rpms/libselinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix tid handling for setfscreatecon, old patch still broken in libvirt

Browse Source
This commit is contained in:
Dan Walsh 2013-01-18 10:01:45 -06:00
parent 7a71cdb44d
commit f0a059565a
2 changed files with 74 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
libselinux-rhat.patch
View File

@ -6695,7 +6695,7 @@ index 2d7369e..2a00807 100644
} }
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 83381e4..08b75d4 100644 index 83381e4..a2bcabb 100644
--- a/libselinux/src/procattr.c --- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
@ -6706,7 +6706,7 @@ index 83381e4..08b75d4 100644
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
@@ -8,11 +9,63 @@ @@ -8,33 +9,106 @@
#include "selinux_internal.h" #include "selinux_internal.h"
#include "policy.h" #include "policy.h"
@ -6766,38 +6766,87 @@ index 83381e4..08b75d4 100644
+ destructor_key_initialized = 1; + destructor_key_initialized = 1;
+ } + }
+} +}
+
+static int openattr(pid_t pid, const char *attr, int flags)
+{
+ int firsttime = (pid == 0);
+ int fd=-1, rc;
+ char *path;
+ do {
+ if (pid > 0) {
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ } else {
+ if (tid == -1) {
+ firsttime = 0;
+ tid = gettid();
+ }
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ }
+ if (rc < 0)
+ return -1;
+
+ fd = open(path, flags);
+ free(path); path=NULL;
+ if (fd >= 0)
+ break;
+ tid = -1;
+
+ } while (firsttime);
+
+ return fd;
+}
+ +
static int getprocattrcon_raw(security_context_t * context, static int getprocattrcon_raw(security_context_t * context,
pid_t pid, const char *attr) pid_t pid, const char *attr)
{ {
@@ -20,13 +73,16 @@ static int getprocattrcon_raw(security_context_t * context, - char *path, *buf;
+ char *buf;
size_t size; size_t size;
int fd, rc; - int fd, rc;
+ int fd;
ssize_t ret; ssize_t ret;
- pid_t tid; - pid_t tid;
int errno_hold; int errno_hold;
- if (pid > 0)
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- else {
- tid = gettid();
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- }
- if (rc < 0)
- return -1;
+ __selinux_once(once, init_procattr); + __selinux_once(once, init_procattr);
+ init_thread_destructor(); + init_thread_destructor();
+
if (pid > 0) - fd = open(path, O_RDONLY);
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); - free(path);
else { - if (fd < 0)
- tid = gettid(); + fd = openattr(pid, attr, O_RDONLY);
+ if (tid == -1) + if (fd < 0)
+ tid = gettid(); return -1;
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
} size = selinux_page_size;
if (rc < 0) @@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context,
@@ -92,14 +148,44 @@ static int setprocattrcon_raw(security_context_t context, static int setprocattrcon_raw(security_context_t context,
pid_t pid, const char *attr)
{ {
char *path; - char *path;
int fd, rc; - int fd, rc;
- pid_t tid; - pid_t tid;
+ int fd;
ssize_t ret; ssize_t ret;
int errno_hold; int errno_hold;
+ security_context_t *prev_context; + security_context_t *prev_context;
+
- if (pid > 0)
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- else {
- tid = gettid();
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- }
- if (rc < 0)
- return -1;
+ __selinux_once(once, init_procattr); + __selinux_once(once, init_procattr);
+ init_thread_destructor(); + init_thread_destructor();
+ +
@ -6826,18 +6875,9 @@ index 83381e4..08b75d4 100644
+ if (context && *prev_context && !strcmp(context, *prev_context)) + if (context && *prev_context && !strcmp(context, *prev_context))
+ return 0; + return 0;
if (pid > 0) - fd = open(path, O_RDWR);
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); - free(path);
else { + fd = openattr(pid, attr, O_RDWR);
- tid = gettid();
+ if (tid == -1)
+ tid = gettid();
+
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
}
if (rc < 0)
@@ -109,21 +195,30 @@ static int setprocattrcon_raw(security_context_t context,
free(path);
if (fd < 0) if (fd < 0)
return -1; return -1;
- if (context) - if (context)

5
libselinux.spec
View File

@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.1.12 Version: 2.1.12
Release: 14%{?dist} Release: 15%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
Source: %{name}-%{version}.tgz Source: %{name}-%{version}.tgz
@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so %{ruby_sitearch}/selinux.so
%changelog %changelog
* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14 * Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
- setfscreatecon after fork was broken by the Set*con patch. - setfscreatecon after fork was broken by the Set*con patch.
- We needed to reset the thread variables after a fork. - We needed to reset the thread variables after a fork.