libselinux-2.4-3

- Simplify procattr cache (#1257157,#1232371)
This commit is contained in:
Petr Lautrbach 2015-09-02 14:25:07 +02:00
parent b7e1bdd317
commit 8db7ce6b64
2 changed files with 108 additions and 1 deletions

View File

@ -1128,6 +1128,110 @@ index 3b96b1d..3868711 100644
path, lineno, *ctx);
} else {
COMPAT_LOG(SELINUX_WARNING,
diff --git libselinux-2.4/src/procattr.c libselinux-2.4/src/procattr.c
index f990350..527a0a5 100644
--- libselinux-2.4/src/procattr.c
+++ libselinux-2.4/src/procattr.c
@@ -11,8 +11,6 @@
#define UNSET (char *) -1
-static __thread pid_t cpid;
-static __thread pid_t tid;
static __thread char *prev_current = UNSET;
static __thread char * prev_exec = UNSET;
static __thread char * prev_fscreate = UNSET;
@@ -24,15 +22,6 @@ static pthread_key_t destructor_key;
static int destructor_key_initialized = 0;
static __thread char destructor_initialized;
-extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden")));
-extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
-
-static int __selinux_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
-{
- return __register_atfork (prepare, parent, child,
- &__dso_handle == NULL ? NULL : __dso_handle);
-}
-
static pid_t gettid(void)
{
return syscall(__NR_gettid);
@@ -52,14 +41,6 @@ static void procattr_thread_destructor(void __attribute__((unused)) *unused)
free(prev_sockcreate);
}
-static void free_procattr(void)
-{
- procattr_thread_destructor(NULL);
- tid = 0;
- cpid = getpid();
- prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = UNSET;
-}
-
void __attribute__((destructor)) procattr_destructor(void);
void hidden __attribute__((destructor)) procattr_destructor(void)
@@ -79,7 +60,6 @@ static inline void init_thread_destructor(void)
static void init_procattr(void)
{
if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
- __selinux_atfork(NULL, NULL, free_procattr);
destructor_key_initialized = 1;
}
}
@@ -88,21 +68,26 @@ static int openattr(pid_t pid, const char *attr, int flags)
{
int fd, rc;
char *path;
-
- if (cpid != getpid())
- free_procattr();
+ pid_t tid;
if (pid > 0)
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
else {
- if (!tid)
- tid = gettid();
+ rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
+ if (rc < 0)
+ return -1;
+ fd = open(path, flags | O_CLOEXEC);
+ if (fd >= 0 || errno != ENOENT)
+ goto out;
+ free(path);
+ tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
}
if (rc < 0)
return -1;
fd = open(path, flags | O_CLOEXEC);
+out:
free(path);
return fd;
}
@@ -120,9 +105,6 @@ static int getprocattrcon_raw(char ** context,
__selinux_once(once, init_procattr);
init_thread_destructor();
- if (cpid != getpid())
- free_procattr();
-
switch (attr[0]) {
case 'c':
prev_context = prev_current;
@@ -220,9 +202,6 @@ static int setprocattrcon_raw(const char * context,
__selinux_once(once, init_procattr);
init_thread_destructor();
- if (cpid != getpid())
- free_procattr();
-
switch (attr[0]) {
case 'c':
prev_context = &prev_current;
diff --git libselinux-2.4/src/selinux_config.c libselinux-2.4/src/selinux_config.c
index 30e9dc7..bec5f3b 100644
--- libselinux-2.4/src/selinux_config.c

View File

@ -9,7 +9,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.4
Release: 2%{?dist}
Release: 3%{?dist}
License: Public Domain
Group: System Environment/Libraries
# https://github.com/SELinuxProject/selinux/wiki/Releases
@ -247,6 +247,9 @@ rm -rf %{buildroot}
%{ruby_vendorarchdir}/selinux.so
%changelog
* Wed Sep 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-3
- Simplify procattr cache (#1257157,#1232371)
* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-2
- Export ldflags into the build so hardening works