diff options
Diffstat (limited to '0001-libselinux-only-mount-proc-if-necessary.patch')
-rw-r--r-- | 0001-libselinux-only-mount-proc-if-necessary.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/0001-libselinux-only-mount-proc-if-necessary.patch b/0001-libselinux-only-mount-proc-if-necessary.patch deleted file mode 100644 index eb718a20d82f..000000000000 --- a/0001-libselinux-only-mount-proc-if-necessary.patch +++ /dev/null @@ -1,54 +0,0 @@ -From fb2c271e1903ca11320b9bfad747f55fb2b1535f Mon Sep 17 00:00:00 2001 -From: Stephen Smalley <sds@tycho.nsa.gov> -Date: Mon, 29 Feb 2016 10:10:55 -0500 -Subject: [PATCH 1/2] libselinux: only mount /proc if necessary - -Commit 9df498884665d ("libselinux: Mount procfs before checking -/proc/filesystems") changed selinuxfs_exists() to always try -mounting /proc before reading /proc/filesystems. However, this is -unnecessary if /proc is already mounted and can produce avc denials -if the process is not allowed to perform the mount. Check first -to see if /proc is already present and only try the mount if it is not. - -Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> ---- - libselinux/src/init.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/libselinux/src/init.c b/libselinux/src/init.c -index 3db4de06aa7e..35305942970f 100644 ---- a/libselinux/src/init.c -+++ b/libselinux/src/init.c -@@ -12,6 +12,7 @@ - #include <stdint.h> - #include <limits.h> - #include <sys/mount.h> -+#include <linux/magic.h> - - #include "dso.h" - #include "policy.h" -@@ -57,13 +58,19 @@ static int verify_selinuxmnt(const char *mnt) - - int selinuxfs_exists(void) - { -- int exists = 0, mnt_rc = 0; -+ int exists = 0, mnt_rc = -1, rc; -+ struct statfs sb; - FILE *fp = NULL; - char *buf = NULL; - size_t len; - ssize_t num; - -- mnt_rc = mount("proc", "/proc", "proc", 0, 0); -+ do { -+ rc = statfs("/proc", &sb); -+ } while (rc < 0 && errno == EINTR); -+ -+ if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC)) -+ mnt_rc = mount("proc", "/proc", "proc", 0, 0); - - fp = fopen("/proc/filesystems", "r"); - if (!fp) { --- -2.9.3 - |