Fix setfscreatecon call to handle failure mode, which was breaking udev

libselinux-rhat.patch

@@ -6652,7 +6652,7 @@ index 2d7369e..2a00807 100644
  }
  
 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..40345e9 100644
+index 83381e4..be9f8b0 100644
 --- a/libselinux/src/procattr.c
 +++ b/libselinux/src/procattr.c
 @@ -8,11 +8,54 @@
@@ -6718,55 +6718,43 @@ index 83381e4..40345e9 100644
  	int errno_hold;
  
  	if (pid > 0)
-@@ -87,19 +129,56 @@ static int getprocattrcon(security_context_t * context,
+@@ -92,14 +134,44 @@ static int setprocattrcon_raw(security_context_t context,
- 	return ret;
- }
- 
-+#define UPDATE_CACHE(context, cache)	\
-+	if (!context && !cache)		\
-+		return 0;		\
-+	if (!context) {			\
-+		free(cache);		\
-+		cache = NULL;		\
-+	} else {			\
-+		if (cache && !strcmp(context,cache)) \
-+			return 0;	\
-+		free(cache);		\
-+		cache = strdup(context);\
-+	}
-+
- static int setprocattrcon_raw(security_context_t context,
- 			      pid_t pid, const char *attr)
  {
  	char *path;
  	int fd, rc;
 -	pid_t tid;
  	ssize_t ret;
  	int errno_hold;
- 
++	security_context_t *prev_context;
++
 +	__selinux_once(once, init_procattr);
 +	init_thread_destructor();
 +
 +	switch (attr[0]) {
 +		case 'c':
-+			UPDATE_CACHE(context, prev_current);
++			prev_context = &prev_current;
 +			break;
 +		case 'e':
-+			UPDATE_CACHE(context, prev_exec);
++			prev_context = &prev_exec;
 +			break;
 +		case 'f':
-+			UPDATE_CACHE(context, prev_fscreate);
++			prev_context = &prev_fscreate;
 +			break;
 +		case 'k':
-+			UPDATE_CACHE(context, prev_keycreate);
++			prev_context = &prev_keycreate;
 +			break;
 +		case 's':
-+			UPDATE_CACHE(context, prev_sockcreate);
++			prev_context = &prev_sockcreate;
 +			break;
 +		default:
 +			return -1;
 +	};
 +
++	if (!context && !*prev_context)
++		return 0;
++	if (context && *prev_context && !strcmp(context, *prev_context))
++		return 0;
+ 
  	if (pid > 0)
  		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
  	else {
@@ -6777,6 +6765,41 @@ index 83381e4..40345e9 100644
  		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
  	}
  	if (rc < 0)
+@@ -109,21 +181,30 @@ static int setprocattrcon_raw(security_context_t context,
+ 	free(path);
+ 	if (fd < 0)
+ 		return -1;
+-	if (context)
++	if (context) {
++		ret = -1;
++		context = strdup(context);
++		if (!context)
++			goto out;
+ 		do {
+ 			ret = write(fd, context, strlen(context) + 1);
+ 		} while (ret < 0 && errno == EINTR);
+-	else
++	} else {
+ 		do {
+ 			ret = write(fd, NULL, 0);	/* clear */
+ 		} while (ret < 0 && errno == EINTR);
++	}
++out:
+ 	errno_hold = errno;
+ 	close(fd);
+ 	errno = errno_hold;
+-	if (ret < 0)
++	if (ret < 0) {
++		free(context);
+ 		return -1;
+-	else
++	} else {
++		*prev_context = context;
+ 		return 0;
++	}
+ }
+ 
+ static int setprocattrcon(const security_context_t context,
 diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
 index 296f357..cb65666 100644
 --- a/libselinux/src/selinux_config.c

libselinux.spec

@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Thu Jan 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
+- Fix setfscreatecon call to handle failure mode, which was breaking udev
+
 * Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-12
 - Ondrej Oprala patch to optimize set*con functions
 -    Set*con now caches the security context and only re-sets it if it changes.