source-git / policycoreutils

Clone
Source Code
GIT

Blame SPECS/0032-restorecond-Fix-redundant-console-log-output-error.patch

c8 c8s master
  1.   9fb14cba4273de2a470cec573c9d6130347aa1b7
  2.   SPECS
  3.   0032-restorecond-Fix-redundant-console-log-output-error.patch
Blob History Raw
Packit Service 9fb14c 
From 76371721bafed56efcb7a83b3fa3285383ede5b7 Mon Sep 17 00:00:00 2001
Packit Service 9fb14c 
From: Baichuan Kong <kongbaichuan@huawei.com>
Packit Service 9fb14c 
Date: Thu, 14 Nov 2019 10:48:07 +0800
Packit Service 9fb14c 
Subject: [PATCH] restorecond: Fix redundant console log output error
Packit Service 9fb14c
Packit Service 9fb14c 
When starting restorecond without any option the following redundant
Packit Service 9fb14c 
console log is outputed:
Packit Service 9fb14c
Packit Service 9fb14c 
/dev/log 100.0%
Packit Service 9fb14c 
/var/volatile/run/syslogd.pid 100.0%
Packit Service 9fb14c 
...
Packit Service 9fb14c
Packit Service 9fb14c 
This is caused by two global variables of same name r_opts. When
Packit Service 9fb14c 
executes r_opts = opts in restore_init(), it originally intends
Packit Service 9fb14c 
to assign the address of struct r_opts in "restorecond.c" to the
Packit Service 9fb14c 
pointer *r_opts in "restore.c".
Packit Service 9fb14c
Packit Service 9fb14c 
However, the address is assigned to the struct r_opts and covers
Packit Service 9fb14c 
the value of low eight bytes in it. That causes unexpected value
Packit Service 9fb14c 
of member varibale 'nochange' and 'verbose' in struct r_opts, thus
Packit Service 9fb14c 
affects value of 'restorecon_flags' and executes unexpected operations
Packit Service 9fb14c 
when restorecon the files such as the redundant console log output or
Packit Service 9fb14c 
file label nochange.
Packit Service 9fb14c
Packit Service 9fb14c 
Cause restorecond/restore.c is copied from policycoreutils/setfiles,
Packit Service 9fb14c 
which share the same pattern. It also has potential risk to generate
Packit Service 9fb14c 
same problems, So fix it in case.
Packit Service 9fb14c
Packit Service 9fb14c 
Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
Packit Service 9fb14c
Packit Service 9fb14c 
(cherry-picked from SElinuxProject
Packit Service 9fb14c 
commit ad2208ec220f55877a4d31084be2b4d6413ee082)
Packit Service 9fb14c
Packit Service 9fb14c 
Resolves: rhbz#1626468
Packit Service 9fb14c 
---
Packit Service 9fb14c 
 policycoreutils/setfiles/restore.c | 42 ++++++++++++++----------------
Packit Service 9fb14c 
 restorecond/restore.c              | 40 +++++++++++++---------------
Packit Service 9fb14c 
 2 files changed, 37 insertions(+), 45 deletions(-)
Packit Service 9fb14c
Packit Service 9fb14c 
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
Packit Service 9fb14c 
index 9dea5656..d3335d1a 100644
Packit Service 9fb14c 
--- a/policycoreutils/setfiles/restore.c
Packit Service 9fb14c 
+++ b/policycoreutils/setfiles/restore.c
Packit Service 9fb14c 
@@ -17,40 +17,37 @@
Packit Service 9fb14c 
 char **exclude_list;
Packit Service 9fb14c 
 int exclude_count;
Packit Service 9fb14c
Packit Service 9fb14c 
-struct restore_opts *r_opts;
Packit Service 9fb14c 
-
Packit Service 9fb14c 
 void restore_init(struct restore_opts *opts)
Packit Service 9fb14c 
 {
Packit Service 9fb14c 
 	int rc;
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts = opts;
Packit Service 9fb14c 
 	struct selinux_opt selinux_opts[] = {
Packit Service 9fb14c 
-		{ SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
Packit Service 9fb14c 
-		{ SELABEL_OPT_PATH, r_opts->selabel_opt_path },
Packit Service 9fb14c 
-		{ SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
Packit Service 9fb14c 
+		{ SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
Packit Service 9fb14c 
+		{ SELABEL_OPT_PATH, opts->selabel_opt_path },
Packit Service 9fb14c 
+		{ SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
