libselinux/0006-libselinux-initialize-last_policyload-in-selinux_sta.patch

From a63f93d83b57f1a10712c5fcd29be246e8eff20d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 25 Aug 2020 17:32:05 +0200
Subject: [PATCH] libselinux: initialize last_policyload in
 selinux_status_open()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If not initialized to the current policyload count, an enforcing change
will trigger policyload-callbacks in selinux_status_updated().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 libselinux/src/sestatus.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index ca2d3bbf9cb2..9ff2785d876a 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -278,9 +278,10 @@ static int fallback_cb_policyload(int policyload)
  */
 int selinux_status_open(int fallback)
 {
-	int	fd;
-	char	path[PATH_MAX];
-	long	pagesize;
+	int		fd;
+	char		path[PATH_MAX];
+	long		pagesize;
+	uint32_t	seqno;
 
 	if (!selinux_mnt) {
 		errno = ENOENT;
@@ -304,6 +305,14 @@ int selinux_status_open(int fallback)
 	selinux_status_fd = fd;
 	last_seqno = (uint32_t)(-1);
 
+	/* sequence must not be changed during references */
+	do {
+		seqno = read_sequence(selinux_status);
+
+		last_policyload = selinux_status->policyload;
+
+	} while (seqno != read_sequence(selinux_status));
+
 	/* No need to use avc threads if the kernel status page is available */
 	avc_using_threads = 0;
 
-- 
2.29.0