[libselinux] Fix tid handling for setfscreatecon, old patch still broken in libvirt

Daniel J Walsh dwalsh at fedoraproject.org
Tue Jan 22 22:23:34 UTC 2013 

commit 775a744b5d28f3f6811c34aae0e6ddf220c80728
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Tue Jan 22 17:23:19 2013 -0500

    Fix tid handling for setfscreatecon, old patch still broken in libvirt

 libselinux-rhat.patch |  128 +++++++++++++++++++++++++-----------------------
 libselinux.spec       |    7 ++-
 2 files changed, 72 insertions(+), 63 deletions(-)
---
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 5ce8486..99ee7fe 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -5865,10 +5865,15 @@ index ae21175..948aff1 100644
 +.BR getsebool (8),
 +.BR setsebool (8)
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index ac019df..613a4ed 100644
+index ac019df..c4f5d4c 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
-@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
+@@ -16,11 +16,11 @@ PYINC ?= $(shell pkg-config --cflags $(PYPREFIX))
+ PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+ RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
+ RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
+-RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
++RUBYINC ?= $(shell pkg-config --cflags ruby)
  RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
  LIBBASE=$(shell basename $(LIBDIR))
  
@@ -6695,7 +6700,7 @@ index 2d7369e..2a00807 100644
  }
  
 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..a2bcabb 100644
+index 83381e4..70355c1 100644
 --- a/libselinux/src/procattr.c
 +++ b/libselinux/src/procattr.c
 @@ -1,6 +1,7 @@
@@ -6706,16 +6711,17 @@ index 83381e4..a2bcabb 100644
  #include <string.h>
  #include <stdlib.h>
  #include <stdio.h>
-@@ -8,33 +9,106 @@
+@@ -8,33 +9,98 @@
  #include "selinux_internal.h"
  #include "policy.h"
  
-+static __thread pid_t tid = -1;
-+static __thread security_context_t prev_current = NULL;
-+static __thread security_context_t prev_exec = NULL;
-+static __thread security_context_t prev_fscreate = NULL;
-+static __thread security_context_t prev_keycreate = NULL;
-+static __thread security_context_t prev_sockcreate = NULL;
++static __thread pid_t cpid;
++static __thread pid_t tid;
++static __thread security_context_t prev_current;
++static __thread security_context_t prev_exec;
++static __thread security_context_t prev_fscreate;
++static __thread security_context_t prev_keycreate;
++static __thread security_context_t prev_sockcreate;
 +
 +static pthread_once_t once = PTHREAD_ONCE_INIT;
 +static pthread_key_t destructor_key;
@@ -6727,6 +6733,8 @@ index 83381e4..a2bcabb 100644
  	return syscall(__NR_gettid);
  }
  
+-static int getprocattrcon_raw(security_context_t * context,
+-			      pid_t pid, const char *attr)
 +static void procattr_thread_destructor(void __attribute__((unused)) *unused)
 +{
 +	free(prev_current);
@@ -6739,7 +6747,7 @@ index 83381e4..a2bcabb 100644
 +static void free_procattr(void)
 +{
 +	procattr_thread_destructor(NULL);
-+	tid = -1;
++	cpid = tid = 0;
 +	prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
 +}
 +
@@ -6768,66 +6776,61 @@ index 83381e4..a2bcabb 100644
 +}
 +
 +static int openattr(pid_t pid, const char *attr, int flags) 
-+{
-+	int firsttime = (pid == 0);
-+	int fd=-1, rc;
-+	char *path;
-+	do {
-+		if (pid > 0) {
-+			rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
-+		} else {
-+			if (tid == -1) {
-+				firsttime = 0;
-+				tid = gettid();
-+			}
-+			rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
-+		}
-+		if (rc < 0)
-+			return -1;
-+
-+		fd = open(path, flags);
-+		free(path); path=NULL;
-+		if (fd >= 0)
-+			break;
-+		tid = -1;
-+
-+	} while (firsttime);
-+
-+	return fd;
-+}
-+
- static int getprocattrcon_raw(security_context_t * context,
- 			      pid_t pid, const char *attr)
  {
 -	char *path, *buf;
-+	char *buf;
- 	size_t size;
--	int fd, rc;
-+	int fd;
- 	ssize_t ret;
+-	size_t size;
+ 	int fd, rc;
+-	ssize_t ret;
 -	pid_t tid;
- 	int errno_hold;
+-	int errno_hold;
++	char *path;
  
--	if (pid > 0)
--		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
--	else {
+ 	if (pid > 0)
+ 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ 	else {
 -		tid = gettid();
--		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
--	}
--	if (rc < 0)
--		return -1;
-+	__selinux_once(once, init_procattr);
-+	init_thread_destructor();
++		if (!tid)
++			tid = gettid();
+ 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ 	}
+ 	if (rc < 0)
+ 		return -1;
  
 -	fd = open(path, O_RDONLY);
--	free(path);
++	fd = open(path, flags);
+ 	free(path);
 -	if (fd < 0)
++	return fd;
++}
++
++static int getprocattrcon_raw(security_context_t * context,
++			      pid_t pid, const char *attr)
++{
++	char *buf;
++	size_t size;
++	int fd;
++	ssize_t ret;
++	int errno_hold;
++
++	__selinux_once(once, init_procattr);
++	init_thread_destructor();
++
 +	fd = openattr(pid, attr, O_RDONLY);
 +	if (fd < 0) 
  		return -1;
  
  	size = selinux_page_size;
-@@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context,
+@@ -77,6 +143,9 @@ static int getprocattrcon(security_context_t * context,
+ 	int ret;
+ 	security_context_t rcontext;
+ 
++	if (cpid != getpid())
++		free_procattr();
++
+ 	ret = getprocattrcon_raw(&rcontext, pid, attr);
+ 
+ 	if (!ret) {
+@@ -90,40 +159,69 @@ static int getprocattrcon(security_context_t * context,
  static int setprocattrcon_raw(security_context_t context,
  			      pid_t pid, const char *attr)
  {
@@ -6849,6 +6852,11 @@ index 83381e4..a2bcabb 100644
 -		return -1;
 +	__selinux_once(once, init_procattr);
 +	init_thread_destructor();
+ 
+-	fd = open(path, O_RDWR);
+-	free(path);
++	if (cpid != getpid())
++		free_procattr();
 +
 +	switch (attr[0]) {
 +		case 'c':
@@ -6874,9 +6882,7 @@ index 83381e4..a2bcabb 100644
 +		return 0;
 +	if (context && *prev_context && !strcmp(context, *prev_context))
 +		return 0;
- 
--	fd = open(path, O_RDWR);
--	free(path);
++
 +	fd = openattr(pid, attr, O_RDWR);
  	if (fd < 0)
  		return -1;
diff --git a/libselinux.spec b/libselinux.spec
index f949ccc..9153326 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -2,7 +2,7 @@
 %global with_python3 1
 %endif
 
-%define ruby_inc %(pkg-config --cflags ruby-1.9)
+%define ruby_inc %(pkg-config --cflags ruby)
 %define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
 %define libsepolver 2.1.8-6
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Tue Jan 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-16
+- Fix tid handling for setfscreatecon, old patch still broken in libvirt
+
 * Wed Jan 16 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-15
 - Fix tid handling for setfscreatecon, old patch still broken in libvirt

More information about the scm-commits mailing list