diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 2d21e3d..77948d7 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -6652,7 +6652,7 @@ index 2d7369e..2a00807 100644 } diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c -index 83381e4..40345e9 100644 +index 83381e4..be9f8b0 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -8,11 +8,54 @@ @@ -6718,55 +6718,43 @@ index 83381e4..40345e9 100644 int errno_hold; if (pid > 0) -@@ -87,19 +129,56 @@ static int getprocattrcon(security_context_t * context, - return ret; - } - -+#define UPDATE_CACHE(context, cache) \ -+ if (!context && !cache) \ -+ return 0; \ -+ if (!context) { \ -+ free(cache); \ -+ cache = NULL; \ -+ } else { \ -+ if (cache && !strcmp(context,cache)) \ -+ return 0; \ -+ free(cache); \ -+ cache = strdup(context);\ -+ } -+ - static int setprocattrcon_raw(security_context_t context, - pid_t pid, const char *attr) +@@ -92,14 +134,44 @@ static int setprocattrcon_raw(security_context_t context, { char *path; int fd, rc; - pid_t tid; ssize_t ret; int errno_hold; - ++ security_context_t *prev_context; ++ + __selinux_once(once, init_procattr); + init_thread_destructor(); + + switch (attr[0]) { + case 'c': -+ UPDATE_CACHE(context, prev_current); ++ prev_context = &prev_current; + break; + case 'e': -+ UPDATE_CACHE(context, prev_exec); ++ prev_context = &prev_exec; + break; + case 'f': -+ UPDATE_CACHE(context, prev_fscreate); ++ prev_context = &prev_fscreate; + break; + case 'k': -+ UPDATE_CACHE(context, prev_keycreate); ++ prev_context = &prev_keycreate; + break; + case 's': -+ UPDATE_CACHE(context, prev_sockcreate); ++ prev_context = &prev_sockcreate; + break; + default: + return -1; + }; + ++ if (!context && !*prev_context) ++ return 0; ++ if (context && *prev_context && !strcmp(context, *prev_context)) ++ return 0; + if (pid > 0) rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); else { @@ -6777,6 +6765,41 @@ index 83381e4..40345e9 100644 rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); } if (rc < 0) +@@ -109,21 +181,30 @@ static int setprocattrcon_raw(security_context_t context, + free(path); + if (fd < 0) + return -1; +- if (context) ++ if (context) { ++ ret = -1; ++ context = strdup(context); ++ if (!context) ++ goto out; + do { + ret = write(fd, context, strlen(context) + 1); + } while (ret < 0 && errno == EINTR); +- else ++ } else { + do { + ret = write(fd, NULL, 0); /* clear */ + } while (ret < 0 && errno == EINTR); ++ } ++out: + errno_hold = errno; + close(fd); + errno = errno_hold; +- if (ret < 0) ++ if (ret < 0) { ++ free(context); + return -1; +- else ++ } else { ++ *prev_context = context; + return 0; ++ } + } + + static int setprocattrcon(const security_context_t context, diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index 296f357..cb65666 100644 --- a/libselinux/src/selinux_config.c diff --git a/libselinux.spec b/libselinux.spec index afc431e..2047af8 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -10,7 +10,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.1.12 -Release: 12%{?dist} +Release: 13%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -241,6 +241,9 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Thu Jan 10 2013 Dan Walsh - 2.1.12-13 +- Fix setfscreatecon call to handle failure mode, which was breaking udev + * Wed Jan 9 2013 Dan Walsh - 2.1.12-12 - Ondrej Oprala patch to optimize set*con functions - Set*con now caches the security context and only re-sets it if it changes.