import libsemanage-2.9-3.el8
This commit is contained in:
parent
6ed641eb51
commit
b15af23010
156
SOURCES/0003-libsemanage-fsync-final-files-before-rename.patch
Normal file
156
SOURCES/0003-libsemanage-fsync-final-files-before-rename.patch
Normal file
@ -0,0 +1,156 @@
|
||||
From dc4f1d03d6e17d851283f9b10b2faeeca9b10e14 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
Date: Wed, 13 May 2020 15:34:19 -0400
|
||||
Subject: [PATCH] libsemanage: fsync final files before rename
|
||||
|
||||
Prior to rename(2)'ing the final selinux policy files into place,
|
||||
fsync(2) them to ensure the contents will be fully written prior to
|
||||
rename. While we are here, also fix checking of write(2) to detect
|
||||
short writes and treat them as an error. This code could be more
|
||||
generally improved but keeping to the minimal changes required to fix
|
||||
this bug.
|
||||
|
||||
Fixes: https://github.com/SELinuxProject/selinux/issues/237
|
||||
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||
|
||||
Source:
|
||||
https://github.com/SELinuxProject/selinux/commit/331a109f91ea46473fd858c2494f6eab1ef43f66
|
||||
---
|
||||
libsemanage/src/direct_api.c | 10 +++++-----
|
||||
libsemanage/src/semanage_store.c | 20 +++++++++++++++-----
|
||||
libsemanage/src/semanage_store.h | 4 +++-
|
||||
3 files changed, 23 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
||||
index 8e4d116d..abc3a4cb 100644
|
||||
--- a/libsemanage/src/direct_api.c
|
||||
+++ b/libsemanage/src/direct_api.c
|
||||
@@ -1188,7 +1188,7 @@ cleanup:
|
||||
* overwrite it. If source doesn't exist then return success.
|
||||
* Returns 0 on success, -1 on error. */
|
||||
static int copy_file_if_exists(const char *src, const char *dst, mode_t mode){
|
||||
- int rc = semanage_copy_file(src, dst, mode);
|
||||
+ int rc = semanage_copy_file(src, dst, mode, false);
|
||||
return (rc < 0 && errno != ENOENT) ? rc : 0;
|
||||
}
|
||||
|
||||
@@ -1481,7 +1481,7 @@ rebuild:
|
||||
retval = semanage_copy_file(path,
|
||||
semanage_path(SEMANAGE_TMP,
|
||||
SEMANAGE_STORE_SEUSERS),
|
||||
- 0);
|
||||
+ 0, false);
|
||||
if (retval < 0)
|
||||
goto cleanup;
|
||||
pseusers->dtable->drop_cache(pseusers->dbase);
|
||||
@@ -1499,7 +1499,7 @@ rebuild:
|
||||
retval = semanage_copy_file(path,
|
||||
semanage_path(SEMANAGE_TMP,
|
||||
SEMANAGE_USERS_EXTRA),
|
||||
- 0);
|
||||
+ 0, false);
|
||||
if (retval < 0)
|
||||
goto cleanup;
|
||||
pusers_extra->dtable->drop_cache(pusers_extra->dbase);
|
||||
@@ -1588,7 +1588,7 @@ rebuild:
|
||||
|
||||
retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
|
||||
semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL),
|
||||
- sh->conf->file_mode);
|
||||
+ sh->conf->file_mode, false);
|
||||
if (retval < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -1627,7 +1627,7 @@ rebuild:
|
||||
retval = semanage_copy_file(
|
||||
semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
|
||||
semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS),
|
||||
- sh->conf->file_mode);
|
||||
+ sh->conf->file_mode, false);
|
||||
if (retval < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
|
||||
index 58dded6e..733df8da 100644
|
||||
--- a/libsemanage/src/semanage_store.c
|
||||
+++ b/libsemanage/src/semanage_store.c
|
||||
@@ -707,7 +707,8 @@ static int semanage_filename_select(const struct dirent *d)
|
||||
|
||||
/* Copies a file from src to dst. If dst already exists then
|
||||
* overwrite it. Returns 0 on success, -1 on error. */
|
||||
-int semanage_copy_file(const char *src, const char *dst, mode_t mode)
|
||||
