From patchwork Wed Jan 22 15:58:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13947476 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA3A0211475 for ; Wed, 22 Jan 2025 15:58:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737561517; cv=none; b=BdyA0iPZMnKbYlrMZqtj4u7c5j9hSrggupdKdBAydI/okxXPcSqMegjpRIKOAw1uw13xepU1s0LEPklg3TiQ9pdMmp92Rh9WUZf5evObxkKUGNV/swl1UFoQS374MA2Cn6WSEw2YZwU4r9514n70lPjvfdamilns8dg9ZhFb73c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737561517; c=relaxed/simple; bh=EdoKCudbs7wOkERq3yGIL0fdnADusR95cThWen+Rtqk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YinFDie2K+rZhfAQZ5hTjs3PC8Zc1JBBvmq11OspwTQpoT4BIaS5rW1kJ+dpCaorga9hrZDTpSbTZYiQXl5u1MWhafzwa5Kn2WSfZmedBlEn/f/vuaLOZXNuu6hb9s2msiEHS/nLY92NxDNuh3M0dWrOA+h8yHnQFfAaiCYn6o8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GJgEK7cg; arc=none smtp.client-ip=209.85.222.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GJgEK7cg" Received: by mail-qk1-f170.google.com with SMTP id af79cd13be357-7b6e9317a2aso92351685a.0 for ; Wed, 22 Jan 2025 07:58:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737561514; x=1738166314; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4aqafnrpvjgDELsY5yxzw5WgsqDwJrIfGcb7Ss5vTLk=; b=GJgEK7cg87EGL2LJIx9luUQRXJUkYW3SqJTJFURQTKu5lQTZcJMGlznm3fB9kUsYYa NPINwAWltgtiu2y92fz8D2uV8KxwxiAUeepyeJmdKbScY7fUktV5YHPTWPPsHDXmFMyC A3U1QKjVB/D8O9cjn48ulSUqEaeL9w69m9ggtmkBC519ySo6CIhfAypayK+DKxwdiT2y HtM3BC2xCCzg72905CLoDzJB9ducpmHdnUxCmaF7ND1KSz+8P9GGTuBaAxj6EmFyW31a 4ICYmJNPUygHVIaY53izdMixzm3zyCinOlMC+zCjZcOTH/2+UBQmIQMYnjg0bSus8wdE CMgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737561514; x=1738166314; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4aqafnrpvjgDELsY5yxzw5WgsqDwJrIfGcb7Ss5vTLk=; b=HV4Y0xiauE0BpJSmU97gm+1EDaWD8ghoqNpCeJg3qJG2c2asDM+/EeCxIY8jUbwSqR NYR4ycBn6OMk1VzO2heb5xrHVlgnvLdWdGlLrl8TQEBzkd6W+8+IZ/1ki7wd8/tQPn4y wWsSFxEvIbsenwtJp+OE1+ROVwnmS/MMuOlDF9OPXDpI0Bbu9d+2WjXPx/5lztTuwcb5 SZn3n4OTSeUprzXe7GqFsFmXT0Cst3OalFqUiFpRWMI1j2VnNWugwtTjxvSIKnWamYtQ cjVu2/+r8JspuXql5tLZPhR9TtaL9+FKqH5HjEAm5+gKrNbPXDHdfgoYeUdmSPrgNe7k IhdA== X-Gm-Message-State: AOJu0YxUeN/9FioH60AUAHWHBD2SDyl2srpH8MGPCdTTw4tgLUOBAQvn KtFkLgZJbSYhlb3Cbcs5nv20GSPLhM3C9LRIsO7QzAHZp519ycH2WSavwg== X-Gm-Gg: ASbGncuqGNeRIEjLzGFJBJLjj7RD0onsm5gtYk79iyMkO2+pWDN4gPHnxMZlMyB6Hcc p/F9KPhOhQYr/CEIzyYfn2zglbgAaDYJ0zIL0whfcXLTZHJyr8p4x5vAYxGSEG1L8DwEcgptDEA qLEzkwdh1tdjuun8d0jIFZ83JoX6U+i5Wz9l2xkk02qSkdRqNWtAqYM4uGalbntc08b8k4nzyc3 Lohp+QVQnww9/6mWUDvUyc5sNFwBQHC/dzoNQK9qqMmn1LSaYW4bVZ65iajR7+aRJdemRZElMUh M0/q4pUO25XD33BZau/kWkpTGRg= X-Google-Smtp-Source: AGHT+IEs5fOSph3loQIkjPgAgmcCg4iZ4uxvsmSVN1bwFDV04T9U6JP/mQP+Z5eBSkhO15rvlcKXwg== X-Received: by 2002:a05:620a:601a:b0:7b7:12e:48eb with SMTP id af79cd13be357-7be638cb078mr3491898585a.17.1737561514501; Wed, 22 Jan 2025 07:58:34 -0800 (PST) Received: from electric.. (c-69-140-100-37.hsd1.md.comcast.net. [69.140.100.37]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-46e258c82a6sm45631041cf.59.2025.01.22.07.58.