[libselinux/f18] Make setfcontext_compile atomic
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Mar 6 19:02:49 UTC 2013
commit e66f3f5ba7a93e402dec0c7966e7f35f3c2eb67c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Mar 6 14:02:44 2013 -0500
Make setfcontext_compile atomic
libselinux-f19.patch | 231 +++++++++++++++++++++++++++++++++++++++++++++++---
libselinux.spec | 5 +-
2 files changed, 221 insertions(+), 15 deletions(-)
---
diff --git a/libselinux-f19.patch b/libselinux-f19.patch
index 1208c8d..7628143 100644
--- a/libselinux-f19.patch
+++ b/libselinux-f19.patch
@@ -1,6 +1,6 @@
diff -up libselinux-2.1.12/src/avc_internal.c.f19 libselinux-2.1.12/src/avc_internal.c
---- libselinux-2.1.12/src/avc_internal.c.f19 2013-01-28 11:25:30.569512383 -0500
-+++ libselinux-2.1.12/src/avc_internal.c 2013-01-28 11:25:54.773617273 -0500
+--- libselinux-2.1.12/src/avc_internal.c.f19 2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/avc_internal.c 2013-03-06 13:55:15.411795519 -0500
@@ -60,13 +60,12 @@ int avc_netlink_open(int blocking)
int len, rc = 0;
struct sockaddr_nl addr;
@@ -17,8 +17,8 @@ diff -up libselinux-2.1.12/src/avc_internal.c.f19 libselinux-2.1.12/src/avc_inte
close(fd);
fd = -1;
diff -up libselinux-2.1.12/src/fgetfilecon.c.f19 libselinux-2.1.12/src/fgetfilecon.c
---- libselinux-2.1.12/src/fgetfilecon.c.f19 2013-01-28 11:27:01.333897679 -0500
-+++ libselinux-2.1.12/src/fgetfilecon.c 2013-01-28 11:27:07.616923677 -0500
+--- libselinux-2.1.12/src/fgetfilecon.c.f19 2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/fgetfilecon.c 2013-03-06 13:55:15.412795523 -0500
@@ -39,7 +39,7 @@ int fgetfilecon_raw(int fd, security_con
out:
if (ret == 0) {
@@ -29,8 +29,8 @@ diff -up libselinux-2.1.12/src/fgetfilecon.c.f19 libselinux-2.1.12/src/fgetfilec
}
if (ret < 0)
diff -up libselinux-2.1.12/src/getfilecon.c.f19 libselinux-2.1.12/src/getfilecon.c
---- libselinux-2.1.12/src/getfilecon.c.f19 2013-01-28 11:26:28.091758897 -0500
-+++ libselinux-2.1.12/src/getfilecon.c 2013-01-28 11:26:38.652803230 -0500
+--- libselinux-2.1.12/src/getfilecon.c.f19 2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/getfilecon.c 2013-03-06 13:55:15.412795523 -0500
@@ -39,7 +39,7 @@ int getfilecon_raw(const char *path, sec
out:
if (ret == 0) {
@@ -41,8 +41,8 @@ diff -up libselinux-2.1.12/src/getfilecon.c.f19 libselinux-2.1.12/src/getfilecon
}
if (ret < 0)
diff -up libselinux-2.1.12/src/label_file.c.f19 libselinux-2.1.12/src/label_file.c
---- libselinux-2.1.12/src/label_file.c.f19 2013-01-28 11:21:12.946124274 -0500
-+++ libselinux-2.1.12/src/label_file.c 2013-01-28 11:21:30.776251054 -0500
+--- libselinux-2.1.12/src/label_file.c.f19 2013-03-06 13:55:15.394795448 -0500
++++ libselinux-2.1.12/src/label_file.c 2013-03-06 13:55:15.413795527 -0500
@@ -245,6 +245,7 @@ static int load_mmap(struct selabel_hand
char *addr;
size_t len;
@@ -192,8 +192,8 @@ diff -up libselinux-2.1.12/src/label_file.c.f19 libselinux-2.1.12/src/label_file
}
diff -up libselinux-2.1.12/src/label_file.h.f19 libselinux-2.1.12/src/label_file.h
---- libselinux-2.1.12/src/label_file.h.f19 2013-01-28 11:23:29.058943892 -0500
-+++ libselinux-2.1.12/src/label_file.h 2013-01-28 11:23:42.335010763 -0500
+--- libselinux-2.1.12/src/label_file.h.f19 2013-03-06 13:55:15.395795452 -0500
++++ libselinux-2.1.12/src/label_file.h 2013-03-06 13:55:15.414795531 -0500
@@ -33,6 +33,13 @@ struct stem {
