valeriyvdovin / rpms / systemd

Forked from rpms/systemd 4 years ago
Clone

Blame SOURCES/0221-Partially-revert-ma-setup-simplify.patch

1ff636
From 21559c09b39155d44f8997703a35211623a38689 Mon Sep 17 00:00:00 2001
1ff636
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
1ff636
Date: Mon, 1 Jun 2015 10:33:48 -0400
1ff636
Subject: [PATCH] Partially revert "ma-setup: simplify"
1ff636
1ff636
copy_bytes() tries to do the write in chunks, but ima kernel code
1ff636
needs every rule to be written in one write. Writing the whole file
1ff636
at once avoids the issue.
1ff636
1ff636
http://lists.freedesktop.org/archives/systemd-devel/2015-June/032623.html
1ff636
http://sourceforge.net/p/linux-ima/mailman/message/34145236/
1ff636
https://bugzilla.redhat.com/show_bug.cgi?id=1226948
1ff636
(cherry picked from commit 116b6c8687e1da25fcecf80ba6ac16866e308d50)
1ff636
1ff636
Cherry-picked from: 116b6c8
1ff636
Resolves: #1222517
1ff636
---
1ff636
 src/core/ima-setup.c | 15 +++++++++++++--
1ff636
 1 file changed, 13 insertions(+), 2 deletions(-)
1ff636
1ff636
diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
181b3f
index 0e0d16a7c..1d4acfa3b 100644
1ff636
--- a/src/core/ima-setup.c
1ff636
+++ b/src/core/ima-setup.c
1ff636
@@ -27,9 +27,10 @@
1ff636
 #include <sys/types.h>
1ff636
 #include <sys/stat.h>
1ff636
 #include <fcntl.h>
1ff636
+#include <sys/stat.h>
1ff636
+#include <sys/mman.h>
1ff636
 
1ff636
 #include "ima-setup.h"
1ff636
-#include "copy.h"
1ff636
 #include "util.h"
1ff636
 #include "log.h"
1ff636
 
1ff636
@@ -42,6 +43,8 @@ int ima_setup(void) {
1ff636
 
1ff636
 #ifdef HAVE_IMA
1ff636
         _cleanup_close_ int policyfd = -1, imafd = -1;
1ff636
+        struct stat st;
1ff636
+        char *policy;
1ff636
 
1ff636
         if (access(IMA_SECFS_DIR, F_OK) < 0) {
1ff636
                 log_debug("IMA support is disabled in the kernel, ignoring.");
1ff636
@@ -66,12 +69,20 @@ int ima_setup(void) {
1ff636
                 return 0;
1ff636
         }
1ff636
 
1ff636
-        r = copy_bytes(policyfd, imafd, (off_t) -1, false);
1ff636
+        if (fstat(policyfd, &st) < 0)
1ff636
+                return log_error_errno(errno, "Failed to fstat "IMA_POLICY_PATH": %m");
1ff636
+
1ff636
+        policy = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, policyfd, 0);
1ff636
+        if (policy == MAP_FAILED)
1ff636
+                return log_error_errno(errno, "Failed to mmap "IMA_POLICY_PATH": %m");
1ff636
+
1ff636
+        r = loop_write(imafd, policy, (size_t) st.st_size, false);
1ff636
         if (r < 0)
1ff636
                 log_error_errno(r, "Failed to load the IMA custom policy file "IMA_POLICY_PATH": %m");
1ff636
         else
1ff636
                 log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH".");
1ff636
 
1ff636
+        munmap(policy, st.st_size);
1ff636
 #endif /* HAVE_IMA */
1ff636
         return r;
1ff636
 }