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jan 2025 07:58:34 -0800 (PST) From: James Carter To: selinux@vger.kernel.org Cc: lautrbach@redhat.com, James Carter Subject: [RFC PATCH 1/2] libselinux: Close old selabel handle when setting a new one Date: Wed, 22 Jan 2025 10:58:27 -0500 Message-ID: <20250122155828.151233-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250122155828.151233-1-jwcart2@gmail.com> References: <20250122155828.151233-1-jwcart2@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In selinux_restorecon_set_sehandle(), close the old selabel handle (if it exists) before setting the new one. Signed-off-by: James Carter --- libselinux/src/selinux_restorecon.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index bc6ed935..ab1c5216 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -1367,6 +1367,10 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) unsigned char *fc_digest; size_t num_specfiles, fc_digest_len; + if (fc_sehandle) { + selabel_close(fc_sehandle); + } + fc_sehandle = hndl; if (!fc_sehandle) return; From patchwork Wed Jan 22 15:58:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13947477 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0394221480F for ; Wed, 22 Jan 2025 15:58:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737561518; cv=none; b=qpHoDg3wE0pRgxQCiS4dW4mI3BVEoLejMG2eDTzFmymtPqDh5hdtLxlPFUxSqiDMzyNUkVpt9ZrZAhMF8Fa5eS4439tC5v4EMYw/yA3YCfv2AHVNCJF8uqXkl+5mwQMweOCLTaq4MeE4hAIf66pck1ZEEsof3GmdCUtSaDkKkbk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737561518; c=relaxed/simple; bh=2vK65G44pI1Oc83GR4KGSjOkJ/besk6BZqdDJAUrduQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vGBAKDeDRA/ziYdRzQ5d4nKJU/435too7Kn42ttFsGTHnUT2lWJXve3oWeT73c5XNRKvVjhAGTCCQ6kaqjta3nByBCxAT2giRjOxu67LcwEyUFcUg8REtxMeKFA7CN1M63qjnsoz0VMoyP6QsU4hhhKgcopobqTTLsYp66JE0to= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VlJARbeG; arc=none smtp.client-ip=209.85.160.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VlJARbeG" Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-4678664e22fso66606391cf.2 for ; Wed, 22 Jan 2025 07:58:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737561516; x=1738166316; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=viZnlb67uueETqgOooAl7SAHpyQ1JWqquVT+RaRgddo=; b=VlJARbeGH3deXUcnWvCXgAn03rCgPMVENAj10vO4ywUA4vLtdSc9gnYCxh33c0whYW oaCX/mgbgAwXnPf37nltrUmpT4UTuWhFfa2GfINtJ+/nI+Au61dXYUGw/eSxBeTNK7AL gdVoJ2VuhTS7HmP7MgT9npYmW5vAhgW6BEodCvB9VvdueX/r/FfewegTWVsyvy+JvBFx kxmjQG6NlvXm99oohxHe4hhnfC0EzAJCCllKbN/IIz51ikJkHuYTWOxfAfgOdLfInpHS