[libselinux] Roll back procattr speedups since it seems to be screwing up systemd labeling.

Daniel J Walsh dwalsh at fedoraproject.org
Wed Jan 23 11:40:11 UTC 2013 

commit f297425de0fa687271ab7b7109912759a4a9d5bf
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed Jan 23 06:39:46 2013 -0500

    Roll back procattr speedups since it seems to be screwing up systemd labeling.

 libselinux-rhat.patch |  218 -------------------------------------------------
 libselinux.spec       |    5 +-
 2 files changed, 4 insertions(+), 219 deletions(-)
---
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 99ee7fe..074a7f1 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -6699,224 +6699,6 @@ index 2d7369e..2a00807 100644
  	va_end(ap);
  }
  
-diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..70355c1 100644
---- a/libselinux/src/procattr.c
-+++ b/libselinux/src/procattr.c
-@@ -1,6 +1,7 @@
- #include <sys/syscall.h>
- #include <unistd.h>
- #include <fcntl.h>
-+#include <pthread.h>
- #include <string.h>
- #include <stdlib.h>
- #include <stdio.h>
-@@ -8,33 +9,98 @@
- #include "selinux_internal.h"
- #include "policy.h"
- 
-+static __thread pid_t cpid;
-+static __thread pid_t tid;
-+static __thread security_context_t prev_current;
-+static __thread security_context_t prev_exec;
-+static __thread security_context_t prev_fscreate;
-+static __thread security_context_t prev_keycreate;
-+static __thread security_context_t prev_sockcreate;
-+
-+static pthread_once_t once = PTHREAD_ONCE_INIT;
-+static pthread_key_t destructor_key;
-+static int destructor_key_initialized = 0;
-+static __thread char destructor_initialized;
-+
- static pid_t gettid(void)
- {
- 	return syscall(__NR_gettid);
- }
- 
--static int getprocattrcon_raw(security_context_t * context,
--			      pid_t pid, const char *attr)
-+static void procattr_thread_destructor(void __attribute__((unused)) *unused)
-+{
-+	free(prev_current);
-+	free(prev_exec);
-+	free(prev_fscreate);
-+	free(prev_keycreate);
-+	free(prev_sockcreate);
-+}
-+
-+static void free_procattr(void)
-+{
-+	procattr_thread_destructor(NULL);
-+	cpid = tid = 0;
-+	prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
-+}
-+
-+void __attribute__((destructor)) procattr_destructor(void);
-+
-+void hidden __attribute__((destructor)) procattr_destructor(void)
-+{
-+	if (destructor_key_initialized)
-+		__selinux_key_delete(destructor_key);
-+}
-+
-+static inline void init_thread_destructor(void)
-+{
-+	if (destructor_initialized == 0) {
-+		__selinux_setspecific(destructor_key, (void *)1);
-+		destructor_initialized = 1;
-+	}
-+}
-+
-+static void init_procattr(void)
-+{
-+	if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
-+		pthread_atfork(NULL, NULL, free_procattr);
-+		destructor_key_initialized = 1;
-+	}
-+}
-+
-+static int openattr(pid_t pid, const char *attr, int flags) 
- {
--	char *path, *buf;
--	size_t size;
- 	int fd, rc;
--	ssize_t ret;
--	pid_t tid;
--	int errno_hold;
-+	char *path;
- 
- 	if (pid > 0)
- 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- 	else {
--		tid = gettid();
-+		if (!tid)
-+			tid = gettid();
- 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- 	}
- 	if (rc < 0)
- 		return -1;
- 
--	fd = open(path, O_RDONLY);
-+	fd = open(path, flags);
- 	free(path);
--	if (fd < 0)
-+	return fd;
-+}
-+
-+static int getprocattrcon_raw(security_context_t * context,
-+			      pid_t pid, const char *attr)
-+{
-+	char *buf;
-+	size_t size;
-+	int fd;
-+	ssize_t ret;
-+	int errno_hold;
-+
-+	__selinux_once(once, init_procattr);
-+	init_thread_destructor();
-+
-+	fd = openattr(pid, attr, O_RDONLY);
-+	if (fd < 0) 
- 		return -1;
- 
- 	size = selinux_page_size;
-@@ -77,6 +143,9 @@ static int getprocattrcon(security_context_t * context,
- 	int ret;
- 	security_context_t rcontext;
- 
-+	if (cpid != getpid())
-+		free_procattr();
-+
- 	ret = getprocattrcon_raw(&rcontext, pid, attr);
- 
- 	if (!ret) {
-@@ -90,40 +159,69 @@ static int getprocattrcon(security_context_t * context,
- static int setprocattrcon_raw(security_context_t context,
- 			      pid_t pid, const char *attr)
- {
--	char *path;
--	int fd, rc;
--	pid_t tid;
-+	int fd;
- 	ssize_t ret;
- 	int errno_hold;
-+	security_context_t *prev_context;
- 
--	if (pid > 0)
--		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
--	else {
--		tid = gettid();
--		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
--	}
--	if (rc < 0)
--		return -1;
-+	__selinux_once(once, init_procattr);
-+	init_thread_destructor();
- 
--	fd = open(path, O_RDWR);
--	free(path);
-+	if (cpid != getpid())
-+		free_procattr();
-+
-+	switch (attr[0]) {
-+		case 'c':
-+			prev_context = &prev_current;
-+			break;
-+		case 'e':
-+			prev_context = &prev_exec;
-+			break;
-+		case 'f':
-+			prev_context = &prev_fscreate;
-+			break;
-+		case 'k':
-+			prev_context = &prev_keycreate;
-+			break;
-+		case 's':
-+			prev_context = &prev_sockcreate;
-+			break;
-+		default:
-+			return -1;
-+	};
-+
-+	if (!context && !*prev_context)
-+		return 0;
-+	if (context && *prev_context && !strcmp(context, *prev_context))
-+		return 0;
-+
-+	fd = openattr(pid, attr, O_RDWR);
- 	if (fd < 0)
- 		return -1;
--	if (context)
-+	if (context) {
-+		ret = -1;
-+		context = strdup(context);
-+		if (!context)
-+			goto out;
- 		do {
- 			ret = write(fd, context, strlen(context) + 1);
- 		} while (ret < 0 && errno == EINTR);
--	else
-+	} else {
- 		do {
- 			ret = write(fd, NULL, 0);	/* clear */
- 		} while (ret < 0 && errno == EINTR);
-+	}
-+out:
- 	errno_hold = errno;
- 	close(fd);
- 	errno = errno_hold;
--	if (ret < 0)
-+	if (ret < 0) {
-+		free(context);
- 		return -1;
--	else
-+	} else {
-+		*prev_context = context;
- 		return 0;
-+	}
- }
- 
- static int setprocattrcon(const security_context_t context,
 diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
 index 296f357..cb65666 100644
 --- a/libselinux/src/selinux_config.c
diff --git a/libselinux.spec b/libselinux.spec
index 9153326..8b8b430 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Wed Jan 23 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-17
+- Roll back procattr speedups since it seems to be screwing up systemd labeling.
+
 * Tue Jan 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-16
 - Fix tid handling for setfscreatecon, old patch still broken in libvirt

More information about the scm-commits mailing list