char from_mmap;
};
@@ -217,8 +217,8 @@ diff -up libselinux-2.1.12/src/label_file.h.f19 libselinux-2.1.12/src/label_file
static inline pcre_extra *get_pcre_extra(struct spec *spec)
diff -up libselinux-2.1.12/src/lgetfilecon.c.f19 libselinux-2.1.12/src/lgetfilecon.c
---- libselinux-2.1.12/src/lgetfilecon.c.f19 2013-01-28 11:28:09.108175100 -0500
-+++ libselinux-2.1.12/src/lgetfilecon.c 2013-01-28 11:28:16.215203869 -0500
+--- libselinux-2.1.12/src/lgetfilecon.c.f19 2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/lgetfilecon.c 2013-03-06 13:55:15.415795536 -0500
@@ -39,7 +39,7 @@ int lgetfilecon_raw(const char *path, se
out:
if (ret == 0) {
@@ -229,8 +229,8 @@ diff -up libselinux-2.1.12/src/lgetfilecon.c.f19 libselinux-2.1.12/src/lgetfilec
}
if (ret < 0)
diff -up libselinux-2.1.12/src/mapping.c.f19 libselinux-2.1.12/src/mapping.c
---- libselinux-2.1.12/src/mapping.c.f19 2013-01-28 11:27:45.646079743 -0500
-+++ libselinux-2.1.12/src/mapping.c 2013-01-28 11:27:56.241122881 -0500
+--- libselinux-2.1.12/src/mapping.c.f19 2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/mapping.c 2013-03-06 13:55:15.415795536 -0500
@@ -66,7 +66,7 @@ selinux_set_mapping(struct security_clas
goto err2;
@@ -240,3 +240,206 @@ diff -up libselinux-2.1.12/src/mapping.c.f19 libselinux-2.1.12/src/mapping.c
/* An empty permission string skips ahead */
if (!*p_in->perms[k]) {
k++;
+diff -up libselinux-2.1.12/utils/sefcontext_compile.c.f19 libselinux-2.1.12/utils/sefcontext_compile.c
+--- libselinux-2.1.12/utils/sefcontext_compile.c.f19 2013-03-06 13:59:26.567841949 -0500
++++ libselinux-2.1.12/utils/sefcontext_compile.c 2013-03-06 13:59:42.161906692 -0500
+@@ -6,6 +6,7 @@
+ #include <string.h>
+
+ #include <linux/limits.h>
++#include <libgen.h>
+
+ #include "../src/label_file.h"
+
+@@ -153,6 +154,7 @@ static int write_binary_file(struct save
+ uint32_t magic = SELINUX_MAGIC_COMPILED_FCONTEXT;
+ uint32_t section_len;
+ uint32_t i;
++ int rc;
+
+ bin_file = fopen(filename, "w");
+ if (!bin_file) {
+@@ -163,19 +165,19 @@ static int write_binary_file(struct save
+ /* write some magic number */
+ len = fwrite(&magic, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* write the version */
+ section_len = SELINUX_COMPILED_FCONTEXT_MAX_VERS;
+ len = fwrite(§ion_len, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* write the number of stems coming */
+ section_len = data->num_stems;
+ len = fwrite(§ion_len, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ for (i = 0; i < section_len; i++) {
+ char *stem = data->stem_arr[i].buf;
+@@ -184,20 +186,20 @@ static int write_binary_file(struct save
+ /* write the strlen (aka no nul) */
+ len = fwrite(&stem_len, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* include the nul in the file */
+ stem_len += 1;
+ len = fwrite(stem, sizeof(char), stem_len, bin_file);
+ if (len != stem_len)
+- return -1;
++ goto err;
+ }
+
+ /* write the number of regexes coming */
+ section_len = data->nspec;
+ len = fwrite(§ion_len, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ for (i = 0; i < section_len; i++) {
+ char *context = specs[i].lr.ctx_raw;
+@@ -208,82 +210,85 @@ static int write_binary_file(struct save
+ pcre_extra *sd = get_pcre_extra(&specs[i]);
+ uint32_t to_write;
+ size_t size;
+- int rc;
+
+ /* length of the context string (including nul) */
+ to_write = strlen(context) + 1;
