[PATCH] newrole: fix for newrole hanging on some serial consoles

[PATCH] newrole: fix for newrole hanging on some serial consoles

[Linda Knippers]

The following patch addresses a problem I experienced with newrole hanging
when run from a serial console when the console is configured using the
default /etc/inittab settings.  newrole would hang when re-opening the
tty device.  This patch causes newrole to mimic the behavior of agetty,
which opens the device with O_NONBLOCK and then turns the bit off before
execing the next program.  Changing /etc/inittab to use the -L option for
agetty will avoid the problem but that solution won't be obvious to anyone
experiencing the problem and it may introduce other issues.

This patch was tested with policycoreutils-newrole-1.33.12-5.el5 on RHEL5 RC1.

-- ljk


--- newrole.c   2007-02-20 13:32:46.000000000 -0500
+++ newrole.c.ljk2      2007-02-20 13:32:39.000000000 -0500
@@ -636,11 +636,12 @@ static int relabel_tty(const char *ttyn,
        }

        /* Re-open TTY descriptor */
-       fd = open(ttyn, O_RDWR);
+       fd = open(ttyn, O_RDWR|O_NONBLOCK);
        if (fd < 0) {
                fprintf(stderr, _("Error!  Could not open %s.\n"), ttyn);
                return fd;
        }
+       fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);

        if (fgetfilecon(fd, &tty_con) < 0) {
                fprintf(stderr, _("%s!  Could not get current context "
@@ -1127,15 +1128,18 @@ int main(int argc, char *argv[])
                fprintf(stderr, _("Could not close descriptors.\n"));
                goto err_close_pam;
        }
-       fd = open(ttyn, O_RDONLY);
+       fd = open(ttyn, O_RDONLY|O_NONBLOCK);
        if (fd != 0)
                goto err_close_pam;
-       fd = open(ttyn, O_RDWR);
+       fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+       fd = open(ttyn, O_RDWR|O_NONBLOCK);
        if (fd != 1)
                goto err_close_pam;
-       fd = open(ttyn, O_RDWR);
+       fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+       fd = open(ttyn, O_RDWR|O_NONBLOCK);
        if (fd != 2)
                goto err_close_pam;
+       fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);

        /*
         * Step 5:  Execute a new shell with the new context in `new_context'.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] newrole: fix for newrole hanging on some serial consoles

[Linda Knippers]

[-- Attachment #1: Type: text/plain, Size: 124 bytes --]

Reposting to fix a whitespace problem and adjust the patch location.

Signed-off-by: Linda Knippers <linda.knippers@hp.com>

[-- Attachment #2: newrole.patch --]
[-- Type: text/plain, Size: 1299 bytes --]

--- policycoreutils-1.33.12/newrole/newrole.c	2007-02-20 13:32:46.000000000 -0500
+++ policycoreutils-1.33.12.ljk/newrole/newrole.c	2007-02-22 10:20:39.000000000 -0500
@@ -636,11 +636,12 @@ static int relabel_tty(const char *ttyn,
 	}
 
 	/* Re-open TTY descriptor */
-	fd = open(ttyn, O_RDWR);
+	fd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (fd < 0) {
 		fprintf(stderr, _("Error!  Could not open %s.\n"), ttyn);
 		return fd;
 	}
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
 
 	if (fgetfilecon(fd, &tty_con) < 0) {
 		fprintf(stderr, _("%s!  Could not get current context "
@@ -1127,15 +1128,18 @@ int main(int argc, char *argv[])
 		fprintf(stderr, _("Could not close descriptors.\n"));
 		goto err_close_pam;
 	}
-	fd = open(ttyn, O_RDONLY);
+	fd = open(ttyn, O_RDONLY|O_NONBLOCK);
 	if (fd != 0)
 		goto err_close_pam;
-	fd = open(ttyn, O_RDWR);
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+	fd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (fd != 1)
 		goto err_close_pam;
-	fd = open(ttyn, O_RDWR);
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+	fd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (fd != 2)
 		goto err_close_pam;
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
 
 	/*
 	 * Step 5:  Execute a new shell with the new context in `new_context'. 

Re: [PATCH] newrole: fix for newrole hanging on some serial consoles

[Stephen Smalley]

On Thu, 2007-02-22 at 10:20 -0500, Linda Knippers wrote:
> Reposting to fix a whitespace problem and adjust the patch location.
> 
> Signed-off-by: Linda Knippers <linda.knippers@hp.com>

Thanks, merged into -stable and -trunk.

> 
> --- policycoreutils-1.33.12/newrole/newrole.c	2007-02-20 13:32:46.000000000 -0500
> +++ policycoreutils-1.33.12.ljk/newrole/newrole.c	2007-02-22 10:20:39.000000000 -0500
> @@ -636,11 +636,12 @@ static int relabel_tty(const char *ttyn,
>  	}
>  
>  	/* Re-open TTY descriptor */
> -	fd = open(ttyn, O_RDWR);
> +	fd = open(ttyn, O_RDWR|O_NONBLOCK);
>  	if (fd < 0) {
>  		fprintf(stderr, _("Error!  Could not open %s.\n"), ttyn);
>  		return fd;
>  	}
> +	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
>  
>  	if (fgetfilecon(fd, &tty_con) < 0) {
>  		fprintf(stderr, _("%s!  Could not get current context "
> @@ -1127,15 +1128,18 @@ int main(int argc, char *argv[])
>  		fprintf(stderr, _("Could not close descriptors.\n"));
>  		goto err_close_pam;
>  	}
> -	fd = open(ttyn, O_RDONLY);
> +	fd = open(ttyn, O_RDONLY|O_NONBLOCK);
>  	if (fd != 0)
>  		goto err_close_pam;
> -	fd = open(ttyn, O_RDWR);
> +	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
> +	fd = open(ttyn, O_RDWR|O_NONBLOCK);
>  	if (fd != 1)
>  		goto err_close_pam;
> -	fd = open(ttyn, O_RDWR);
> +	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
> +	fd = open(ttyn, O_RDWR|O_NONBLOCK);
>  	if (fd != 2)
>  		goto err_close_pam;
> +	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
>  
>  	/*
>  	 * Step 5:  Execute a new shell with the new context in `new_context'. 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.