[libselinux] Fix tid handling for setfscreatecon, old patch still broken in libvirt

Fri Jan 18 16:02:06 UTC 2013

commit f0a059565ac49592022a7832137a347eca2ee2bd
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Jan 18 10:01:45 2013 -0600

    Fix tid handling for setfscreatecon, old patch still broken in libvirt

 libselinux-rhat.patch |  100 ++++++++++++++++++++++++++++++++++---------------
 libselinux.spec       |    5 ++-
 2 files changed, 74 insertions(+), 31 deletions(-)
---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 1d2af3f..5ce8486 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -6695,7 +6695,7 @@ index 2d7369e..2a00807 100644
  }
  
 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..08b75d4 100644
+index 83381e4..a2bcabb 100644
 --- a/libselinux/src/procattr.c
 +++ b/libselinux/src/procattr.c
 @@ -1,6 +1,7 @@
@@ -6706,7 +6706,7 @@ index 83381e4..08b75d4 100644
  #include <string.h>
  #include <stdlib.h>
  #include <stdio.h>
-@@ -8,11 +9,63 @@
+@@ -8,33 +9,106 @@
  #include "selinux_internal.h"
  #include "policy.h"
  
@@ -6767,37 +6767,86 @@ index 83381e4..08b75d4 100644
 +	}
 +}
 +
++static int openattr(pid_t pid, const char *attr, int flags) 
++{
++	int firsttime = (pid == 0);
++	int fd=-1, rc;
++	char *path;
++	do {
++		if (pid > 0) {
++			rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
++		} else {
++			if (tid == -1) {
++				firsttime = 0;
++				tid = gettid();
++			}
++			rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
++		}
++		if (rc < 0)
++			return -1;
++
++		fd = open(path, flags);
++		free(path); path=NULL;
++		if (fd >= 0)
++			break;
++		tid = -1;
++
++	} while (firsttime);
++
++	return fd;
++}
++
  static int getprocattrcon_raw(security_context_t * context,
  			      pid_t pid, const char *attr)
  {
-@@ -20,13 +73,16 @@ static int getprocattrcon_raw(security_context_t * context,
+-	char *path, *buf;
++	char *buf;
  	size_t size;
- 	int fd, rc;
+-	int fd, rc;
++	int fd;
  	ssize_t ret;
 -	pid_t tid;
  	int errno_hold;
  
+-	if (pid > 0)
+-		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+-	else {
+-		tid = gettid();
+-		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+-	}
+-	if (rc < 0)
+-		return -1;
 +	__selinux_once(once, init_procattr);
 +	init_thread_destructor();
-+
- 	if (pid > 0)
- 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- 	else {
--		tid = gettid();
-+		if (tid == -1)
-+			tid = gettid();
- 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- 	}
- 	if (rc < 0)
-@@ -92,14 +148,44 @@ static int setprocattrcon_raw(security_context_t context,
+ 
+-	fd = open(path, O_RDONLY);
+-	free(path);
+-	if (fd < 0)
++	fd = openattr(pid, attr, O_RDONLY);
++	if (fd < 0) 
+ 		return -1;
+ 
+ 	size = selinux_page_size;
+@@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context,
+ static int setprocattrcon_raw(security_context_t context,
+ 			      pid_t pid, const char *attr)
  {
- 	char *path;
- 	int fd, rc;
+-	char *path;
+-	int fd, rc;
 -	pid_t tid;
++	int fd;
  	ssize_t ret;
  	int errno_hold;
 +	security_context_t *prev_context;
-+
+ 
+-	if (pid > 0)
+-		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+-	else {
+-		tid = gettid();
+-		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+-	}
+-	if (rc < 0)
+-		return -1;
 +	__selinux_once(once, init_procattr);
 +	init_thread_destructor();
 +
@@ -6826,18 +6875,9 @@ index 83381e4..08b75d4 100644
 +	if (context && *prev_context && !strcmp(context, *prev_context))
 +		return 0;
  
- 	if (pid > 0)
- 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- 	else {
--		tid = gettid();
-+		if (tid == -1)
-+			tid = gettid();
-+
- 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- 	}
- 	if (rc < 0)
-@@ -109,21 +195,30 @@ static int setprocattrcon_raw(security_context_t context,
- 	free(path);
+-	fd = open(path, O_RDWR);
+-	free(path);
++	fd = openattr(pid, attr, O_RDWR);
  	if (fd < 0)
  		return -1;
 -	if (context)
diff --git a/libselinux.spec b/libselinux.spec
index 06c521b..f949ccc 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 14%{?dist}
+Release: 15%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Wed Jan 16 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-15
+- Fix tid handling for setfscreatecon, old patch still broken in libvirt
+
 * Mon Jan 14 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-14
 - setfscreatecon after fork was broken by the Set*con patch.
 - We needed to reset the thread variables after a fork.