Packit Service 9fb14c 
 	};
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
Packit Service 9fb14c 
-	if (!r_opts->hnd) {
Packit Service 9fb14c 
-		perror(r_opts->selabel_opt_path);
Packit Service 9fb14c 
+	opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
Packit Service 9fb14c 
+	if (!opts->hnd) {
Packit Service 9fb14c 
+		perror(opts->selabel_opt_path);
Packit Service 9fb14c 
 		exit(1);
Packit Service 9fb14c 
 	}
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts->restorecon_flags = 0;
Packit Service 9fb14c 
-	r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
Packit Service 9fb14c 
-			   r_opts->progress | r_opts->set_specctx  |
Packit Service 9fb14c 
-			   r_opts->add_assoc | r_opts->ignore_digest |
Packit Service 9fb14c 
-			   r_opts->recurse | r_opts->userealpath |
Packit Service 9fb14c 
-			   r_opts->xdev | r_opts->abort_on_error |
Packit Service 9fb14c 
-			   r_opts->syslog_changes | r_opts->log_matches |
Packit Service 9fb14c 
-			   r_opts->ignore_noent | r_opts->ignore_mounts |
Packit Service 9fb14c 
-			   r_opts->mass_relabel;
Packit Service 9fb14c 
+	opts->restorecon_flags = 0;
Packit Service 9fb14c 
+	opts->restorecon_flags = opts->nochange | opts->verbose |
Packit Service 9fb14c 
+			   opts->progress | opts->set_specctx  |
Packit Service 9fb14c 
+			   opts->add_assoc | opts->ignore_digest |
Packit Service 9fb14c 
+			   opts->recurse | opts->userealpath |
Packit Service 9fb14c 
+			   opts->xdev | opts->abort_on_error |
Packit Service 9fb14c 
+			   opts->syslog_changes | opts->log_matches |
Packit Service 9fb14c 
+			   opts->ignore_noent | opts->ignore_mounts |
Packit Service 9fb14c 
+			   opts->mass_relabel;
Packit Service 9fb14c
Packit Service 9fb14c 
 	/* Use setfiles, restorecon and restorecond own handles */
Packit Service 9fb14c 
-	selinux_restorecon_set_sehandle(r_opts->hnd);
Packit Service 9fb14c 
+	selinux_restorecon_set_sehandle(opts->hnd);
Packit Service 9fb14c
Packit Service 9fb14c 
-	if (r_opts->rootpath) {
Packit Service 9fb14c 
-		rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
Packit Service 9fb14c 
+	if (opts->rootpath) {
Packit Service 9fb14c 
+		rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
Packit Service 9fb14c 
 		if (rc) {
Packit Service 9fb14c 
 			fprintf(stderr,
Packit Service 9fb14c 
 				"selinux_restorecon_set_alt_rootpath error: %s.\n",
Packit Service 9fb14c 
@@ -81,7 +78,6 @@ int process_glob(char *name, struct restore_opts *opts)
Packit Service 9fb14c 
 	size_t i = 0;
Packit Service 9fb14c 
 	int len, rc, errors;
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts = opts;
Packit Service 9fb14c 
 	memset(&globbuf, 0, sizeof(globbuf));
Packit Service 9fb14c
Packit Service 9fb14c 
 	errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
Packit Service 9fb14c 
@@ -96,7 +92,7 @@ int process_glob(char *name, struct restore_opts *opts)
Packit Service 9fb14c 
 		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
Packit Service 9fb14c 
 			continue;
Packit Service 9fb14c 
 		rc = selinux_restorecon(globbuf.gl_pathv[i],
Packit Service 9fb14c 
-					r_opts->restorecon_flags);
Packit Service 9fb14c 
+					opts->restorecon_flags);
Packit Service 9fb14c 
 		if (rc < 0)
Packit Service 9fb14c 
 			errors = rc;
Packit Service 9fb14c 
 	}
Packit Service 9fb14c 
diff --git a/restorecond/restore.c b/restorecond/restore.c
Packit Service 9fb14c 
index f6e30001..b93b5fdb 100644
Packit Service 9fb14c 
--- a/restorecond/restore.c
Packit Service 9fb14c 
+++ b/restorecond/restore.c
Packit Service 9fb14c 
@@ -12,39 +12,36 @@
Packit Service 9fb14c 
 char **exclude_list;
Packit Service 9fb14c 
 int exclude_count;
Packit Service 9fb14c
Packit Service 9fb14c 
-struct restore_opts *r_opts;
Packit Service 9fb14c 
-
Packit Service 9fb14c 
 void restore_init(struct restore_opts *opts)
Packit Service 9fb14c 
 {
Packit Service 9fb14c 
 	int rc;
