[libselinux/f18] Make setfcontext_compile atomic

Daniel J Walsh dwalsh at fedoraproject.org
Wed Mar 6 19:02:49 UTC 2013 

commit e66f3f5ba7a93e402dec0c7966e7f35f3c2eb67c
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed Mar 6 14:02:44 2013 -0500

    Make setfcontext_compile atomic

 libselinux-f19.patch |  231 +++++++++++++++++++++++++++++++++++++++++++++++---
 libselinux.spec      |    5 +-
 2 files changed, 221 insertions(+), 15 deletions(-)
---
diff --git a/libselinux-f19.patch b/libselinux-f19.patch
index 1208c8d..7628143 100644
--- a/libselinux-f19.patch
+++ b/libselinux-f19.patch
@@ -1,6 +1,6 @@
 diff -up libselinux-2.1.12/src/avc_internal.c.f19 libselinux-2.1.12/src/avc_internal.c
---- libselinux-2.1.12/src/avc_internal.c.f19	2013-01-28 11:25:30.569512383 -0500
-+++ libselinux-2.1.12/src/avc_internal.c	2013-01-28 11:25:54.773617273 -0500
+--- libselinux-2.1.12/src/avc_internal.c.f19	2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/avc_internal.c	2013-03-06 13:55:15.411795519 -0500
 @@ -60,13 +60,12 @@ int avc_netlink_open(int blocking)
  	int len, rc = 0;
  	struct sockaddr_nl addr;
@@ -17,8 +17,8 @@ diff -up libselinux-2.1.12/src/avc_internal.c.f19 libselinux-2.1.12/src/avc_inte
  		close(fd);
  		fd = -1;
 diff -up libselinux-2.1.12/src/fgetfilecon.c.f19 libselinux-2.1.12/src/fgetfilecon.c
---- libselinux-2.1.12/src/fgetfilecon.c.f19	2013-01-28 11:27:01.333897679 -0500
-+++ libselinux-2.1.12/src/fgetfilecon.c	2013-01-28 11:27:07.616923677 -0500
+--- libselinux-2.1.12/src/fgetfilecon.c.f19	2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/fgetfilecon.c	2013-03-06 13:55:15.412795523 -0500
 @@ -39,7 +39,7 @@ int fgetfilecon_raw(int fd, security_con
        out:
  	if (ret == 0) {
@@ -29,8 +29,8 @@ diff -up libselinux-2.1.12/src/fgetfilecon.c.f19 libselinux-2.1.12/src/fgetfilec
  	}
  	if (ret < 0)
 diff -up libselinux-2.1.12/src/getfilecon.c.f19 libselinux-2.1.12/src/getfilecon.c
---- libselinux-2.1.12/src/getfilecon.c.f19	2013-01-28 11:26:28.091758897 -0500
-+++ libselinux-2.1.12/src/getfilecon.c	2013-01-28 11:26:38.652803230 -0500
+--- libselinux-2.1.12/src/getfilecon.c.f19	2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/getfilecon.c	2013-03-06 13:55:15.412795523 -0500
 @@ -39,7 +39,7 @@ int getfilecon_raw(const char *path, sec
        out:
  	if (ret == 0) {
@@ -41,8 +41,8 @@ diff -up libselinux-2.1.12/src/getfilecon.c.f19 libselinux-2.1.12/src/getfilecon
  	}
  	if (ret < 0)
 diff -up libselinux-2.1.12/src/label_file.c.f19 libselinux-2.1.12/src/label_file.c
---- libselinux-2.1.12/src/label_file.c.f19	2013-01-28 11:21:12.946124274 -0500
-+++ libselinux-2.1.12/src/label_file.c	2013-01-28 11:21:30.776251054 -0500
+--- libselinux-2.1.12/src/label_file.c.f19	2013-03-06 13:55:15.394795448 -0500
++++ libselinux-2.1.12/src/label_file.c	2013-03-06 13:55:15.413795527 -0500
 @@ -245,6 +245,7 @@ static int load_mmap(struct selabel_hand
  	char *addr;
  	size_t len;
@@ -192,8 +192,8 @@ diff -up libselinux-2.1.12/src/label_file.c.f19 libselinux-2.1.12/src/label_file
  }
  
 diff -up libselinux-2.1.12/src/label_file.h.f19 libselinux-2.1.12/src/label_file.h
---- libselinux-2.1.12/src/label_file.h.f19	2013-01-28 11:23:29.058943892 -0500
-+++ libselinux-2.1.12/src/label_file.h	2013-01-28 11:23:42.335010763 -0500
+--- libselinux-2.1.12/src/label_file.h.f19	2013-03-06 13:55:15.395795452 -0500
++++ libselinux-2.1.12/src/label_file.h	2013-03-06 13:55:15.414795531 -0500
 @@ -33,6 +33,13 @@ struct stem {
  	char from_mmap;
  };
@@ -217,8 +217,8 @@ diff -up libselinux-2.1.12/src/label_file.h.f19 libselinux-2.1.12/src/label_file
  
