From f0a059565ac49592022a7832137a347eca2ee2bd Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Jan 18 2013 16:01:45 +0000 Subject: Fix tid handling for setfscreatecon, old patch still broken in libvirt --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 1d2af3f..5ce8486 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -6695,7 +6695,7 @@ index 2d7369e..2a00807 100644 } diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c -index 83381e4..08b75d4 100644 +index 83381e4..a2bcabb 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -1,6 +1,7 @@ @@ -6706,7 +6706,7 @@ index 83381e4..08b75d4 100644 #include #include #include -@@ -8,11 +9,63 @@ +@@ -8,33 +9,106 @@ #include "selinux_internal.h" #include "policy.h" @@ -6767,37 +6767,86 @@ index 83381e4..08b75d4 100644 + } +} + ++static int openattr(pid_t pid, const char *attr, int flags) ++{ ++ int firsttime = (pid == 0); ++ int fd=-1, rc; ++ char *path; ++ do { ++ if (pid > 0) { ++ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); ++ } else { ++ if (tid == -1) { ++ firsttime = 0; ++ tid = gettid(); ++ } ++ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); ++ } ++ if (rc < 0) ++ return -1; ++ ++ fd = open(path, flags); ++ free(path); path=NULL; ++ if (fd >= 0) ++ break; ++ tid = -1; ++ ++ } while (firsttime); ++ ++ return fd; ++} ++ static int getprocattrcon_raw(security_context_t * context, pid_t pid, const char *attr) { -@@ -20,13 +73,16 @@ static int getprocattrcon_raw(security_context_t * context, +- char *path, *buf; ++ char *buf; size_t size; - int fd, rc; +- int fd, rc; ++ int fd; ssize_t ret; - pid_t tid; int errno_hold; +- if (pid > 0) +- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); +- else { +- tid = gettid(); +- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); +- } +- if (rc < 0) +- return -1; + __selinux_once(once, init_procattr); + init_thread_destructor(); -+ - if (pid > 0) - rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); - else { -- tid = gettid(); -+ if (tid == -1) -+ tid = gettid(); - rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); - } - if (rc < 0) -@@ -92,14 +148,44 @@ static int setprocattrcon_raw(security_context_t context, + +- fd = open(path, O_RDONLY); +- free(path); +- if (fd < 0) ++ fd = openattr(pid, attr, O_RDONLY); ++ if (fd < 0) + return -1; + + size = selinux_page_size; +@@ -90,40 +164,66 @@ static int getprocattrcon(security_context_t * context, + static int setprocattrcon_raw(security_context_t context, + pid_t pid, const char *attr) { - char *path; - int fd, rc; +- char *path; +- int fd, rc; - pid_t tid; ++ int fd; ssize_t ret; int errno_hold; + security_context_t *prev_context; -+ + +- if (pid > 0) +- rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); +- else { +- tid = gettid(); +- rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); +- } +- if (rc < 0) +- return -1; + __selinux_once(once, init_procattr); + init_thread_destructor(); + @@ -6826,18 +6875,9 @@ index 83381e4..08b75d4 100644 + if (context && *prev_context && !strcmp(context, *prev_context)) + return 0; - if (pid > 0) - rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); - else { -- tid = gettid(); -+ if (tid == -1) -+ tid = gettid(); -+ - rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); - } - if (rc < 0) -@@ -109,21 +195,30 @@ static int setprocattrcon_raw(security_context_t context, - free(path); +- fd = open(path, O_RDWR); +- free(path); ++ fd = openattr(pid, attr, O_RDWR); if (fd < 0) return -1; - if (context) diff --git a/libselinux.spec b/libselinux.spec index 06c521b..f949ccc 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -10,7 +10,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.1.12 -Release: 14%{?dist} +Release: 15%{?dist} License: Public Domain Group: System Environment/Libraries Source: %{name}-%{version}.tgz @@ -241,6 +241,9 @@ rm -rf %{buildroot} %{ruby_sitearch}/selinux.so %changelog +* Wed Jan 16 2013 Dan Walsh - 2.1.12-15 +- Fix tid handling for setfscreatecon, old patch still broken in libvirt + * Mon Jan 14 2013 Dan Walsh - 2.1.12-14 - setfscreatecon after fork was broken by the Set*con patch. - We needed to reset the thread variables after a fork.