[libselinux] Roll back procattr speedups since it seems to be screwing up systemd labeling.
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Jan 23 11:40:11 UTC 2013
commit f297425de0fa687271ab7b7109912759a4a9d5bf
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jan 23 06:39:46 2013 -0500
Roll back procattr speedups since it seems to be screwing up systemd labeling.
libselinux-rhat.patch | 218 -------------------------------------------------
libselinux.spec | 5 +-
2 files changed, 4 insertions(+), 219 deletions(-)
---
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 99ee7fe..074a7f1 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -6699,224 +6699,6 @@ index 2d7369e..2a00807 100644
va_end(ap);
}
-diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..70355c1 100644
---- a/libselinux/src/procattr.c
-+++ b/libselinux/src/procattr.c
-@@ -1,6 +1,7 @@
- #include <sys/syscall.h>
- #include <unistd.h>
- #include <fcntl.h>
-+#include <pthread.h>
- #include <string.h>
- #include <stdlib.h>
- #include <stdio.h>
-@@ -8,33 +9,98 @@
- #include "selinux_internal.h"
- #include "policy.h"
-
-+static __thread pid_t cpid;
-+static __thread pid_t tid;
-+static __thread security_context_t prev_current;
-+static __thread security_context_t prev_exec;
-+static __thread security_context_t prev_fscreate;
-+static __thread security_context_t prev_keycreate;
-+static __thread security_context_t prev_sockcreate;
-+
-+static pthread_once_t once = PTHREAD_ONCE_INIT;
-+static pthread_key_t destructor_key;
-+static int destructor_key_initialized = 0;
-+static __thread char destructor_initialized;
-+
- static pid_t gettid(void)
- {
- return syscall(__NR_gettid);
- }
-
--static int getprocattrcon_raw(security_context_t * context,
-- pid_t pid, const char *attr)
-+static void procattr_thread_destructor(void __attribute__((unused)) *unused)
-+{
-+ free(prev_current);
-+ free(prev_exec);
-+ free(prev_fscreate);
-+ free(prev_keycreate);
-+ free(prev_sockcreate);
-+}
-+
-+static void free_procattr(void)
-+{
-+ procattr_thread_destructor(NULL);
-+ cpid = tid = 0;
-+ prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
-+}
-+
-+void __attribute__((destructor)) procattr_destructor(void);
-+
-+void hidden __attribute__((destructor)) procattr_destructor(void)
-+{
-+ if (destructor_key_initialized)
-+ __selinux_key_delete(destructor_key);
-+}
-+
-+static inline void init_thread_destructor(void)
-+{
-+ if (destructor_initialized == 0) {
-+ __selinux_setspecific(destructor_key, (void *)1);
-+ destructor_initialized = 1;
-+ }
-+}
-+
-+static void init_procattr(void)
-+{
-+ if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
-+ pthread_atfork(NULL, NULL, free_procattr);
-+ destructor_key_initialized = 1;
-+ }
-+}
-+
-+static int openattr(pid_t pid, const char *attr, int flags)
- {
-- char *path, *buf;
-- size_t size;
- int fd, rc;
-- ssize_t ret;
-- pid_t tid;
-- int errno_hold;
-+ char *path;
-
- if (pid > 0)
- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- else {
-- tid = gettid();
-+ if (!tid)
-+ tid = gettid();
- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
- }
- if (rc < 0)
- return -1;
-
-- fd = open(path, O_RDONLY);
-+ fd = open(path, flags);
- free(path);
-- if (fd < 0)
-+ return fd;
-+}
-+
-+static int getprocattrcon_raw(security_context_t * context,
-+ pid_t pid, const char *attr)
-+{
-+ char *buf;
-+ size_t size;
-+ int fd;
-+ ssize_t ret;
-+ int errno_hold;
-+
-+ __selinux_once(once, init_procattr);
-+ init_thread_destructor();
-+
-+ fd = openattr(pid, attr, O_RDONLY);
-+ if (fd < 0)
- return -1;
-
- size = selinux_page_size;
-@@ -77,6 +143,9 @@ static int getprocattrcon(security_context_t * context,
- int ret;
- security_context_t rcontext;
-
-+ if (cpid != getpid())
-+ free_procattr();
-+
- ret = getprocattrcon_raw(&rcontext, pid, attr);
-
- if (!ret) {
-@@ -90,40 +159,69 @@ static int getprocattrcon(security_context_t * context,
- static int setprocattrcon_raw(security_context_t context,
- pid_t pid, const char *attr)
- {
-- char *path;
-- int fd, rc;
-- pid_t tid;
-+ int fd;
- ssize_t ret;
- int errno_hold;
-+ security_context_t *prev_context;
-
-- if (pid > 0)
-- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
-- else {
-- tid = gettid();
-- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
-- }
-- if (rc < 0)
-- return -1;
-+ __selinux_once(once, init_procattr);
-+ init_thread_destructor();
-
-- fd = open(path, O_RDWR);
-- free(path);
-+ if (cpid != getpid())
-+ free_procattr();
-+
-+ switch (attr[0]) {
-+ case 'c':
-+ prev_context = &prev_current;
-+ break;
-+ case 'e':
-+ prev_context = &prev_exec;
-+ break;
-+ case 'f':
-+ prev_context = &prev_fscreate;
-+ break;
-+ case 'k':
-+ prev_context = &prev_keycreate;
-+ break;
-+ case 's':
-+ prev_context = &prev_sockcreate;
-+ break;
-+ default:
-+ return -1;
-+ };
-+
-+ if (!context && !*prev_context)
-+ return 0;
-+ if (context && *prev_context && !strcmp(context, *prev_context))
-+ return 0;
-+
-+ fd = openattr(pid, attr, O_RDWR);
- if (fd < 0)
- return -1;
-- if (context)
-+ if (context) {
-+ ret = -1;
-+ context = strdup(context);
-+ if (!context)
-+ goto out;
- do {
- ret = write(fd, context, strlen(context) + 1);
- } while (ret < 0 && errno == EINTR);
-- else
-+ } else {
- do {
- ret = write(fd, NULL, 0); /* clear */
- } while (ret < 0 && errno == EINTR);
-+ }
-+out:
- errno_hold = errno;
- close(fd);
- errno = errno_hold;
-- if (ret < 0)
-+ if (ret < 0) {
-+ free(context);
- return -1;
-- else
-+ } else {
-+ *prev_context = context;
- return 0;
-+ }
- }
-
- static int setprocattrcon(const security_context_t context,
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
index 296f357..cb65666 100644
--- a/libselinux/src/selinux_config.c
diff --git a/libselinux.spec b/libselinux.spec
index 9153326..8b8b430 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.1.12
-Release: 16%{?dist}
+Release: 17%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
+* Wed Jan 23 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-17
+- Roll back procattr speedups since it seems to be screwing up systemd labeling.
+
* Tue Jan 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-16
- Fix tid handling for setfscreatecon, old patch still broken in libvirt
More information about the scm-commits
mailing list