valeriyvdovin / rpms / systemd

Forked from rpms/systemd 4 years ago
Clone

Blame SOURCES/0221-Partially-revert-ma-setup-simplify.patch

803fb7
From 21559c09b39155d44f8997703a35211623a38689 Mon Sep 17 00:00:00 2001
803fb7
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
803fb7
Date: Mon, 1 Jun 2015 10:33:48 -0400
803fb7
Subject: [PATCH] Partially revert "ma-setup: simplify"
803fb7
803fb7
copy_bytes() tries to do the write in chunks, but ima kernel code
803fb7
needs every rule to be written in one write. Writing the whole file
803fb7
at once avoids the issue.
803fb7
803fb7
http://lists.freedesktop.org/archives/systemd-devel/2015-June/032623.html
803fb7
http://sourceforge.net/p/linux-ima/mailman/message/34145236/
803fb7
https://bugzilla.redhat.com/show_bug.cgi?id=1226948
803fb7
(cherry picked from commit 116b6c8687e1da25fcecf80ba6ac16866e308d50)
803fb7
803fb7
Cherry-picked from: 116b6c8
803fb7
Resolves: #1222517
803fb7
---
803fb7
 src/core/ima-setup.c | 15 +++++++++++++--
803fb7
 1 file changed, 13 insertions(+), 2 deletions(-)
803fb7
803fb7
diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
803fb7
index 0e0d16a7c..1d4acfa3b 100644
803fb7
--- a/src/core/ima-setup.c
803fb7
+++ b/src/core/ima-setup.c
803fb7
@@ -27,9 +27,10 @@
803fb7
 #include <sys/types.h>
803fb7
 #include <sys/stat.h>
803fb7
 #include <fcntl.h>
803fb7
+#include <sys/stat.h>
803fb7
+#include <sys/mman.h>
803fb7
 
803fb7
 #include "ima-setup.h"
803fb7
-#include "copy.h"
803fb7
 #include "util.h"
803fb7
 #include "log.h"
803fb7
 
803fb7
@@ -42,6 +43,8 @@ int ima_setup(void) {
803fb7
 
803fb7
 #ifdef HAVE_IMA
803fb7
         _cleanup_close_ int policyfd = -1, imafd = -1;
803fb7
+        struct stat st;
803fb7
+        char *policy;
803fb7
 
803fb7
         if (access(IMA_SECFS_DIR, F_OK) < 0) {
803fb7
                 log_debug("IMA support is disabled in the kernel, ignoring.");
803fb7
@@ -66,12 +69,20 @@ int ima_setup(void) {
803fb7
                 return 0;
803fb7
         }
803fb7
 
803fb7
-        r = copy_bytes(policyfd, imafd, (off_t) -1, false);
803fb7
+        if (fstat(policyfd, &st) < 0)
803fb7
+                return log_error_errno(errno, "Failed to fstat "IMA_POLICY_PATH": %m");
803fb7
+
803fb7
+        policy = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, policyfd, 0);
803fb7
+        if (policy == MAP_FAILED)
803fb7
+                return log_error_errno(errno, "Failed to mmap "IMA_POLICY_PATH": %m");
803fb7
+
803fb7
+        r = loop_write(imafd, policy, (size_t) st.st_size, false);
803fb7
         if (r < 0)
803fb7
                 log_error_errno(r, "Failed to load the IMA custom policy file "IMA_POLICY_PATH": %m");
803fb7
         else
803fb7
                 log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH".");
803fb7
 
803fb7
+        munmap(policy, st.st_size);
803fb7
 #endif /* HAVE_IMA */
803fb7
         return r;
803fb7
 }