  static inline pcre_extra *get_pcre_extra(struct spec *spec)
 diff -up libselinux-2.1.12/src/lgetfilecon.c.f19 libselinux-2.1.12/src/lgetfilecon.c
---- libselinux-2.1.12/src/lgetfilecon.c.f19	2013-01-28 11:28:09.108175100 -0500
-+++ libselinux-2.1.12/src/lgetfilecon.c	2013-01-28 11:28:16.215203869 -0500
+--- libselinux-2.1.12/src/lgetfilecon.c.f19	2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/lgetfilecon.c	2013-03-06 13:55:15.415795536 -0500
 @@ -39,7 +39,7 @@ int lgetfilecon_raw(const char *path, se
        out:
  	if (ret == 0) {
@@ -229,8 +229,8 @@ diff -up libselinux-2.1.12/src/lgetfilecon.c.f19 libselinux-2.1.12/src/lgetfilec
  	}
  	if (ret < 0)
 diff -up libselinux-2.1.12/src/mapping.c.f19 libselinux-2.1.12/src/mapping.c
---- libselinux-2.1.12/src/mapping.c.f19	2013-01-28 11:27:45.646079743 -0500
-+++ libselinux-2.1.12/src/mapping.c	2013-01-28 11:27:56.241122881 -0500
+--- libselinux-2.1.12/src/mapping.c.f19	2012-09-13 13:26:50.000000000 -0400
++++ libselinux-2.1.12/src/mapping.c	2013-03-06 13:55:15.415795536 -0500
 @@ -66,7 +66,7 @@ selinux_set_mapping(struct security_clas
  			goto err2;
  
