Fix tid handling for setfscreatecon, old patch still broken in libvirt
This commit is contained in:
Dan Walsh
parent
7a71cdb44d
commit
f0a059565a
@ -6695,7 +6695,7 @@ index 2d7369e..2a00807 100644
|
||||
}
|
||||
|
||||
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
|
||||
index 83381e4..08b75d4 100644
|
||||
index 83381e4..a2bcabb 100644
|
||||
--- a/libselinux/src/procattr.c
|
||||
+++ b/libselinux/src/procattr.c
|
||||
@@ -1,6 +1,7 @@
|
||||
@ -6706,7 +6706,7 @@ index 83381e4..08b75d4 100644
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
@@ -8,11 +9,63 @@
|
||||
@@ -8,33 +9,106 @@
|
||||
#include "selinux_internal.h"
|
||||
#include "policy.h"
|
||||
|
||||
@ -6766,38 +6766,87 @@ index 83381e4..08b75d4 100644
|
||||
+ destructor_key_initialized = 1;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int openattr(pid_t pid, const char *attr, int flags)
|
||||
+{
|
||||
+ int firsttime = (pid == 0);
|
||||
+ int fd=-1, rc;
|
||||
+ char *path;
|
||||
+ do {
|
||||
+ if (pid > 0) {
|
||||
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||
+ } else {
|
||||
+ if (tid == -1) {
|
||||
+ firsttime = 0;
|
||||
+ tid = gettid();
|
||||
+ }
|
||||
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||
+ }
|
||||
+ if (rc < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ fd = open(path, flags);
|
||||
+ free(path); path=NULL;
|
||||
+ if (fd >= 0)
|
||||
+ break;
|
||||
+ tid = -1;
|
||||
+
|
||||
+ } while (firsttime);
|
||||
+
|
||||
+ return fd;
|
||||
+}
|
||||
+
|
||||
static int getprocattrcon_raw(security_context_t * context,
|
||||
pid_t pid, const char *attr)
|
||||
{
|
||||
@@ -20,13 +73,16 @@ static int getprocattrcon_raw(security_context_t * context,
|
||||
- char *path, *buf;
|
||||
+ char *buf;
|
||||
size_t size;
|
||||
int fd, rc;
|
||||
- int fd, rc;
|
||||
+ int fd;
|
||||
ssize_t ret;
|
||||
- pid_t tid;
|
||||
int errno_hold;
|
||||
|
||||
- if (pid > 0)
|
||||
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||
- else {
|
||||
- tid = gettid();
|
||||
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||
- }
|
||||
- if (rc < 0)
|
||||
- return -1;
|
||||
+ __selinux_once(once, init_procattr);
|
||||
+ init_thread_destructor();
|
||||
+
|
||||
if (pid > 0)
|
||||
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||
else {
|
||||
- tid = gettid();
|
||||
+ if (tid == -1)
|
||||
+ tid = gettid();
|
||||
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||
}
|
||||
if (rc < 0)
|
||||
@@ -92,14 +148,44 @@ static int setprocattrcon_raw(security_context_t context,
|
||||
|
||||
- fd = open(path, O_RDONLY);
|
||||
- free(path);
|
||||
- if (fd < 0)
|
||||
+ fd = openattr(pid, attr, O_RDONLY);
|
||||
+ if (fd < 0)
|
||||
return -1;
|
||||
|
||||
size = selinux_page_size;
|
||||
@@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context,
|
||||
static int setprocattrcon_raw(security_context_t context,
|
||||
pid_t pid, const char *attr)
|
||||
{
|
||||
char *path;
|
||||
int fd, rc;
|
||||
- char *path;
|
||||
- int fd, rc;
|
||||
- pid_t tid;
|
||||
+ int fd;
|
||||
ssize_t ret;
|
||||
int errno_hold;
|
||||
+ security_context_t *prev_context;
|
||||
+
|
||||
|
||||
- if (pid > 0)
|
||||
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||
- else {
|
||||
- tid = gettid();
|
||||
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||
- }
|
||||
- if (rc < 0)
|
||||
- return -1;
|
||||
+ __selinux_once(once, init_procattr);
|
||||
+ init_thread_destructor();
|
||||
+
|
||||
@ -6826,18 +6875,9 @@ index 83381e4..08b75d4 100644
|
||||
+ if (context && *prev_context && !strcmp(context, *prev_context))
|
||||
+ return 0;
|
||||
|
||||
if (pid > 0)
|
||||
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
|
||||
else {
|
||||
- tid = gettid();
|
||||
+ if (tid == -1)
|
||||
+ tid = gettid();
|
||||
+
|
||||
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
|
||||
}
|
||||
if (rc < 0)
|
||||
@@ -109,21 +195,30 @@ static int setprocattrcon_raw(security_context_t context,
|
||||
free(path);
|
||||
- fd = open(path, O_RDWR);
|
||||
- free(path);
|
||||
+ fd = openattr(pid, attr, O_RDWR);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
- if (context)
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.1.12
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
Source: %{name}-%{version}.tgz
|
||||
@ -241,6 +241,9 @@ rm -rf %{buildroot}
|
||||
%{ruby_sitearch}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
|
||||
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
|
||||
|
||||
* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
|
||||
- setfscreatecon after fork was broken by the Set*con patch.
|
||||
- We needed to reset the thread variables after a fork.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user