[libselinux] Fix tid handling for setfscreatecon, old patch still broken in libvirt
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Jan 22 22:23:34 UTC 2013
commit 775a744b5d28f3f6811c34aae0e6ddf220c80728
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Jan 22 17:23:19 2013 -0500
Fix tid handling for setfscreatecon, old patch still broken in libvirt
libselinux-rhat.patch | 128 +++++++++++++++++++++++++-----------------------
libselinux.spec | 7 ++-
2 files changed, 72 insertions(+), 63 deletions(-)
---
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 5ce8486..99ee7fe 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -5865,10 +5865,15 @@ index ae21175..948aff1 100644
+.BR getsebool (8),
+.BR setsebool (8)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index ac019df..613a4ed 100644
+index ac019df..c4f5d4c 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
-@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
+@@ -16,11 +16,11 @@ PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
+ PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+ RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
+ RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
+-RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
++RUBYINC ?= $(shell pkg-config --cflags ruby)
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
LIBBASE=$(shell basename $(LIBDIR))
@@ -6695,7 +6700,7 @@ index 2d7369e..2a00807 100644
}
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..a2bcabb 100644
+index 83381e4..70355c1 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -1,6 +1,7 @@
@@ -6706,16 +6711,17 @@ index 83381e4..a2bcabb 100644
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
-@@ -8,33 +9,106 @@
+@@ -8,33 +9,98 @@
#include "selinux_internal.h"
#include "policy.h"
-+static __thread pid_t tid = -1;
-+static __thread security_context_t prev_current = NULL;
-+static __thread security_context_t prev_exec = NULL;
-+static __thread security_context_t prev_fscreate = NULL;
-+static __thread security_context_t prev_keycreate = NULL;
-+static __thread security_context_t prev_sockcreate = NULL;
++static __thread pid_t cpid;
++static __thread pid_t tid;
++static __thread security_context_t prev_current;
++static __thread security_context_t prev_exec;
++static __thread security_context_t prev_fscreate;
++static __thread security_context_t prev_keycreate;
++static __thread security_context_t prev_sockcreate;
+
+static pthread_once_t once = PTHREAD_ONCE_INIT;
+static pthread_key_t destructor_key;
@@ -6727,6 +6733,8 @@ index 83381e4..a2bcabb 100644
return syscall(__NR_gettid);
}
+-static int getprocattrcon_raw(security_context_t * context,
+- pid_t pid, const char *attr)
+static void procattr_thread_destructor(void __attribute__((unused)) *unused)
+{
+ free(prev_current);
@@ -6739,7 +6747,7 @@ index 83381e4..a2bcabb 100644
+static void free_procattr(void)
+{
+ procattr_thread_destructor(NULL);
-+ tid = -1;
++ cpid = tid = 0;
+ prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
+}
+
@@ -6768,66 +6776,61 @@ index 83381e4..a2bcabb 100644
+}
+
+static int openattr(pid_t pid, const char *attr, int flags)
-+{
-+ int firsttime = (pid == 0);
-+ int fd=-1, rc;
-+ char *path;
-+ do {
-+ if (pid > 0) {
-+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
-+ } else {
-+ if (tid == -1) {
-+ firsttime = 0;
-+ tid = gettid();
-+ }
-+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
-+ }
-+ if (rc < 0)
-+ return -1;
-+
-+ fd = open(path, flags);
-+ free(path); path=NULL;
-+ if (fd >= 0)
-+ break;
-+ tid = -1;
-+
-+ } while (firsttime);
-+
-+ return fd;
-+}
-+
- static int getprocattrcon_raw(security_context_t * context,
- pid_t pid, const char *attr)
{
- char *path, *buf;
-+ char *buf;
- size_t size;
-- int fd, rc;
-+ int fd;
- ssize_t ret;
+- size_t size;
+ int fd, rc;
+- ssize_t ret;
- pid_t tid;
- int errno_hold;
+- int errno_hold;
++ char *path;
-- if (pid > 0)
-- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
-- else {
+ if (pid > 0)
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ else {
- tid = gettid();
-- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
-- }
-- if (rc < 0)
-- return -1;
-+ __selinux_once(once, init_procattr);
-+ init_thread_destructor();
++ if (!tid)
++ tid = gettid();
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ }
+ if (rc < 0)
+ return -1;
- fd = open(path, O_RDONLY);
-- free(path);
++ fd = open(path, flags);
+ free(path);
- if (fd < 0)
++ return fd;
++}
++
++static int getprocattrcon_raw(security_context_t * context,
++ pid_t pid, const char *attr)
++{
++ char *buf;
++ size_t size;
++ int fd;
++ ssize_t ret;
++ int errno_hold;
++
++ __selinux_once(once, init_procattr);
++ init_thread_destructor();
++
+ fd = openattr(pid, attr, O_RDONLY);
+ if (fd < 0)
return -1;
size = selinux_page_size;
-@@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context,
+@@ -77,6 +143,9 @@ static int getprocattrcon(security_context_t * context,
+ int ret;
+ security_context_t rcontext;
+
++ if (cpid != getpid())
++ free_procattr();
++
+ ret = getprocattrcon_raw(&rcontext, pid, attr);
+
+ if (!ret) {
+@@ -90,40 +159,69 @@ static int getprocattrcon(security_context_t * context,
static int setprocattrcon_raw(security_context_t context,
pid_t pid, const char *attr)
{
@@ -6849,6 +6852,11 @@ index 83381e4..a2bcabb 100644
- return -1;
+ __selinux_once(once, init_procattr);
+ init_thread_destructor();
+
+- fd = open(path, O_RDWR);
+- free(path);
++ if (cpid != getpid())
++ free_procattr();
+
+ switch (attr[0]) {
+ case 'c':
@@ -6874,9 +6882,7 @@ index 83381e4..a2bcabb 100644
+ return 0;
+ if (context && *prev_context && !strcmp(context, *prev_context))
+ return 0;
-
-- fd = open(path, O_RDWR);
-- free(path);
++
+ fd = openattr(pid, attr, O_RDWR);
if (fd < 0)
return -1;
diff --git a/libselinux.spec b/libselinux.spec
index f949ccc..9153326 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -2,7 +2,7 @@
%global with_python3 1
%endif
-%define ruby_inc %(pkg-config --cflags ruby-1.9)
+%define ruby_inc %(pkg-config --cflags ruby)
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
%define libsepolver 2.1.8-6
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
@@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.1.12
-Release: 15%{?dist}
+Release: 16%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
+* Tue Jan 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-16
+- Fix tid handling for setfscreatecon, old patch still broken in libvirt
+
* Wed Jan 16 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-15
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
More information about the scm-commits
mailing list