@@ -240,3 +240,206 @@ diff -up libselinux-2.1.12/src/mapping.c.f19 libselinux-2.1.12/src/mapping.c
  			/* An empty permission string skips ahead */
  			if (!*p_in->perms[k]) {
  				k++;
+diff -up libselinux-2.1.12/utils/sefcontext_compile.c.f19 libselinux-2.1.12/utils/sefcontext_compile.c
+--- libselinux-2.1.12/utils/sefcontext_compile.c.f19	2013-03-06 13:59:26.567841949 -0500
++++ libselinux-2.1.12/utils/sefcontext_compile.c	2013-03-06 13:59:42.161906692 -0500
+@@ -6,6 +6,7 @@
+ #include <string.h>
+ 
+ #include <linux/limits.h>
++#include <libgen.h>
+ 
+ #include "../src/label_file.h"
+ 
+@@ -153,6 +154,7 @@ static int write_binary_file(struct save
+ 	uint32_t magic = SELINUX_MAGIC_COMPILED_FCONTEXT;
+ 	uint32_t section_len;
+ 	uint32_t i;
++	int rc;
+ 
+ 	bin_file = fopen(filename, "w");
+ 	if (!bin_file) {
+@@ -163,19 +165,19 @@ static int write_binary_file(struct save
+ 	/* write some magic number */
+ 	len = fwrite(&magic, sizeof(uint32_t), 1, bin_file);
+ 	if (len != 1)
+-		return -1;
++		goto err;
+ 
+ 	/* write the version */
+ 	section_len = SELINUX_COMPILED_FCONTEXT_MAX_VERS;
+ 	len = fwrite(&section_len, sizeof(uint32_t), 1, bin_file);
+ 	if (len != 1)
+-		return -1;
++		goto err;
+ 
+ 	/* write the number of stems coming */
+ 	section_len = data->num_stems;
+ 	len = fwrite(&section_len, sizeof(uint32_t), 1, bin_file);
+ 	if (len != 1)
+-		return -1;
++		goto err;
+ 
+ 	for (i = 0; i < section_len; i++) {
+ 		char *stem = data->stem_arr[i].buf;
+@@ -184,20 +186,20 @@ static int write_binary_file(struct save
+ 		/* write the strlen (aka no nul) */
+ 		len = fwrite(&stem_len, sizeof(uint32_t), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* include the nul in the file */
+ 		stem_len += 1;
+ 		len = fwrite(stem, sizeof(char), stem_len, bin_file);
+ 		if (len != stem_len)
+-			return -1;
++			goto err;
+ 	}
+ 
+ 	/* write the number of regexes coming */
+ 	section_len = data->nspec;
+ 	len = fwrite(&section_len, sizeof(uint32_t), 1, bin_file);
+ 	if (len != 1)
+-		return -1;
++		goto err;
+ 
+ 	for (i = 0; i < section_len; i++) {
+ 		char *context = specs[i].lr.ctx_raw;
+@@ -208,82 +210,85 @@ static int write_binary_file(struct save
+ 		pcre_extra *sd = get_pcre_extra(&specs[i]);
+ 		uint32_t to_write;
+ 		size_t size;
+-		int rc;
+ 
+ 		/* length of the context string (including nul) */
+ 		to_write = strlen(context) + 1;
+ 		len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* original context strin (including nul) */
+ 		len = fwrite(context, sizeof(char), to_write, bin_file);
+ 		if (len != to_write)
+-			return -1;
++			goto err;
+ 
+ 		/* length of the original regex string (including nul) */
+ 		to_write = strlen(regex_str) + 1;
+ 		len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* original regex string */
+ 		len = fwrite(regex_str, sizeof(char), to_write, bin_file);
+ 		if (len != to_write)
+-			return -1;
++			goto err;
+ 
+ 		/* binary F_MODE bits */
+ 		len = fwrite(&mode, sizeof(mode), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* stem for this regex (could be -1) */
+ 		len = fwrite(&stem_id, sizeof(stem_id), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* does this spec have a metaChar? */
+ 		to_write = specs[i].hasMetaChars;
+ 		len = fwrite(&to_write, sizeof(to_write), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* determine the size of the pcre data in bytes */
+ 		rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size);
+ 		if (rc < 0)
+-			return -1;
++			goto err;
+ 
+ 		/* write the number of bytes in the pcre data */
+ 		to_write = size;
+ 		len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* write the actual pcre data as a char array */
+ 		len = fwrite(re, 1, to_write, bin_file);
+ 		if (len != to_write)
+-			return -1;
++			goto err;
+ 
+ 		/* determine the size of the pcre study info */
+ 		rc = pcre_fullinfo(re, sd, PCRE_INFO_STUDYSIZE, &size);
+ 		if (rc < 0)
+-			return -1;
++			goto err;
+ 
+ 		/* write the number of bytes in the pcre study data */
+ 		to_write = size;
+ 		len = fwrite(&to_write, sizeof(uint32_t), 1, bin_file);
+ 		if (len != 1)
+-			return -1;
++			goto err;
+ 
+ 		/* write the actual pcre study data as a char array */
+ 		len = fwrite(sd->study_data, 1, to_write, bin_file);
+ 		if (len != to_write)
+-			return -1;
++			goto err;
+ 	}
+ 
++	rc = 0;
++out:
+ 	fclose(bin_file);
+-
+-	return 0;
++	return rc;
++err:
++	rc = -1;
++	goto out;
+ }
+ 
+ static int free_specs(struct saved_data *data)
+@@ -317,7 +322,8 @@ int main(int argc, char *argv[])
+ 	const char *path;
+ 	char stack_path[PATH_MAX + 1];
+ 	int rc;
+-
++	char *tmp, *tmppath;
++	
+ 	if (argc != 2) {
+ 		fprintf(stderr, "usage: %s input_file\n", argv[0]);
+ 		exit(EXIT_FAILURE);
+@@ -338,10 +344,21 @@ int main(int argc, char *argv[])
+ 	rc = snprintf(stack_path, sizeof(stack_path), "%s.bin", path);
+ 	if (rc < 0 || rc >= sizeof(stack_path))
+ 		return rc;
+-	rc = write_binary_file(&data, stack_path);
+-	if (rc < 0)
+-		return rc;
+ 
++	tmppath = strdup(stack_path);
++	if (!tmppath) 
++		return -1;
++	tmp = tempnam(dirname(tmppath), ".bin");
++	free(tmppath);
++	if (!tmp) 
++		return -1;
++	rc = write_binary_file(&data, tmp);
++	if (rc < 0) {
++		free(tmp);
++		return rc;
++	}
++	rename(tmp, stack_path);
++	free(tmp);
+ 	rc = free_specs(&data);
+ 	if (rc < 0)
+ 		return rc;
diff --git a/libselinux.spec b/libselinux.spec
index f0a5ae2..227f641 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 7.1%{?dist}
+Release: 7.2%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -243,6 +243,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Wed Mar 6 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-7.2
+- Make setfcontext_compile atomic
+
 * Mon Jan 28 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-7.1
 - Fix memory leak in label_file, which is effecting virt
 - Clean up closeonexec calls

More information about the scm-commits mailing list