diff options
author | Joe MacDonald <joe.macdonald@windriver.com> | 2013-10-11 10:50:47 -0400 |
---|---|---|
committer | Mark Hatle <mark.hatle@windriver.com> | 2013-11-14 19:24:06 +0000 |
commit | 7b142317419beb97f4815159177a3dd96c76c282 (patch) | |
tree | 7ec981b357074d3dfe09653ae23145eaa0511f1b | |
parent | 523931e2b918b3302cad9857a99603e996aff349 (diff) | |
download | meta-selinux-7b142317419beb97f4815159177a3dd96c76c282.tar.gz |
libselinux / policycoreutils: optional O_CLOEXEC
[ CQID: WIND00438478 ]
We still have hosts that pre-date the inclusion of O_CLOEXEC (Linux
2.6.23) so compile the flag out when building on classic distros.
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
4 files changed, 152 insertions, 0 deletions
diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch new file mode 100644 index 0000000..453334e --- /dev/null +++ b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch | |||
@@ -0,0 +1,105 @@ | |||
1 | From 0a8c1c5f3d866d3a3c0f95653416f5f72587ce3a Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe.macdonald@windriver.com> | ||
3 | Date: Fri, 11 Oct 2013 09:56:25 -0400 | ||
4 | Subject: [PATCH 2/2] libselinux: make O_CLOEXEC optional | ||
5 | |||
6 | Various commits in the selinux tree in the current release added O_CLOEXEC | ||
7 | to open() calls in an attempt to address file descriptor leaks as | ||
8 | described: | ||
9 | |||
10 | http://danwalsh.livejournal.com/53603.html | ||
11 | |||
12 | However O_CLOEXEC isn't available on all platforms, so make it a | ||
13 | compile-time option and generate a warning when it is not available. The | ||
14 | actual impact of leaking these file descriptors is minimal, though it does | ||
15 | produce curious AVC Denied messages. | ||
16 | |||
17 | Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008] | ||
18 | |||
19 | Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> | ||
20 | --- | ||
21 | src/label_file.c | 8 +++++++- | ||
22 | src/procattr.c | 8 +++++++- | ||
23 | src/sestatus.c | 8 +++++++- | ||
24 | src/stringrep.c | 8 +++++++- | ||
25 | 4 files changed, 28 insertions(+), 4 deletions(-) | ||
26 | |||
27 | diff --git a/src/label_file.c b/src/label_file.c | ||
28 | index 5f697f3..49bb8df 100644 | ||
29 | --- a/src/label_file.c | ||
30 | +++ b/src/label_file.c | ||
31 | @@ -255,7 +255,13 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat * | ||
32 | if (rc >= sizeof(mmap_path)) | ||
33 | return -1; | ||
34 | |||
35 | - mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC); | ||
36 | + mmapfd = open(mmap_path, O_RDONLY | ||
37 | +#ifdef O_CLOEXEC | ||
38 | + | O_CLOEXEC | ||
39 | +#else | ||
40 | +#warning O_CLOEXEC undefined on this platform, this may leak file descriptors | ||
41 | +#endif | ||
42 | + ); | ||
43 | if (mmapfd < 0) | ||
44 | return -1; | ||
45 | |||
46 | diff --git a/src/procattr.c b/src/procattr.c | ||
47 | index 6c5b45a..6cfe589 100644 | ||
48 | --- a/src/procattr.c | ||
49 | +++ b/src/procattr.c | ||
50 | @@ -86,7 +86,13 @@ static int openattr(pid_t pid, const char *attr, int flags) | ||
51 | if (rc < 0) | ||
52 | return -1; | ||
53 | |||
54 | - fd = open(path, flags | O_CLOEXEC); | ||
55 | + fd = open(path, flags | ||
56 | +#ifdef O_CLOEXEC | ||
57 | + | O_CLOEXEC | ||
58 | +#else | ||
59 | +#warning O_CLOEXEC undefined on this platform, this may leak file descriptors | ||
60 | +#endif | ||
61 | + ); | ||
62 | free(path); | ||
63 | return fd; | ||
64 | } | ||
65 | diff --git a/src/sestatus.c b/src/sestatus.c | ||
66 | index ed29dc5..0cb15b6 100644 | ||
67 | --- a/src/sestatus.c | ||
68 | +++ b/src/sestatus.c | ||
69 | @@ -268,7 +268,13 @@ int selinux_status_open(int fallback) | ||
70 | return -1; | ||
71 | |||
72 | snprintf(path, sizeof(path), "%s/status", selinux_mnt); | ||
73 | - fd = open(path, O_RDONLY | O_CLOEXEC); | ||
74 | + fd = open(path, O_RDONLY | ||
75 | +#ifdef O_CLOEXEC | ||
76 | + | O_CLOEXEC | ||
77 | +#else | ||
78 | +#warning O_CLOEXEC undefined on this platform, this may leak file descriptors | ||
79 | +#endif | ||
80 | + ); | ||
81 | if (fd < 0) | ||
82 | goto error; | ||
83 | |||
