|
 |
f10538 |
From 4598a46c5ed12248a3a6e1dbe1b5a3dca52bacac Mon Sep 17 00:00:00 2001
|
|
|
f10538 |
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
f10538 |
Date: Tue, 26 Oct 2021 13:52:34 +0200
|
|
|
f10538 |
Subject: [PATCH] selinux_restorecon: protect file_spec list with a mutex
|
|
|
f10538 |
|
|
|
f10538 |
Not very useful on its own, but will allow to implement a parallel
|
|
|
f10538 |
version of selinux_restorecon() in subsequent patches.
|
|
|
f10538 |
|
|
|
f10538 |
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
|
f10538 |
---
|
|
|
f10538 |
libselinux/src/selinux_restorecon.c | 16 ++++++++++++++--
|
|
|
f10538 |
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
f10538 |
|
|
|
f10538 |
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
|
|
|
f10538 |
index e29a2c390182..43acbace309d 100644
|
|
|
f10538 |
--- a/libselinux/src/selinux_restorecon.c
|
|
|
f10538 |
+++ b/libselinux/src/selinux_restorecon.c
|
|
|
f10538 |
@@ -411,6 +411,7 @@ typedef struct file_spec {
|
|
|
f10538 |
} file_spec_t;
|
|
|
f10538 |
|
|
|
f10538 |
static file_spec_t *fl_head;
|
|
|
f10538 |
+static pthread_mutex_t fl_mutex = PTHREAD_MUTEX_INITIALIZER;
|
|
|
f10538 |
|
|
|
f10538 |
/*
|
|
|
f10538 |
* Try to add an association between an inode and a context. If there is a
|
|
|
f10538 |
@@ -424,6 +425,8 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
|
|
|
f10538 |
int h, ret;
|
|
|
f10538 |
struct stat64 sb;
|
|
|
f10538 |
|
|
|
f10538 |
+ __pthread_mutex_lock(&fl_mutex);
|
|
|
f10538 |
+
|
|
|
f10538 |
if (!fl_head) {
|
|
|
f10538 |
fl_head = calloc(HASH_BUCKETS, sizeof(file_spec_t));
|
|
|
f10538 |
if (!fl_head)
|
|
|
f10538 |
@@ -444,11 +447,11 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
|
|
|
f10538 |
fl->con = strdup(con);
|
|
|
f10538 |
if (!fl->con)
|
|
|
f10538 |
goto oom;
|
|
|
f10538 |
- return 1;
|
|
|
f10538 |
+ goto unlock_1;
|
|
|
f10538 |
}
|
|
|
f10538 |
|
|
|
f10538 |
if (strcmp(fl->con, con) == 0)
|
|
|
f10538 |
- return 1;
|
|
|
f10538 |
+ goto unlock_1;
|
|
|
f10538 |
|
|
|
f10538 |
selinux_log(SELINUX_ERROR,
|
|
|
f10538 |
"conflicting specifications for %s and %s, using %s.\n",
|
|
|
f10538 |
@@ -457,6 +460,9 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
|
|
|
f10538 |
fl->file = strdup(file);
|
|
|
f10538 |
if (!fl->file)
|
|
|
f10538 |
goto oom;
|
|
|
f10538 |
+
|
|
|
f10538 |
+ __pthread_mutex_unlock(&fl_mutex);
|
|
|
f10538 |
+
|
|
|
f10538 |
if (flags->conflicterror) {
|
|
|
f10538 |
selinux_log(SELINUX_ERROR,
|
|
|
f10538 |
"treating conflicting specifications as an error.\n");
|
|
|
f10538 |
@@ -481,13 +487,19 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
|
|
|
f10538 |
goto oom_freefl;
|
|
|
f10538 |
fl->next = prevfl->next;
|
|
|
f10538 |
prevfl->next = fl;
|
|
|
f10538 |
+
|
|
|
f10538 |
+ __pthread_mutex_unlock(&fl_mutex);
|
|
|
f10538 |
return 0;
|
|
|
f10538 |
|
|
|
f10538 |
oom_freefl:
|
|
|
f10538 |
free(fl);
|
|
|
f10538 |
oom:
|
|
|
f10538 |
+ __pthread_mutex_unlock(&fl_mutex);
|
|
|
f10538 |
selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
|
|
|
f10538 |
return -1;
|
|
|
f10538 |
+unlock_1:
|
|
|
f10538 |
+ __pthread_mutex_unlock(&fl_mutex);
|
|
|
f10538 |
+ return 1;
|
|
|
f10538 |
}
|
|
|
f10538 |
|
|
|
f10538 |
/*
|
|
|
f10538 |
--
|
|
|
f10538 |
2.33.1
|
|
|
f10538 |
|