From 7a71cdb44dbd50d0250df20034d2f493bb0a5628 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Jan 14 2013 21:19:46 +0000
Subject: setfscreatecon after fork was broken by the Set*con patch.


- We needed to reset the thread variables after a fork.

---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 77948d7..1d2af3f 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -5864,6 +5864,49 @@ index ae21175..948aff1 100644
 +.BR booleans (8),
 +.BR getsebool (8),
 +.BR setsebool (8)
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index ac019df..613a4ed 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
+ RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+ LIBBASE=$(shell basename $(LIBDIR))
+ 
+-LDFLAGS ?= -lpcre
++LDFLAGS ?= -lpcre -lpthread
+ 
+ VERSION = $(shell cat ../VERSION)
+ LIBVERSION = 1
+@@ -106,17 +106,17 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ 	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+ 
+ $(SWIGSO): $(SWIGLOBJ)
+-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR)
++	$(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
+ 
+ $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR)
++	$(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
+ 
+ $(LIBA): $(OBJS)
+ 	$(AR) rcs $@ $^
+ 	$(RANLIB) $@
+ 
+ $(LIBSO): $(LOBJS)
+-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
++	$(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ 	ln -sf $@ $(TARGET) 
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+@@ -129,7 +129,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
+ 	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+ 
+ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
+-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
++	$(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+ 
+ %.o:  %.c policy.h
+ 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
 diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
 index 02483a3..73c07aa 100644
 --- a/libselinux/src/audit2why.c
@@ -6652,10 +6695,18 @@ index 2d7369e..2a00807 100644
  }
  
 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..be9f8b0 100644
+index 83381e4..08b75d4 100644
 --- a/libselinux/src/procattr.c
 +++ b/libselinux/src/procattr.c
-@@ -8,11 +8,54 @@
+@@ -1,6 +1,7 @@
+ #include <sys/syscall.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <pthread.h>
+ #include <string.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+@@ -8,11 +9,63 @@
  #include "selinux_internal.h"
  #include "policy.h"
  
@@ -6685,6 +6736,13 @@ index 83381e4..be9f8b0 100644
 +	free(prev_sockcreate);
 +}
 +
++static void free_procattr(void)
++{
++	procattr_thread_destructor(NULL);
++	tid = -1;
++	prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = NULL;
++}
++
 +void __attribute__((destructor)) procattr_destructor(void);
 +
 +void hidden __attribute__((destructor)) procattr_destructor(void)
@@ -6703,22 +6761,35 @@ index 83381e4..be9f8b0 100644
 +
 +static void init_procattr(void)
 +{
-+	if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0)
++	if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
++		pthread_atfork(NULL, NULL, free_procattr);
 +		destructor_key_initialized = 1;
++	}
 +}
 +
  static int getprocattrcon_raw(security_context_t * context,
  			      pid_t pid, const char *attr)
  {
-@@ -20,7 +63,6 @@ static int getprocattrcon_raw(security_context_t * context,
+@@ -20,13 +73,16 @@ static int getprocattrcon_raw(security_context_t * context,
  	size_t size;
  	int fd, rc;
  	ssize_t ret;
 -	pid_t tid;
  	int errno_hold;
  
++	__selinux_once(once, init_procattr);
++	init_thread_destructor();
++
  	if (pid > 0)
-@@ -92,14 +134,44 @@ static int setprocattrcon_raw(security_context_t context,
+ 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ 	else {
+-		tid = gettid();
++		if (tid == -1)
++			tid = gettid();
+ 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ 	}
+ 	if (rc < 0)
+@@ -92,14 +148,44 @@ static int setprocattrcon_raw(security_context_t context,
  {
  	char *path;
  	int fd, rc;
@@ -6765,7 +6836,7 @@ index 83381e4..be9f8b0 100644
  		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
  	}
  	if (rc < 0)
-@@ -109,21 +181,30 @@ static int setprocattrcon_raw(security_context_t context,
+@@ -109,21 +195,30 @@ static int setprocattrcon_raw(security_context_t context,
  	free(path);
  	if (fd < 0)
  		return -1;
diff --git a/libselinux.spec b/libselinux.spec
index 2047af8..06c521b 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,10 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
+- setfscreatecon after fork was broken by the Set*con patch.
+- We needed to reset the thread variables after a fork.
+
 * Thu Jan 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
 - Fix setfscreatecon call to handle failure mode, which was breaking udev