84 | diff --git a/src/stringrep.c b/src/stringrep.c | ||
85 | index ba75ccd..e6ccfd5 100644 | ||
86 | --- a/src/stringrep.c | ||
87 | +++ b/src/stringrep.c | ||
88 | @@ -258,7 +258,13 @@ static struct discover_class_node * discover_class(const char *s) | ||
89 | struct stat m; | ||
90 | |||
91 | snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name); | ||
92 | - fd = open(path, O_RDONLY | O_CLOEXEC); | ||
93 | + fd = open(path, O_RDONLY | ||
94 | +#ifdef O_CLOEXEC | ||
95 | + | O_CLOEXEC | ||
96 | +#else | ||
97 | +#warning O_CLOEXEC undefined on this platform, this may leak file descriptors | ||
98 | +#endif | ||
99 | + ); | ||
100 | if (fd < 0) | ||
101 | goto err4; | ||
102 | |||
103 | -- | ||
104 | 1.7.10.4 | ||
105 | |||
diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.1.13.bb index 404d6f5..28b1ff1 100644 --- a/recipes-security/selinux/libselinux_2.1.13.bb +++ b/recipes-security/selinux/libselinux_2.1.13.bb | |||
@@ -12,4 +12,5 @@ SRC_URI += "\ | |||
12 | file://libselinux-fix-init-load-policy.patch \ | 12 | file://libselinux-fix-init-load-policy.patch \ |
13 | file://libselinux-pcre-link-order.patch \ | 13 | file://libselinux-pcre-link-order.patch \ |
14 | file://libselinux-drop-Wno-unused-but-set-variable.patch \ | 14 | file://libselinux-drop-Wno-unused-but-set-variable.patch \ |
15 | file://libselinux-make-O_CLOEXEC-optional.patch \ | ||
15 | " | 16 | " |
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch new file mode 100644 index 0000000..aaaa1e5 --- /dev/null +++ b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From dca6a89058d818827d6f1c80c9b6abb46002b855 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joe MacDonald <joe.macdonald@windriver.com> | ||
3 | Date: Fri, 11 Oct 2013 09:55:43 -0400 | ||
4 | Subject: [PATCH 1/2] policycoreutils: make O_CLOEXEC optional | ||
5 | |||
6 | Various commits in the selinux tree in the current release added O_CLOEXEC | ||
7 | to open() calls in an attempt to address file descriptor leaks as | ||
8 | described: | ||
9 | |||
10 | http://danwalsh.livejournal.com/53603.html | ||
11 | |||
12 | However O_CLOEXEC isn't available on all platforms, so make it a | ||
13 | compile-time option and generate a warning when it is not available. The | ||
14 | actual impact of leaking these file descriptors is minimal, though it does | ||
15 | produce curious AVC Denied messages. | ||
16 | |||
17 | Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008] | ||
18 | |||
19 | Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> | ||
20 | --- | ||
21 | restorecond/user.c | 8 +++++++- | ||
22 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
23 | |||
24 | diff --git a/restorecond/user.c b/restorecond/user.c | ||
25 | index 00a646f..50f3ab6 100644 | ||
26 | --- a/restorecond/user.c | ||
27 | +++ b/restorecond/user.c | ||
28 | @@ -201,7 +201,13 @@ static int local_server() { | ||
29 | perror("asprintf"); | ||
30 | return -1; | ||
31 | } | ||
32 | - int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR); | ||
33 | + int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | ||
34 | +#ifdef O_CLOEXEC | ||
35 | + | O_CLOEXEC | ||
36 | +#else | ||
37 | +#warning O_CLOEXEC undefined on this platform, this may leak file descriptors | ||
38 | +#endif | ||
39 | + , S_IRUSR | S_IWUSR); | ||
40 | if (debug_mode) | ||
41 | g_warning ("Lock file: %s", ptr); | ||
42 | |||
43 | -- | ||
44 | 1.7.10.4 | ||
45 | |||
diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.1.14.bb index b177042..64f0d8d 100644 --- a/recipes-security/selinux/policycoreutils_2.1.14.bb +++ b/recipes-security/selinux/policycoreutils_2.1.14.bb | |||
@@ -12,4 +12,5 @@ SRC_URI += "\ | |||
12 | file://policycoreutils-fix-strict-prototypes.patch \ | 12 | file://policycoreutils-fix-strict-prototypes.patch \ |
13 | file://policycoreutils-revert-run_init-open_init_pty.patch \ | 13 | file://policycoreutils-revert-run_init-open_init_pty.patch \ |
14 | file://policycoreutils-fix-sepolicy-install-path.patch \ | 14 | file://policycoreutils-fix-sepolicy-install-path.patch \ |
15 | file://policycoreutils-make-O_CLOEXEC-optional.patch \ | ||
15 | " | 16 | " |