From a63f93d83b57f1a10712c5fcd29be246e8eff20d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 25 Aug 2020 17:32:05 +0200 Subject: [PATCH] libselinux: initialize last_policyload in selinux_status_open() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If not initialized to the current policyload count, an enforcing change will trigger policyload-callbacks in selinux_status_updated(). Signed-off-by: Christian Göttsche Acked-by: Stephen Smalley --- libselinux/src/sestatus.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c index ca2d3bbf9cb2..9ff2785d876a 100644 --- a/libselinux/src/sestatus.c +++ b/libselinux/src/sestatus.c @@ -278,9 +278,10 @@ static int fallback_cb_policyload(int policyload) */ int selinux_status_open(int fallback) { - int fd; - char path[PATH_MAX]; - long pagesize; + int fd; + char path[PATH_MAX]; + long pagesize; + uint32_t seqno; if (!selinux_mnt) { errno = ENOENT; @@ -304,6 +305,14 @@ int selinux_status_open(int fallback) selinux_status_fd = fd; last_seqno = (uint32_t)(-1); + /* sequence must not be changed during references */ + do { + seqno = read_sequence(selinux_status); + + last_policyload = selinux_status->policyload; + + } while (seqno != read_sequence(selinux_status)); + /* No need to use avc threads if the kernel status page is available */ avc_using_threads = 0; -- 2.29.0