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts = opts;
Packit Service 9fb14c 
 	struct selinux_opt selinux_opts[] = {
Packit Service 9fb14c 
-		{ SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
Packit Service 9fb14c 
-		{ SELABEL_OPT_PATH, r_opts->selabel_opt_path },
Packit Service 9fb14c 
-		{ SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
Packit Service 9fb14c 
+		{ SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
Packit Service 9fb14c 
+		{ SELABEL_OPT_PATH, opts->selabel_opt_path },
Packit Service 9fb14c 
+		{ SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
Packit Service 9fb14c 
 	};
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
Packit Service 9fb14c 
-	if (!r_opts->hnd) {
Packit Service 9fb14c 
-		perror(r_opts->selabel_opt_path);
Packit Service 9fb14c 
+	opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
Packit Service 9fb14c 
+	if (!opts->hnd) {
Packit Service 9fb14c 
+		perror(opts->selabel_opt_path);
Packit Service 9fb14c 
 		exit(1);
Packit Service 9fb14c 
 	}
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts->restorecon_flags = 0;
Packit Service 9fb14c 
-	r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
Packit Service 9fb14c 
-			   r_opts->progress | r_opts->set_specctx  |
Packit Service 9fb14c 
-			   r_opts->add_assoc | r_opts->ignore_digest |
Packit Service 9fb14c 
-			   r_opts->recurse | r_opts->userealpath |
Packit Service 9fb14c 
-			   r_opts->xdev | r_opts->abort_on_error |
Packit Service 9fb14c 
-			   r_opts->syslog_changes | r_opts->log_matches |
Packit Service 9fb14c 
-			   r_opts->ignore_noent | r_opts->ignore_mounts;
Packit Service 9fb14c 
+	opts->restorecon_flags = 0;
Packit Service 9fb14c 
+	opts->restorecon_flags = opts->nochange | opts->verbose |
Packit Service 9fb14c 
+			   opts->progress | opts->set_specctx  |
Packit Service 9fb14c 
+			   opts->add_assoc | opts->ignore_digest |
Packit Service 9fb14c 
+			   opts->recurse | opts->userealpath |
Packit Service 9fb14c 
+			   opts->xdev | opts->abort_on_error |
Packit Service 9fb14c 
+			   opts->syslog_changes | opts->log_matches |
Packit Service 9fb14c 
+			   opts->ignore_noent | opts->ignore_mounts;
Packit Service 9fb14c
Packit Service 9fb14c 
 	/* Use setfiles, restorecon and restorecond own handles */
Packit Service 9fb14c 
-	selinux_restorecon_set_sehandle(r_opts->hnd);
Packit Service 9fb14c 
+	selinux_restorecon_set_sehandle(opts->hnd);
Packit Service 9fb14c
Packit Service 9fb14c 
-	if (r_opts->rootpath) {
Packit Service 9fb14c 
-		rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
Packit Service 9fb14c 
+	if (opts->rootpath) {
Packit Service 9fb14c 
+		rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
Packit Service 9fb14c 
 		if (rc) {
Packit Service 9fb14c 
 			fprintf(stderr,
Packit Service 9fb14c 
 				"selinux_restorecon_set_alt_rootpath error: %s.\n",
Packit Service 9fb14c 
@@ -75,7 +72,6 @@ int process_glob(char *name, struct restore_opts *opts)
Packit Service 9fb14c 
 	size_t i = 0;
Packit Service 9fb14c 
 	int len, rc, errors;
Packit Service 9fb14c
Packit Service 9fb14c 
-	r_opts = opts;
Packit Service 9fb14c 
 	memset(&globbuf, 0, sizeof(globbuf));
Packit Service 9fb14c
Packit Service 9fb14c 
 	errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
Packit Service 9fb14c 
@@ -90,7 +86,7 @@ int process_glob(char *name, struct restore_opts *opts)
Packit Service 9fb14c 
 		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
Packit Service 9fb14c 
 			continue;
Packit Service 9fb14c 
 		rc = selinux_restorecon(globbuf.gl_pathv[i],
Packit Service 9fb14c 
-					r_opts->restorecon_flags);
Packit Service 9fb14c 
+					opts->restorecon_flags);
Packit Service 9fb14c 
 		if (rc < 0)
Packit Service 9fb14c 
 			errors = rc;
Packit Service 9fb14c 
 	}
Packit Service 9fb14c 
--
Packit Service 9fb14c 
2.21.0
Packit Service 9fb14c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation