|
 |
1ff636 |
From 3a82f8be03b07b84fa470c6e42cd87865aeaf701 Mon Sep 17 00:00:00 2001
|
|
|
1ff636 |
From: Will Woods <wwoods@redhat.com>
|
|
|
1ff636 |
Date: Fri, 13 Mar 2015 17:24:46 -0400
|
|
|
1ff636 |
Subject: [PATCH] selinux: fix SEGV during switch-root if SELinux policy loaded
|
|
|
1ff636 |
|
|
|
1ff636 |
If you've got SELinux policy loaded, label_hnd is your labeling handle.
|
|
|
1ff636 |
When systemd is shutting down, we free that handle via mac_selinux_finish().
|
|
|
1ff636 |
|
|
|
1ff636 |
But: switch_root() calls mkdir_p_label(), which tries to look up a label
|
|
|
1ff636 |
using that freed handle, and so we get a bunch of garbage and eventually
|
|
|
1ff636 |
SEGV in libselinux.
|
|
|
1ff636 |
|
|
|
1ff636 |
(This doesn't happen in the switch-root from initramfs to real root because
|
|
|
1ff636 |
there's no SELinux policy loaded in initramfs, so label_hnd is NULL and we
|
|
|
1ff636 |
never attempt any lookups.)
|
|
|
1ff636 |
|
|
|
1ff636 |
So: make sure that mac_selinux_finish() actually sets label_hnd to NULL, so
|
|
|
1ff636 |
nobody tries to use it after it becomes invalid.
|
|
|
1ff636 |
|
|
|
1ff636 |
https://bugzilla.redhat.com/show_bug.cgi?id=1185604
|
|
|
1ff636 |
(cherry picked from commit f5ce2b49585a14cefb6d02f61c8dcdf7628a8605)
|
|
|
1ff636 |
---
|
|
|
1ff636 |
src/shared/selinux-util.c | 1 +
|
|
|
1ff636 |
1 file changed, 1 insertion(+)
|
|
|
1ff636 |
|
|
|
1ff636 |
diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
|
|
|
181b3f |
index a2233e0cf..a46ddf849 100644
|
|
|
1ff636 |
--- a/src/shared/selinux-util.c
|
|
|
1ff636 |
+++ b/src/shared/selinux-util.c
|
|
|
1ff636 |
@@ -117,6 +117,7 @@ void mac_selinux_finish(void) {
|
|
|
1ff636 |
return;
|
|
|
1ff636 |
|
|
|
1ff636 |
selabel_close(label_hnd);
|
|
|
1ff636 |
+ label_hnd = NULL;
|
|
|
1ff636 |
#endif
|
|
|
1ff636 |
}
|
|
|
1ff636 |
|