centos-sig-hyperscale / systemd

Clone
Source Code
GIT

7960ba9 selinux: do not crash if policy becomes unavailable after reload

Authored and Committed by zbyszek 3 years ago
raw patch tree parent
1 file changed. 6 lines added. 1 lines removed.
src/basic/selinux-util.c
file modified
+6 -1 
    selinux: do not crash if policy becomes unavailable after reload
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1944171
    This was in F33, systemd-246.13, but the logic in the code didn't change.
    
    Thread 1 (Thread 0x7fb5f0341b80 (LWP 1974)):
    №0  selabel_lookup_common (rec=0x0, translating=0, key=0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service", type=40960) at label.c:167
    
    'rec' is the handle that we passed.
    
    №1  0x00007fb5f13ae87f in selabel_lookup_raw (rec=<optimized out>, con=con@entry=0x7fffef307380, key=key@entry=0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service", type=type@entry=40960) at label.c:256
            lr = <optimized out>
    
    'rec' is passed through as is to selabel_lookup_common().
    
    №2  0x00007fb5f1561b2d in selinux_create_file_prepare_abspath (abspath=0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service", mode=40960) at ../src/basic/selinux-util.c:368
            filecon = 0x0
            r = <optimized out>
            __PRETTY_FUNCTION__ = "selinux_create_file_prepare_abspath"
            __func__ = "selinux_create_file_prepare_abspath"
    
    №3  0x00007fb5f1561ec3 in mac_selinux_create_file_prepare (path=<optimized out>, mode=40960) at ../src/basic/selinux-util.c:431
            r = 0
            abspath = 0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service"
            __PRETTY_FUNCTION__ = "mac_selinux_create_file_prepare"
    
    We checked label_hnd != NULL, but then we apparently called
    avc_netlink_check_nb(), which reset label_hnd. Yay for global state!
    
    №4  0x00007fb5f1549950 in symlink_atomic_label (from=0x55f6169d8b50 "69a8dcf7a7ac46b29306f2fddbed3edc", to=0x55f616ab8380 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service") at ../src/basic/label.c:55
            r = <optimized out>
            __PRETTY_FUNCTION__ = "symlink_atomic_label"
    
    In the logs:
    
    Mar 29 14:48:44 fedorapad.home systemd[1974]: selinux: avc:  received policyload notice (seqno=2)
    Mar 29 14:48:44 fedorapad.home systemd[1974]: Failed to initialize SELinux labeling handle: No such file or directory
    Mar 29 14:48:44 fedorapad.home systemd[1974]: selinux: avc:  received policyload notice (seqno=3)
    Mar 29 14:48:44 fedorapad.home systemd[1974]: selinux: avc:  received setenforce notice (enforcing=0)
file modified
+6 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.