+ len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* original context strin (including nul) */
+ len = fwrite(context, sizeof(char), to_write, bin_file);
+ if (len != to_write)
+- return -1;
++ goto err;
+
+ /* length of the original regex string (including nul) */
+ to_write = strlen(regex_str) + 1;
+ len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* original regex string */
+ len = fwrite(regex_str, sizeof(char), to_write, bin_file);
+ if (len != to_write)
+- return -1;
++ goto err;
+
+ /* binary F_MODE bits */
+ len = fwrite(&mode, sizeof(mode), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* stem for this regex (could be -1) */
+ len = fwrite(&stem_id, sizeof(stem_id), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* does this spec have a metaChar? */
+ to_write = specs[i].hasMetaChars;
+ len = fwrite(&to_write, sizeof(to_write), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* determine the size of the pcre data in bytes */
+ rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+ if (rc < 0)
+- return -1;
++ goto err;
+
+ /* write the number of bytes in the pcre data */
+ to_write = size;
+ len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* write the actual pcre data as a char array */
+ len = fwrite(re, 1, to_write, bin_file);
+ if (len != to_write)
+- return -1;
++ goto err;
+
+ /* determine the size of the pcre study info */
+ rc = pcre_fullinfo(re, sd, PCRE_INFO_STUDYSIZE, &size);
+ if (rc < 0)
+- return -1;
++ goto err;
+
+ /* write the number of bytes in the pcre study data */
+ to_write = size;
+ len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ if (len != 1)
+- return -1;
++ goto err;
+
+ /* write the actual pcre study data as a char array */
+ len = fwrite(sd->study_data, 1, to_write, bin_file);
+ if (len != to_write)
+- return -1;
++ goto err;
+ }
+
++ rc = 0;
++out:
+ fclose(bin_file);
+-
+- return 0;
++ return rc;
++err:
++ rc = -1;
++ goto out;
+ }
+
+ static int free_specs(struct saved_data *data)
+@@ -317,7 +322,8 @@ int main(int argc, char *argv[])
+ const char *path;
+ char stack_path[PATH_MAX + 1];
+ int rc;
+-
++ char *tmp, *tmppath;
++
+ if (argc != 2) {
+ fprintf(stderr, "usage: %s input_file\n", argv[0]);
+ exit(EXIT_FAILURE);
+@@ -338,10 +344,21 @@ int main(int argc, char *argv[])
+ rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path);
+ if (rc < 0 || rc >= sizeof(stack_path))
+ return rc;
+- rc = write_binary_file(&data, stack_path);
+- if (rc < 0)
+- return rc;
+
++ tmppath = strdup(stack_path);
++ if (!tmppath)
++ return -1;
++ tmp = tempnam(dirname(tmppath), ".bin");
++ free(tmppath);
++ if (!tmp)
++ return -1;
++ rc = write_binary_file(&data, tmp);
++ if (rc < 0) {
++ free(tmp);
++ return rc;
++ }
++ rename(tmp, stack_path);
++ free(tmp);
+ rc = free_specs(&data);
+ if (rc < 0)
+ return rc;
diff --git a/libselinux.spec b/libselinux.spec
index f0a5ae2..227f641 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.1.12
-Release: 7.1%{?dist}
+Release: 7.2%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@@ -243,6 +243,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
+* Wed Mar 6 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-7.2
+- Make setfcontext_compile atomic
+
* Mon Jan 28 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-7.1
- Fix memory leak in label_file, which is effecting virt
- Clean up closeonexec calls
More information about the scm-commits
mailing list