On Fri, Mar 13, 2015 at 05:24:46PM -0400, Will Woods wrote:
> If you've got SELinux policy loaded, label_hnd is your labeling handle.
> When systemd is shutting down, we free that handle via mac_selinux_finish().
>
> But: switch_root() calls mkdir_p_label(), which tries to look up a label
> using that freed handle, and so we get a bunch of garbage and eventually
> SEGV in libselinux.
>
> (This doesn't happen in the switch-root from initramfs to real root because
> there's no SELinux policy loaded in initramfs, so label_hnd is NULL and we
> never attempt any lookups.)
>
> So: make sure that mac_selinux_finish() actually sets label_hnd to NULL, so
> nobody tries to use it after it becomes invalid.
>
> Resolves: RHBZ#1185604
> ---
> src/shared/selinux-util.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
> index a8d5fc4..7c58985 100644
> --- a/src/shared/selinux-util.c
> +++ b/src/shared/selinux-util.c
> @@ -116,6 +116,7 @@ void mac_selinux_finish(void) {
> return;
>
> selabel_close(label_hnd);
> + label_hnd = NULL;
> #endif
Thanks for finding this. Patch applied.
Zbyszek
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
