1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
From fb2c271e1903ca11320b9bfad747f55fb2b1535f Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 29 Feb 2016 10:10:55 -0500
Subject: [PATCH 1/2] libselinux: only mount /proc if necessary
Commit 9df498884665d ("libselinux: Mount procfs before checking
/proc/filesystems") changed selinuxfs_exists() to always try
mounting /proc before reading /proc/filesystems. However, this is
unnecessary if /proc is already mounted and can produce avc denials
if the process is not allowed to perform the mount. Check first
to see if /proc is already present and only try the mount if it is not.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
libselinux/src/init.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/init.c b/libselinux/src/init.c
index 3db4de06aa7e..35305942970f 100644
--- a/libselinux/src/init.c
+++ b/libselinux/src/init.c
@@ -12,6 +12,7 @@
#include <stdint.h>
#include <limits.h>
#include <sys/mount.h>
+#include <linux/magic.h>
#include "dso.h"
#include "policy.h"
@@ -57,13 +58,19 @@ static int verify_selinuxmnt(const char *mnt)
int selinuxfs_exists(void)
{
- int exists = 0, mnt_rc = 0;
+ int exists = 0, mnt_rc = -1, rc;
+ struct statfs sb;
FILE *fp = NULL;
char *buf = NULL;
size_t len;
ssize_t num;
- mnt_rc = mount("proc", "/proc", "proc", 0, 0);
+ do {
+ rc = statfs("/proc", &sb);
+ } while (rc < 0 && errno == EINTR);
+
+ if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC))
+ mnt_rc = mount("proc", "/proc", "proc", 0, 0);
fp = fopen("/proc/filesystems", "r");
if (!fp) {
--
2.9.3
|