ index ae21175..948aff1 100644
|
|||||||
+.BR booleans (8),
|
+.BR booleans (8),
|
||||||
+.BR getsebool (8),
|
+.BR getsebool (8),
|
||||||
+.BR setsebool (8)
|
+.BR setsebool (8)
|
||||||
|
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
|
||||||
|
index ac019df..613a4ed 100644
|
||||||
|
--- a/libselinux/src/Makefile
|
||||||
|
+++ b/libselinux/src/Makefile
|
||||||
|
@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
|
||||||
|
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
|
||||||
|
LIBBASE=$(shell basename $(LIBDIR))
|
||||||
|
|
||||||
|
-LDFLAGS ?= -lpcre
|
||||||
|
+LDFLAGS ?= -lpcre -lpthread
|
||||||
|
|
||||||
|
VERSION = $(shell cat ../VERSION)
|
||||||
|
LIBVERSION = 1
|
||||||
|
@@ -106,17 +106,17 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
|
||||||
|
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
|
||||||
|
|
||||||
|
$(SWIGSO): $(SWIGLOBJ)
|
||||||
|
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR)
|
||||||
|
+ $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
|
||||||
|
|
||||||
|
$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
|
||||||
|
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR)
|
||||||
|
+ $(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
|
||||||
|
|
||||||
|
$(LIBA): $(OBJS)
|
||||||
|
$(AR) rcs $@ $^
|
||||||
|
$(RANLIB) $@
|
||||||
|
|
||||||
|
$(LIBSO): $(LOBJS)
|
||||||
|
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
|
||||||
|
+ $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
|
||||||
|
ln -sf $@ $(TARGET)
|
||||||
|
|
||||||
|
$(LIBPC): $(LIBPC).in ../VERSION
|
||||||
|
@@ -129,7 +129,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
|
||||||
|
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
|
||||||
|
|
||||||
|
$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
|
||||||
|
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
|
||||||
|
+ $(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
|
||||||
|
|
||||||
|
%.o: %.c policy.h
|
||||||
|
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
|
||||||
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
|
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
|
||||||
index 02483a3..73c07aa 100644
|
index 02483a3..73c07aa 100644
|
||||||
--- a/libselinux/src/audit2why.c
|
--- a/libselinux/src/audit2why.c
|
||||||
@ -6652,10 +6695,18 @@ index 2d7369e..2a00807 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
|
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
|
||||||
index 83381e4..be9f8b0 100644
|
index 83381e4..08b75d4 100644
|
||||||
--- a/libselinux/src/procattr.c
|
--- a/libselinux/src/procattr.c
|
||||||
+++ b/libselinux/src/procattr.c
|
+++ b/libselinux/src/procattr.c
|
||||||
@@ -8,11 +8,54 @@
|
@@ -1,6 +1,7 @@
|
||||||
|
#include <sys/syscall.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
+#include <pthread.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
@@ -8,11 +9,63 @@
|
||||||
#include "selinux_internal.h"
|
#include "selinux_internal.h"
|
||||||
#include "policy.h"
|
#include "policy.h"
|
||||||
|
|
||||||
@ -6685,6 +6736,13 @@ index 83381e4..be9f8b0 100644
|
|||||||
+ free(prev_sockcreate);
|
+ free(prev_sockcreate);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
|
+static void free_procattr(void)
|
||||||
|
+{
|
||||||
|
+ procattr_thread_destructor(NULL);
|
||||||
|
+ tid = -1;
|
||||||
|
+ prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
+void __attribute__((destructor)) procattr_destructor(void);
|
+void __attribute__((destructor)) procattr_destructor(void);
|
||||||
+
|
+
|
||||||
+void hidden __attribute__((destructor)) procattr_destructor(void)
|
+void hidden __attribute__((destructor)) procattr_destructor(void)
|
||||||
@ -6703,22 +6761,35 @@ index 83381e4..be9f8b0 100644
|
|||||||
+
|
+
|
||||||
+static void init_procattr(void)
|
+static void init_procattr(void)
|
||||||
+{
|
+{
|
||||||
+ if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0)
|
+ if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
|
||||||
|
+ pthread_atfork(NULL, NULL, free_procattr);
|
||||||
+ destructor_key_initialized = 1;
|
+ destructor_key_initialized = 1;
|
||||||
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
static int getprocattrcon_raw(security_context_t * context,
|
static int getprocattrcon_raw(security_context_t * context,
|
||||||
pid_t pid, const char *attr)
|
pid_t pid, const char *attr)
|
||||||
{
|
{
|
||||||
@@ -20,7 +63,6 @@ static int getprocattrcon_raw(security_context_t * context,
|
@@ -20,13 +73,16 @@ static int getprocattrcon_raw(security_context_t * context,
|
||||||
size_t size;
|
size_t size;
|
||||||
int fd, rc;
|
int fd, rc;
|
||||||
ssize_t ret;
|
ssize_t ret;
|
||||||
- pid_t tid;
|
- pid_t tid;
|
||||||
int errno_hold;
|
int errno_hold;
|
||||||
|
|
||||||
|
+ __selinux_once(once, init_procattr);
|
||||||
|
+ init_thread_destructor();
|
||||||
|
+
|
||||||
if (pid > 0)
|
if (pid > 0)
|
||||||
@@ -92,14 +134,44 @@ static int setprocattrcon_raw(security_context_t context,
|
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||||
|
else {
|
||||||
|
- tid = gettid();
|
||||||
|
+ if (tid == -1)
|
||||||
|
+ tid = gettid();
|
||||||
|
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||||
|
}
|
||||||
|
if (rc < 0)
|
||||||
|
@@ -92,14 +148,44 @@ static int setprocattrcon_raw(security_context_t context,
|
||||||
{
|
{
|
||||||
char *path;
|
char *path;
|
||||||
int fd, rc;
|
int fd, rc;
|
||||||
@ -6765,7 +6836,7 @@ index 83381e4..be9f8b0 100644
|
|||||||
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||||
}
|
}
|
||||||
if (rc < 0)
|
if (rc < 0)
|
||||||
@@ -109,21 +181,30 @@ static int setprocattrcon_raw(security_context_t context,
|
@@ -109,21 +195,30 @@ static int setprocattrcon_raw(security_context_t context,
|
||||||
free(path);
|
free(path);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
@ -10,7 +10,7 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 2.1.12
|
Version: 2.1.12
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: %{name}-%{version}.tgz
|
Source: %{name}-%{version}.tgz
|
||||||
@ -241,6 +241,10 @@ rm -rf %{buildroot}
|
|||||||
%{ruby_sitearch}/selinux.so
|
%{ruby_sitearch}/selinux.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
|
||||||
|
- setfscreatecon after fork was broken by the Set*con patch.
|
||||||
|
- We needed to reset the thread variables after a fork.
|
||||||
|
|
||||||
* Thu Jan 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
|
* Thu Jan 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
|
||||||
- Fix setfscreatecon call to handle failure mode, which was breaking udev
|
- Fix setfscreatecon call to handle failure mode, which was breaking udev
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user