417cb8d076a31c57710429b255aebc595613eb6b |
|
13-Mar-2015 |
Petr Lautrbach <plautrba@redhat.com> |
Fix -Wformat errors Fixes two types of errors which appear when building with gcc-5.0.0 - format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’ - format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’ Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
9eb9c9327563014ad6a807814e7975424642d5b9 |
|
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
12e2a0f9fceffca224a2fbe80d144afe237907df |
|
20-Jun-2012 |
Eric Paris <eparis@redhat.com> |
libselinux: matchpathcon: bad handling of symlinks in / The realpath_not_final() function did not properly handle symlinks in the / directory. The reason is because when it determined the symlink was in the root directory it would set the resolved portion of the path to /, it would then add a / to the end of the resolved portion, and then append the symlink name. The fix is to instead set the resolved portion to "". Thus when the '/' at the end of the resolved portion is added it will be correct. While I am at it, strip extraneous leading / so that //tmp returns /tmp. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
a4f84109b51263599a284b167bf04e088e7da95d |
|
26-Mar-2012 |
Laurent Bigonville <bigon@debian.org> |
libselinux: Hide unnecessarily-exported library destructors Description: Hide unnecessarily-exported library destructors This change was extracted from the old monolithic Debian patch. Signed-off-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
c9a8ff9bae4be7e3c81f5a9c7fb52c1787de3ad3 |
|
23-Jan-2012 |
Daniel P. Berrange <berrange@redhat.com> |
libselinux: Ensure there is a prototype for 'matchpathcon_lib_destructor' Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
16a37c9f94c1e2dfb865e17e4200d2824d4971f5 |
|
19-Dec-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux - correct selabel invalid context logging When selabel_lookup found an invalid context with validation enabled, it always stated it was 'file_contexts' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
2b06f474006db3f32895dab9e393324febb9e16f |
|
23-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: rename and export symlink_realpath symlink_realpath is used by both libselinux and policycoreutils. Instead of coding it twice, export the libselinux version under a new name that makes it sound more generic. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
7bfaa63839955b2f743f84f2d873fc13298f5777 |
|
15-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: src: matchpathcon: make sure resolved path starts with / Resolving paths from relative to absolute didn't always start with a /. Make sure they start with a /. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
09b635fa20cb47d155ec67eb2909c0dd33c677cb |
|
15-Sep-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: src: matchpathcon: use myprintf not fprintf Use the myprintf helper rather than fprintf directly. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669 |
|
09-Mar-2011 |
Richard Haines <richard_c_haines@btinternet.com> |
libselinux: selinux_file_context_verify function returns wrong value. selinux_file_context_verify(3) should now return the correct codes and matchpathcon(8) has been modified to handle them. The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages have also been updated (re-written really) to correct return codes. I found that selabel_open left errno set to ENOENT because a file_contexts.subs file did not exist on my system, but left selabel_open alone and set errno = 0 before calling selinux_filecontext_cmp. [fix uninitialize init variable in matchpathcon.c::main - eparis] Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
7df397d3d916e7018981b9fcf8062f992b4cec49 |
|
17-Aug-2011 |
Eric Paris <eparis@redhat.com> |
libselinux: move realpath helper to matchpathcon library Instead of only doing path simplification and symlink following for the matchpathcon helper instead do it in the library potion. This was an issue when in python some called selinux.matchpatchcon("//lib64", 0) and got the wrong answer (because the // wasn't being dealt with) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
1629d2f89a8c5f758413b87b94740aaaa5f21144 |
|
