|
 |
1abbee |
From 2ae0271ada810c06c12755699f0db955fc51061d Mon Sep 17 00:00:00 2001
|
|
|
1abbee |
From: Petr Lautrbach <plautrba@redhat.com>
|
|
|
1abbee |
Date: Thu, 10 Mar 2016 10:19:56 +0100
|
|
|
1abbee |
Subject: [PATCH] socket_address_listen - do not rely on errno
|
|
|
1abbee |
|
|
|
1abbee |
Currently socket_address_listen() calls mac_selinux_bind() to bind a UNIX
|
|
|
1abbee |
socket and checks its return value and errno for EADDRINUSE. This is not
|
|
|
1abbee |
correct. When there's an SELinux context change made for the new socket,
|
|
|
1abbee |
bind() is not the last function called in mac_selinux_bind(). In that
|
|
|
1abbee |
case the last call is setfscreatecon() from libselinux which can change
|
|
|
1abbee |
errno as it uses access() to check if /proc/thread-self is available.
|
|
|
1abbee |
It fails on kernels before 3.17 and errno is set to ENOENT.
|
|
|
1abbee |
|
|
|
1abbee |
It's safe to check only the return value at it's set to -errno.
|
|
|
1abbee |
|
|
|
1abbee |
Cherry-picked from: a0c9496cc826957fe0f3926f619e073f17a9ab4d
|
|
|
1abbee |
Resolves: #1316452
|
|
|
1abbee |
---
|
|
|
1abbee |
src/shared/socket-label.c | 2 +-
|
|
|
1abbee |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
1abbee |
|
|
|
1abbee |
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
|
|
|
c62b8e |
index a6289eb50f..713e71ba3c 100644
|
|
|
1abbee |
--- a/src/shared/socket-label.c
|
|
|
1abbee |
+++ b/src/shared/socket-label.c
|
|
|
1abbee |
@@ -119,7 +119,7 @@ int socket_address_listen(
|
|
|
1abbee |
|
|
|
1abbee |
r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
|
|
|
1abbee |
|
|
|
1abbee |
- if (r < 0 && errno == EADDRINUSE) {
|
|
|
1abbee |
+ if (r == -EADDRINUSE) {
|
|
|
1abbee |
/* Unlink and try again */
|
|
|
1abbee |
unlink(a->sockaddr.un.sun_path);
|
|
|
1abbee |
r = bind(fd, &a->sockaddr.sa, a->size);
|