+int semanage_copy_file(const char *src, const char *dst, mode_t mode,
|
||||
+ bool syncrequired)
|
||||
{
|
||||
int in, out, retval = 0, amount_read, n, errsv = errno;
|
||||
char tmp[PATH_MAX];
|
||||
@@ -735,8 +736,11 @@ int semanage_copy_file(const char *src, const char *dst, mode_t mode)
|
||||
}
|
||||
umask(mask);
|
||||
while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
|
||||
- if (write(out, buf, amount_read) < 0) {
|
||||
- errsv = errno;
|
||||
+ if (write(out, buf, amount_read) != amount_read) {
|
||||
+ if (errno)
|
||||
+ errsv = errno;
|
||||
+ else
|
||||
+ errsv = EIO;
|
||||
retval = -1;
|
||||
}
|
||||
}
|
||||
@@ -745,6 +749,10 @@ int semanage_copy_file(const char *src, const char *dst, mode_t mode)
|
||||
retval = -1;
|
||||
}
|
||||
close(in);
|
||||
+ if (syncrequired && fsync(out) < 0) {
|
||||
+ errsv = errno;
|
||||
+ retval = -1;
|
||||
+ }
|
||||
if (close(out) < 0) {
|
||||
errsv = errno;
|
||||
retval = -1;
|
||||
@@ -811,7 +819,8 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
|
||||
umask(mask);
|
||||
} else if (S_ISREG(sb.st_mode) && flag == 1) {
|
||||
mask = umask(0077);
|
||||
- if (semanage_copy_file(path, path2, sb.st_mode) < 0) {
|
||||
+ if (semanage_copy_file(path, path2, sb.st_mode,
|
||||
+ false) < 0) {
|
||||
umask(mask);
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -1640,7 +1649,8 @@ static int semanage_install_final_tmp(semanage_handle_t * sh)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- ret = semanage_copy_file(src, dst, sh->conf->file_mode);
|
||||
+ ret = semanage_copy_file(src, dst, sh->conf->file_mode,
|
||||
+ true);
|
||||
if (ret < 0) {
|
||||
ERR(sh, "Could not copy %s to %s.", src, dst);
|
||||
goto cleanup;
|
||||
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
|
||||
index 34bf8523..b9ec5664 100644
|
||||
--- a/libsemanage/src/semanage_store.h
|
||||
+++ b/libsemanage/src/semanage_store.h
|
||||
@@ -24,6 +24,7 @@
|
||||
#ifndef SEMANAGE_MODULE_STORE_H
|
||||
#define SEMANAGE_MODULE_STORE_H
|
||||
|
||||
+#include <stdbool.h>
|
||||
#include <sys/time.h>
|
||||
#include <sepol/module.h>
|
||||
#include <sepol/cil/cil.h>
|
||||
@@ -162,6 +163,7 @@ int semanage_nc_sort(semanage_handle_t * sh,
|
||||
size_t buf_len,
|
||||
char **sorted_buf, size_t * sorted_buf_len);
|
||||
|
||||
-int semanage_copy_file(const char *src, const char *dst, mode_t mode);
|
||||
+int semanage_copy_file(const char *src, const char *dst, mode_t mode,
|
||||
+ bool syncrequired);
|
||||
|
||||
#endif
|
||||
--
|
||||
2.25.4
|
||||
|
@ -4,12 +4,13 @@
|
||||
Summary: SELinux binary policy manipulation library
|
||||
Name: libsemanage
|
||||
Version: 2.9
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: LGPLv2+
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libsemanage-2.9.tar.gz
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
|
||||
Patch0002: 0002-libsemanage-Add-support-for-DCCP-and-SCTP-protocols.patch
|
||||
Patch0003: 0003-libsemanage-fsync-final-files-before-rename.patch
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||
Source1: semanage.conf
|
||||
|
||||
@ -155,6 +156,9 @@ rm %{buildroot}%{_libexecdir}/selinux/semanage_migrate_store~
|
||||
%{_libexecdir}/selinux/semanage_migrate_store
|
||||
|
||||
%changelog
|
||||
* Mon Jun 29 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
|
||||
- Fsync final files before rename (#1838762)
|
||||
|
||||
* Wed Nov 06 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-2
|
||||
- Add support for DCCP and SCTP protocols (#1563742)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user