WK9WOOq+TuBRJDEI19mkqWDU/pENkLxD87/joroNn/jibO44GWnefskxuBvk985aBt9R +SnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737561516; x=1738166316; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=viZnlb67uueETqgOooAl7SAHpyQ1JWqquVT+RaRgddo=; b=HXuHo/n2N42jagNOm/3TjGsNdvujAWMUNPWjQeLIW5H9haUJ8xt5PSXWjmC7LY5+oO ASf+9Im2LBJ+vCm6UAMZKAP2pl3eVFTMbEER/Gzvuv6KoYnjsj1yEsuu6XWD58naX3IW 9j1rD1ZnGzZJkoceF3AQa3RoJ0USDWjpmUrtocICLtBDJiQssMqokKXIgqWDuzxLhnwz AGGernlogij3/5s2b+Pvzl5WGp+qf+GBRRI8NFAW3cvkVqYzJGPxkmpmWMG2z8kkJLIG InCrRRX/rYCPU5jTS6CO85Gwn15rTNIu+Nm0a0WDbJgIkj76jo+4d58gF8xqvipV2MpY Ispw== X-Gm-Message-State: AOJu0Yxou9tI0ncTZ0bTzQ3F57VNlv2N+pvIn/xURTV4bAR/CSAowaDN uG+N2LwJx5s7TZWOn0gHxDvecN8HY5bTXE7XitbWDvbD0cA9baWVhpSbEg== X-Gm-Gg: ASbGncscBWEZ4qzjhccUaw2AF1q7QLPqCNre5EUL4+9totoWdZqlpYaxPOjo1007V5x bn79zrF/6DDNl0wHcWjXp3MyNwrql1+/y4wh/+zJwr4D350e3vOLihF+y+LtrxusvwxuiIG5eNi 6f8C32LxZrXg1swJhWi3N8dTbkz0qR+nCLXy9huw7JVUfJQnRG0hD2/EhphfvLfvqrh00RSUR4D eoXHpja6KDCHgjnbxIGV9I6GJUWFKvFAhT4zgxV4OBEblcV09AFp8rJB4WYpC2OVzQNrT/UAOCL Xx/v72dtn5vRhbDp0ek4y8en42I= X-Google-Smtp-Source: AGHT+IFImQX2V9Lh758QjTpF3VflkClJ+St8Jb8Fka/lYw7XQW1WrGAPaXNKnZHnXP8UAgv5PWBBGg== X-Received: by 2002:ac8:7d82:0:b0:467:5e61:c116 with SMTP id d75a77b69052e-46e12a1e36cmr262117041cf.7.1737561515712; Wed, 22 Jan 2025 07:58:35 -0800 (PST) Received: from electric.. (c-69-140-100-37.hsd1.md.comcast.net. [69.140.100.37]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-46e258c82a6sm45631041cf.59.2025.01.22.07.58.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jan 2025 07:58:35 -0800 (PST) From: James Carter To: selinux@vger.kernel.org Cc: lautrbach@redhat.com, James Carter Subject: [RFC PATCH 2/2] libsemanage: Set new restorecon handle before doing restorecon Date: Wed, 22 Jan 2025 10:58:28 -0500 Message-ID: <20250122155828.151233-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250122155828.151233-1-jwcart2@gmail.com> References: <20250122155828.151233-1-jwcart2@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In semanage_setfiles(), need to reset the restorecon handle to make sure restorecon is not operating on old selabel data. Signed-off-by: James Carter --- libsemanage/src/semanage_store.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 2ca2e900..cf9aa809 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -3012,9 +3012,14 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons void semanage_setfiles(semanage_handle_t * sh, const char *path){ struct stat sb; int fd; + struct selabel_handle *sehandle; + union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG); union selinux_callback cb = { .func_log = log_callback_mute }; + sehandle = selinux_restorecon_default_handle(); + selinux_restorecon_set_sehandle(sehandle); + /* Mute all logs */ selinux_set_callback(SELINUX_CB_LOG, cb);