libselinux / policycoreutils: optional O_CLOEXEC

[ CQID: WIND00438478 ] We still have hosts that pre-date the inclusion of O_CLOEXEC (Linux 2.6.23) so compile the flag out when building on classic distros. Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
author: Joe MacDonald <joe.macdonald@windriver.com> 2013-10-11 10:50:47 -0400
committer: Mark Hatle <mark.hatle@windriver.com> 2013-11-14 19:24:06 +0000
commit: 7b142317419beb97f4815159177a3dd96c76c282 (patch)
tree: 7ec981b357074d3dfe09653ae23145eaa0511f1b
parent: 523931e2b918b3302cad9857a99603e996aff349 (diff)
download: meta-selinux-7b142317419beb97f4815159177a3dd96c76c282.tar.gz
4 files changed, 152 insertions, 0 deletions
diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
new file mode 100644
index 0000000..453334e
--- /dev/null
+++ b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
@@ -0,0 +1,105 @@
+From 0a8c1c5f3d866d3a3c0f95653416f5f72587ce3a Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe.macdonald@windriver.com>
+Date: Fri, 11 Oct 2013 09:56:25 -0400
+Subject: [PATCH 2/2] libselinux: make O_CLOEXEC optional
+Various commits in the selinux tree in the current release added O_CLOEXEC
+to open() calls in an attempt to address file descriptor leaks as
+described:
+   http://danwalsh.livejournal.com/53603.html
+However O_CLOEXEC isn't available on all platforms, so make it a
+compile-time option and generate a warning when it is not available.  The
+actual impact of leaking these file descriptors is minimal, though it does
+produce curious AVC Denied messages.
+Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
+Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+---
+ src/label_file.c |    8 +++++++-
+ src/procattr.c   |    8 +++++++-
+ src/sestatus.c   |    8 +++++++-
+ src/stringrep.c  |    8 +++++++-
+ 4 files changed, 28 insertions(+), 4 deletions(-)
+diff --git a/src/label_file.c b/src/label_file.c
+index 5f697f3..49bb8df 100644
+--- a/src/label_file.c
+++ b/src/label_file.c
+@@ -255,7 +255,13 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
+        if (rc >= sizeof(mmap_path))
+                return -1;
+ 
+-       mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
+       mmapfd = open(mmap_path, O_RDONLY 
+#ifdef O_CLOEXEC
+                 | O_CLOEXEC
+#else
+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+                 );
+        if (mmapfd < 0)
+                return -1;
+ 
+diff --git a/src/procattr.c b/src/procattr.c
+index 6c5b45a..6cfe589 100644
+--- a/src/procattr.c
+++ b/src/procattr.c
+@@ -86,7 +86,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
+        if (rc < 0)
+                return -1;
+ 
+-       fd = open(path, flags | O_CLOEXEC);
+       fd = open(path, flags
+#ifdef O_CLOEXEC
+             | O_CLOEXEC
+#else
+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+             );
+        free(path);
+        return fd;
+ }
+diff --git a/src/sestatus.c b/src/sestatus.c
+index ed29dc5..0cb15b6 100644
+--- a/src/sestatus.c
+++ b/src/sestatus.c
+@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
+                return -1;
+ 
+        snprintf(path, sizeof(path), "%s/status", selinux_mnt);
+-       fd = open(path, O_RDONLY | O_CLOEXEC);
+       fd = open(path, O_RDONLY
+#ifdef O_CLOEXEC
+             | O_CLOEXEC
+#else
+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+             );
+        if (fd < 0)
+                goto error;
+ 
+diff --git a/src/stringrep.c b/src/stringrep.c
+index ba75ccd..e6ccfd5 100644
+--- a/src/stringrep.c
+++ b/src/stringrep.c
+@@ -258,7 +258,13 @@ static struct discover_class_node * discover_class(const char *s)
+                struct stat m;
+ 
+                snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+-               fd = open(path, O_RDONLY | O_CLOEXEC);
+               fd = open(path, O_RDONLY
+#ifdef O_CLOEXEC
+                | O_CLOEXEC
+#else
+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+                );
+                if (fd < 0)
+                        goto err4;
+ 
+-- 
+1.7.10.4
diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.1.13.bb
index 404d6f5..28b1ff1 100644
--- a/recipes-security/selinux/libselinux_2.1.13.bb
+++ b/recipes-security/selinux/libselinux_2.1.13.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
        file://libselinux-fix-init-load-policy.patch \
        file://libselinux-pcre-link-order.patch \
        file://libselinux-drop-Wno-unused-but-set-variable.patch \
+        file://libselinux-make-O_CLOEXEC-optional.patch \
        "
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
new file mode 100644
index 0000000..aaaa1e5
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -0,0 +1,45 @@
+From dca6a89058d818827d6f1c80c9b6abb46002b855 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe.macdonald@windriver.com>
+Date: Fri, 11 Oct 2013 09:55:43 -0400
+Subject: [PATCH 1/2] policycoreutils: make O_CLOEXEC optional
+Various commits in the selinux tree in the current release added O_CLOEXEC
+to open() calls in an attempt to address file descriptor leaks as
+described:
+   http://danwalsh.livejournal.com/53603.html
+However O_CLOEXEC isn't available on all platforms, so make it a
+compile-time option and generate a warning when it is not available.  The
+actual impact of leaking these file descriptors is minimal, though it does
+produce curious AVC Denied messages.
+Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
+Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+---
+ restorecond/user.c |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+diff --git a/restorecond/user.c b/restorecond/user.c
+index 00a646f..50f3ab6 100644
+--- a/restorecond/user.c
+++ b/restorecond/user.c
+@@ -201,7 +201,13 @@ static int local_server() {
+                        perror("asprintf");
+                return -1;
+        }
+-       int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
+       int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW 
+#ifdef O_CLOEXEC
+                 | O_CLOEXEC
+#else
+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+                 , S_IRUSR | S_IWUSR);
+        if (debug_mode)
+                g_warning ("Lock file: %s", ptr);
+ 
+-- 
+1.7.10.4
diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.1.14.bb
index b177042..64f0d8d 100644
--- a/recipes-security/selinux/policycoreutils_2.1.14.bb
+++ b/recipes-security/selinux/policycoreutils_2.1.14.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
        file://policycoreutils-fix-strict-prototypes.patch \
        file://policycoreutils-revert-run_init-open_init_pty.patch \
        file://policycoreutils-fix-sepolicy-install-path.patch \
+        file://policycoreutils-make-O_CLOEXEC-optional.patch \
        "
author	Joe MacDonald <joe.macdonald@windriver.com>	2013-10-11 10:50:47 -0400
committer	Mark Hatle <mark.hatle@windriver.com>	2013-11-14 19:24:06 +0000
commit	7b142317419beb97f4815159177a3dd96c76c282 (patch)
tree	7ec981b357074d3dfe09653ae23145eaa0511f1b
parent	523931e2b918b3302cad9857a99603e996aff349 (diff)
download	meta-selinux-7b142317419beb97f4815159177a3dd96c76c282.tar.gz

diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch new file mode 100644 index 0000000..453334e --- /dev/null +++ b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
@@ -0,0 +1,105 @@
		1	From 0a8c1c5f3d866d3a3c0f95653416f5f72587ce3a Mon Sep 17 00:00:00 2001
		2	From: Joe MacDonald <joe.macdonald@windriver.com>
		3	Date: Fri, 11 Oct 2013 09:56:25 -0400
		4	Subject: [PATCH 2/2] libselinux: make O_CLOEXEC optional
		5
		6	Various commits in the selinux tree in the current release added O_CLOEXEC
		7	to open() calls in an attempt to address file descriptor leaks as
		8	described:
		9
		10	http://danwalsh.livejournal.com/53603.html
		11
		12	However O_CLOEXEC isn't available on all platforms, so make it a
		13	compile-time option and generate a warning when it is not available. The
		14	actual impact of leaking these file descriptors is minimal, though it does
		15	produce curious AVC Denied messages.
		16
		17	Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
		18
		19	Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
		20	---
		21	src/label_file.c \| 8 +++++++-
		22	src/procattr.c \| 8 +++++++-
		23	src/sestatus.c \| 8 +++++++-
		24	src/stringrep.c \| 8 +++++++-
		25	4 files changed, 28 insertions(+), 4 deletions(-)
		26
		27	diff --git a/src/label_file.c b/src/label_file.c
		28	index 5f697f3..49bb8df 100644
		29	--- a/src/label_file.c
		30	+++ b/src/label_file.c
		31	@@ -255,7 +255,13 @@ static int load_mmap(struct selabel_handle rec, const char path, struct stat *
		32	if (rc >= sizeof(mmap_path))
		33	return -1;
		34
		35	- mmapfd = open(mmap_path, O_RDONLY \| O_CLOEXEC);
		36	+ mmapfd = open(mmap_path, O_RDONLY
		37	+#ifdef O_CLOEXEC
		38	+ \| O_CLOEXEC
		39	+#else
		40	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
		41	+#endif
		42	+ );
		43	if (mmapfd < 0)
		44	return -1;
		45
		46	diff --git a/src/procattr.c b/src/procattr.c
		47	index 6c5b45a..6cfe589 100644
		48	--- a/src/procattr.c
		49	+++ b/src/procattr.c
		50	@@ -86,7 +86,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
		51	if (rc < 0)
		52	return -1;
		53
		54	- fd = open(path, flags \| O_CLOEXEC);
		55	+ fd = open(path, flags
		56	+#ifdef O_CLOEXEC
		57	+ \| O_CLOEXEC
		58	+#else
		59	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
		60	+#endif
		61	+ );
		62	free(path);
		63	return fd;
		64	}
		65	diff --git a/src/sestatus.c b/src/sestatus.c
		66	index ed29dc5..0cb15b6 100644
		67	--- a/src/sestatus.c
		68	+++ b/src/sestatus.c
		69	@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
		70	return -1;
		71
		72	snprintf(path, sizeof(path), "%s/status", selinux_mnt);
		73	- fd = open(path, O_RDONLY \| O_CLOEXEC);
		74	+ fd = open(path, O_RDONLY
		75	+#ifdef O_CLOEXEC
		76	+ \| O_CLOEXEC
		77	+#else
		78	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
		79	+#endif
		80	+ );
		81	if (fd < 0)
		82	goto error;
		83
		84	diff --git a/src/stringrep.c b/src/stringrep.c
		85	index ba75ccd..e6ccfd5 100644
		86	--- a/src/stringrep.c
		87	+++ b/src/stringrep.c
		88	@@ -258,7 +258,13 @@ static struct discover_class_node * discover_class(const char *s)
		89	struct stat m;
		90
		91	snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
		92	- fd = open(path, O_RDONLY \| O_CLOEXEC);
		93	+ fd = open(path, O_RDONLY
		94	+#ifdef O_CLOEXEC
		95	+ \| O_CLOEXEC
		96	+#else
		97	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
		98	+#endif
		99	+ );
		100	if (fd < 0)
		101	goto err4;
		102
		103	--
		104	1.7.10.4
		105


diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.1.13.bb index 404d6f5..28b1ff1 100644 --- a/recipes-security/selinux/libselinux_2.1.13.bb +++ b/recipes-security/selinux/libselinux_2.1.13.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
12	file://libselinux-fix-init-load-policy.patch \	12	file://libselinux-fix-init-load-policy.patch \
13	file://libselinux-pcre-link-order.patch \	13	file://libselinux-pcre-link-order.patch \
14	file://libselinux-drop-Wno-unused-but-set-variable.patch \	14	file://libselinux-drop-Wno-unused-but-set-variable.patch \
		15	file://libselinux-make-O_CLOEXEC-optional.patch \
15	"	16	"


diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch new file mode 100644 index 0000000..aaaa1e5 --- /dev/null +++ b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -0,0 +1,45 @@
		1	From dca6a89058d818827d6f1c80c9b6abb46002b855 Mon Sep 17 00:00:00 2001
		2	From: Joe MacDonald <joe.macdonald@windriver.com>
		3	Date: Fri, 11 Oct 2013 09:55:43 -0400
		4	Subject: [PATCH 1/2] policycoreutils: make O_CLOEXEC optional
		5
		6	Various commits in the selinux tree in the current release added O_CLOEXEC
		7	to open() calls in an attempt to address file descriptor leaks as
		8	described:
		9
		10	http://danwalsh.livejournal.com/53603.html
		11
		12	However O_CLOEXEC isn't available on all platforms, so make it a
		13	compile-time option and generate a warning when it is not available. The
		14	actual impact of leaking these file descriptors is minimal, though it does
		15	produce curious AVC Denied messages.
		16
		17	Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
		18
		19	Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
		20	---
		21	restorecond/user.c \| 8 +++++++-
		22	1 file changed, 7 insertions(+), 1 deletion(-)
		23
		24	diff --git a/restorecond/user.c b/restorecond/user.c
		25	index 00a646f..50f3ab6 100644
		26	--- a/restorecond/user.c
		27	+++ b/restorecond/user.c
		28	@@ -201,7 +201,13 @@ static int local_server() {
		29	perror("asprintf");
		30	return -1;
		31	}
		32	- int fd = open(ptr, O_CREAT \| O_WRONLY \| O_NOFOLLOW \| O_CLOEXEC, S_IRUSR \| S_IWUSR);
		33	+ int fd = open(ptr, O_CREAT \| O_WRONLY \| O_NOFOLLOW
		34	+#ifdef O_CLOEXEC
		35	+ \| O_CLOEXEC
		36	+#else
		37	+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
		38	+#endif
		39	+ , S_IRUSR \| S_IWUSR);
		40	if (debug_mode)
		41	g_warning ("Lock file: %s", ptr);
		42
		43	--
		44	1.7.10.4
		45


diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.1.14.bb index b177042..64f0d8d 100644 --- a/recipes-security/selinux/policycoreutils_2.1.14.bb +++ b/recipes-security/selinux/policycoreutils_2.1.14.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
12	file://policycoreutils-fix-strict-prototypes.patch \	12	file://policycoreutils-fix-strict-prototypes.patch \
13	file://policycoreutils-revert-run_init-open_init_pty.patch \	13	file://policycoreutils-revert-run_init-open_init_pty.patch \
14	file://policycoreutils-fix-sepolicy-install-path.patch \	14	file://policycoreutils-fix-sepolicy-install-path.patch \
		15	file://policycoreutils-make-O_CLOEXEC-optional.patch \
15	"	16	"