libselinux-2.4-3
- Simplify procattr cache (#1257157,#1232371)
This commit is contained in:
parent
b7e1bdd317
commit
8db7ce6b64
@ -1128,6 +1128,110 @@ index 3b96b1d..3868711 100644
|
|||||||
path, lineno, *ctx);
|
path, lineno, *ctx);
|
||||||
} else {
|
} else {
|
||||||
COMPAT_LOG(SELINUX_WARNING,
|
COMPAT_LOG(SELINUX_WARNING,
|
||||||
|
diff --git libselinux-2.4/src/procattr.c libselinux-2.4/src/procattr.c
|
||||||
|
index f990350..527a0a5 100644
|
||||||
|
--- libselinux-2.4/src/procattr.c
|
||||||
|
+++ libselinux-2.4/src/procattr.c
|
||||||
|
@@ -11,8 +11,6 @@
|
||||||
|
|
||||||
|
#define UNSET (char *) -1
|
||||||
|
|
||||||
|
-static __thread pid_t cpid;
|
||||||
|
-static __thread pid_t tid;
|
||||||
|
static __thread char *prev_current = UNSET;
|
||||||
|
static __thread char * prev_exec = UNSET;
|
||||||
|
static __thread char * prev_fscreate = UNSET;
|
||||||
|
@@ -24,15 +22,6 @@ static pthread_key_t destructor_key;
|
||||||
|
static int destructor_key_initialized = 0;
|
||||||
|
static __thread char destructor_initialized;
|
||||||
|
|
||||||
|
-extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden")));
|
||||||
|
-extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
|
||||||
|
-
|
||||||
|
-static int __selinux_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
|
||||||
|
-{
|
||||||
|
- return __register_atfork (prepare, parent, child,
|
||||||
|
- &__dso_handle == NULL ? NULL : __dso_handle);
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
static pid_t gettid(void)
|
||||||
|
{
|
||||||
|
return syscall(__NR_gettid);
|
||||||
|
@@ -52,14 +41,6 @@ static void procattr_thread_destructor(void __attribute__((unused)) *unused)
|
||||||
|
free(prev_sockcreate);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void free_procattr(void)
|
||||||
|
-{
|
||||||
|
- procattr_thread_destructor(NULL);
|
||||||
|
- tid = 0;
|
||||||
|
- cpid = getpid();
|
||||||
|
- prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = UNSET;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
void __attribute__((destructor)) procattr_destructor(void);
|
||||||
|
|
||||||
|
void hidden __attribute__((destructor)) procattr_destructor(void)
|
||||||
|
@@ -79,7 +60,6 @@ static inline void init_thread_destructor(void)
|
||||||
|
static void init_procattr(void)
|
||||||
|
{
|
||||||
|
if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
|
||||||
|
- __selinux_atfork(NULL, NULL, free_procattr);
|
||||||
|
destructor_key_initialized = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -88,21 +68,26 @@ static int openattr(pid_t pid, const char *attr, int flags)
|
||||||
|
{
|
||||||
|
int fd, rc;
|
||||||
|
char *path;
|
||||||
|
-
|
||||||
|
- if (cpid != getpid())
|
||||||
|
- free_procattr();
|
||||||
|
+ pid_t tid;
|
||||||
|
|
||||||
|
if (pid > 0)
|
||||||
|
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||||
|
else {
|
||||||
|
- if (!tid)
|
||||||
|
- tid = gettid();
|
||||||
|
+ rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
|
||||||
|
+ if (rc < 0)
|
||||||
|
+ return -1;
|
||||||
|
+ fd = open(path, flags | O_CLOEXEC);
|
||||||
|
+ if (fd >= 0 || errno != ENOENT)
|
||||||
|
+ goto out;
|
||||||
|
+ free(path);
|
||||||
|
+ tid = gettid();
|
||||||
|
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||||
|
}
|
||||||
|
if (rc < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
fd = open(path, flags | O_CLOEXEC);
|
||||||
|
+out:
|
||||||
|
free(path);
|
||||||
|
return fd;
|
||||||
|
}
|
||||||
|
@@ -120,9 +105,6 @@ static int getprocattrcon_raw(char ** context,
|
||||||
|
__selinux_once(once, init_procattr);
|
||||||
|
init_thread_destructor();
|
||||||
|
|
||||||
|
- if (cpid != getpid())
|
||||||
|
- free_procattr();
|
||||||
|
-
|
||||||
|
switch (attr[0]) {
|
||||||
|
case 'c':
|
||||||
|
prev_context = prev_current;
|
||||||
|
@@ -220,9 +202,6 @@ static int setprocattrcon_raw(const char * context,
|
||||||
|
__selinux_once(once, init_procattr);
|
||||||
|
init_thread_destructor();
|
||||||
|
|
||||||
|
- if (cpid != getpid())
|
||||||
|
- free_procattr();
|
||||||
|
-
|
||||||
|
switch (attr[0]) {
|
||||||
|
case 'c':
|
||||||
|
prev_context = &prev_current;
|
||||||
diff --git libselinux-2.4/src/selinux_config.c libselinux-2.4/src/selinux_config.c
|
diff --git libselinux-2.4/src/selinux_config.c libselinux-2.4/src/selinux_config.c
|
||||||
index 30e9dc7..bec5f3b 100644
|
index 30e9dc7..bec5f3b 100644
|
||||||
--- libselinux-2.4/src/selinux_config.c
|
--- libselinux-2.4/src/selinux_config.c
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 2.4
|
Version: 2.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
@ -247,6 +247,9 @@ rm -rf %{buildroot}
|
|||||||
%{ruby_vendorarchdir}/selinux.so
|
%{ruby_vendorarchdir}/selinux.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-3
|
||||||
|
- Simplify procattr cache (#1257157,#1232371)
|
||||||
|
|
||||||
* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-2
|
* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-2
|
||||||
- Export ldflags into the build so hardening works
|
- Export ldflags into the build so hardening works
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user