06-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch cleans up a couple of crashes caused by libselinux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you fail to load_policy in the init or SELinux is disabled, you need to free the selinux_mnt variable and clear the memory. systemd was calling load_polcy on a DISABLED system then later on it would call is_selinux_enabled() and get incorrect response, since selinux_mnt still had valid data. The second bug in libselinux, resolves around calling the selinux_key_delete(destructor_key) if the selinux_key_create call had never been called. This was causing data to be freed in other applications that loaded an unloaded the libselinux library but never setup setrans or matchpathcon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c0/UACgkQrlYvE4MpobMP1QCfXAFD3pfWFLd1lylU/vjsZmpM mcUAnA2l3/GKGC3hT8XB9E+2pTfpy+uj =jpyr -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libselinux/src/matchpathcon.c
|
f0b3127ca3c99ae218dba43a6e3f7430081c412b |
|
09-Mar-2011 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Use library destructors to destroy per-thread keys. This prevents the key destructors, intented to free per-thread heap storage, from being called after libselinux has been unloaded. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=680887 Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/matchpathcon.c
|
569ce5498553b87dc7af343b2efb4da8d3ecdb4f |
|
03-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
matchpathcon: Close selabel handle in thread destructor. This is necessary because the handle is thread-local. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
/external/selinux/libselinux/src/matchpathcon.c
|
a29ff33baf366825c0fbe721d30b12b5b96a64e1 |
|
02-Dec-2010 |
Eamon Walsh <ewalsh@tycho.nsa.gov> |
Implement destructors for thread-local heap data. Description of problem: Use of __thread variables is great for creating a thread-safe variable, but only insofar as the contents of that variable can safely be abandoned on pthread_exit(). The moment you store malloc()d data into a __thread void* variable, you have leaked memory when the thread exits, since there is no way to associate a destructor with __thread variables. The _only_ safe way to use thread-local caching of malloc()d data is to use pthread_key_create, and associate a destructor that will call free() on the resulting data when the thread exits. libselinux is guilty of abusing __thread variables to store malloc()d data as a form of a cache, to minimize computation by reusing earlier results from the same thread. As a result of this memory leak, repeated starting and stopping of domains via libvirt can result in the OOM killer triggering, since libvirt fires up a thread per domain, and each thread uses selinux calls such as fgetfilecon. Version-Release number of selected component (if applicable): libselinux-2.0.94-2.el6.x86_64 libvirt-0.8.1-27.el6.x86_64 How reproducible: 100% Steps to Reproduce: 0. These steps are run as root, assuming hardware kvm support and existence of a VM named fedora (adjust the steps below as appropriate); if desired, I can reduce this to a simpler test case that does not rely on libvirt, by using a single .c file that links against libselinux and repeatedly spawns threads. 1. service libvirtd stop 2. valgrind --quiet --leak-check=full /usr/sbin/libvirtd& pid=$! 3. virsh start fedora 4. kill $pid Actual results: The biggest leak reported is due to libselinux' abuse of __thread: ==26696== 829,730 (40 direct, 829,690 indirect) bytes in 1 blocks are definitely lost in loss record 500 of 500 ==26696== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==26696== by 0x3022E0D48C: selabel_open (label.c:165) ==26696== by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296) ==26696== by 0x3022E1190D: matchpathcon (matchpathcon.c:317) ==26696== by 0x3033ED7FB5: SELinuxRestoreSecurityFileLabel (security_selinux.c:381) ==26696== by 0x3033ED8539: SELinuxRestoreSecurityAllLabel (security_selinux.c:749) ==26696== by 0x459153: qemuSecurityStackedRestoreSecurityAllLabel (qemu_security_stacked.c:257) ==26696== by 0x43F0C5: qemudShutdownVMDaemon (qemu_driver.c:4311) ==26696== by 0x4555C9: qemudStartVMDaemon (qemu_driver.c:4234) ==26696== by 0x458416: qemudDomainObjStart (qemu_driver.c:7268) ==26696== by 0x45896F: qemudDomainStart (qemu_driver.c:7308) ==26696== by 0x3033E75412: virDomainCreate (libvirt.c:4881) ==26696== Basically, libvirt created a thread that used matchpathcon during 'virsh start fedora', and matchpathcon stuffed over 800k of malloc'd data into: static __thread char **con_array; which are then inaccessible when libvirt exits the thread as part of shutting down on SIGTERM. Expected results: valgrind should not report any memory leaks related to libselinux. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Reported-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com>
/external/selinux/libselinux/src/matchpathcon.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libselinux/src/matchpathcon.c
|