[PATCH] libsemanage: free policydb before fork

[PATCH] libsemanage: free policydb before fork

[Joshua Brindle]

While testing the recent memory-related patches on a low memory machine 
(512m total) I found that semodule still failed. It turns out that 
fork() requires enough free ram for the amount of private dirty memory 
in the parent process to succeed (even if it is never written to in the 
child process). This patch moves the genhomedircon call to outside of 
semanage_sandbox_install so that the policydb can be freed before any 
forks happen. With this patch and the prior ones semodule runs fine on a 
512m machine.
 
Signed-off-By: Joshua Brindle <method@manicmethod.com>

------

Index: libsemanage/src/direct_api.c
===================================================================
--- libsemanage/src/direct_api.c        (revision 2774)
+++ libsemanage/src/direct_api.c        (working copy)
@@ -41,6 +41,7 @@
 #include "boolean_internal.h"
 #include "fcontext_internal.h"
 #include "node_internal.h"
+#include "genhomedircon.h"
 
 #include "debug.h"
 #include "handle.h"
@@ -701,8 +702,27 @@
        if (retval < 0)
                goto cleanup;
 
+       /* run genhomedircon if its enabled, this should be the last operation
+        * which requires the out policydb */
+       if (!sh->conf->disable_genhomedircon) {
+               if ((retval =
+                               semanage_genhomedircon(sh, out, 1)) != 0) {
+                       ERR(sh, "semanage_genhomedircon returned error code %d.",
+                                       retval);
+                       goto cleanup;
+               }
+       } else {
+               WARN(sh, "WARNING: genhomedircon is disabled. \
+                               See /etc/selinux/semanage.conf if you need to enable it.");
+        }
+
+       /* free out, if we don't free it before calling semanage_install_sandbox 
+        * then fork() may fail on low memory machines */
+       sepol_policydb_free(out);
+       out = NULL;
+
        if (sh->do_rebuild || modified) {
-               retval = semanage_install_sandbox(sh, out);
+               retval = semanage_install_sandbox(sh);
        }
 
       cleanup:
Index: libsemanage/src/semanage_store.c
===================================================================
--- libsemanage/src/semanage_store.c    (revision 2775)
+++ libsemanage/src/semanage_store.c    (working copy)
@@ -34,7 +34,6 @@
 #include "semanage_store.h"
 #include "database_policydb.h"
 #include "handle.h"
-#include "genhomedircon.h"
 
 #include <selinux/selinux.h>
 #include <sepol/policydb.h>
@@ -1279,8 +1278,7 @@
  * should be placed within a mutex lock to ensure that it runs
  * atomically. Returns commit number on success, -1 on error.
  */
-int semanage_install_sandbox(semanage_handle_t * sh,
-                            sepol_policydb_t * policydb)
+int semanage_install_sandbox(semanage_handle_t * sh)
 {
        int retval = -1, commit_num = -1;
 
@@ -1293,17 +1291,6 @@
                ERR(sh, "No setfiles program specified in configuration file.");
                goto cleanup;
        }
-       if (!sh->conf->disable_genhomedircon) {
-               if ((retval =
-                    semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
-                       ERR(sh, "semanage_genhomedircon returned error code %d.",
-                           retval);
-                       goto cleanup;
-               }
-       } else {
-               WARN(sh, "WARNING: genhomedircon is disabled. \
-See /etc/selinux/semanage.conf if you need to enable it.");
-       }
 
        if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
                retval = commit_num;
Index: libsemanage/src/semanage_store.h
===================================================================
--- libsemanage/src/semanage_store.h    (revision 2774)
+++ libsemanage/src/semanage_store.h    (working copy)
@@ -100,8 +100,7 @@
 int semanage_write_policydb(semanage_handle_t * sh,
                            sepol_policydb_t * policydb);
 
-int semanage_install_sandbox(semanage_handle_t * sh,
-                            sepol_policydb_t * policydb);
+int semanage_install_sandbox(semanage_handle_t * sh);
 
 int semanage_verify_modules(semanage_handle_t * sh,
                            char **module_filenames, int num_modules);




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libsemanage: free policydb before fork

[Joshua Brindle]

Joshua Brindle wrote:
> While testing the recent memory-related patches on a low memory machine 
> (512m total) I found that semodule still failed. It turns out that 
> fork() requires enough free ram for the amount of private dirty memory 
> in the parent process to succeed (even if it is never written to in the 
> child process). This patch moves the genhomedircon call to outside of 
> semanage_sandbox_install so that the policydb can be freed before any 
> forks happen. With this patch and the prior ones semodule runs fine on a 
> 512m machine.
> 
> Signed-off-By: Joshua Brindle <method@manicmethod.com>
> 

Interestingly this works sometimes and not others. I suppose it depends
on whether the libc allocator feels like giving up the memory when we
free the policydb or not. I am not sure what the best way to address
this is, any ideas?

> ------
> 
> Index: libsemanage/src/direct_api.c
> ===================================================================
> --- libsemanage/src/direct_api.c        (revision 2774)
> +++ libsemanage/src/direct_api.c        (working copy)
> @@ -41,6 +41,7 @@
> #include "boolean_internal.h"
> #include "fcontext_internal.h"
> #include "node_internal.h"
> +#include "genhomedircon.h"
> 
> #include "debug.h"
> #include "handle.h"
> @@ -701,8 +702,27 @@
>        if (retval < 0)
>                goto cleanup;
> 
> +       /* run genhomedircon if its enabled, this should be the last 
> operation
> +        * which requires the out policydb */
> +       if (!sh->conf->disable_genhomedircon) {
> +               if ((retval =
> +                               semanage_genhomedircon(sh, out, 1)) != 0) {
> +                       ERR(sh, "semanage_genhomedircon returned error 
> code %d.",
> +                                       retval);
> +                       goto cleanup;
> +               }
> +       } else {
> +               WARN(sh, "WARNING: genhomedircon is disabled. \
> +                               See /etc/selinux/semanage.conf if you 
> need to enable it.");
> +        }
> +
> +       /* free out, if we don't free it before calling 
> semanage_install_sandbox +        * then fork() may fail on low memory 
> machines */
> +       sepol_policydb_free(out);
> +       out = NULL;
> +
>        if (sh->do_rebuild || modified) {
> -               retval = semanage_install_sandbox(sh, out);
> +               retval = semanage_install_sandbox(sh);
>        }
> 
>       cleanup:
> Index: libsemanage/src/semanage_store.c
> ===================================================================
> --- libsemanage/src/semanage_store.c    (revision 2775)
> +++ libsemanage/src/semanage_store.c    (working copy)
> @@ -34,7 +34,6 @@
> #include "semanage_store.h"
> #include "database_policydb.h"
> #include "handle.h"
> -#include "genhomedircon.h"
> 
> #include <selinux/selinux.h>
> #include <sepol/policydb.h>
> @@ -1279,8 +1278,7 @@
>  * should be placed within a mutex lock to ensure that it runs
>  * atomically. Returns commit number on success, -1 on error.
>  */
> -int semanage_install_sandbox(semanage_handle_t * sh,
> -                            sepol_policydb_t * policydb)
> +int semanage_install_sandbox(semanage_handle_t * sh)
> {
>        int retval = -1, commit_num = -1;
> 
> @@ -1293,17 +1291,6 @@
>                ERR(sh, "No setfiles program specified in configuration 
> file.");
>                goto cleanup;
>        }
> -       if (!sh->conf->disable_genhomedircon) {
> -               if ((retval =
> -                    semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
> -                       ERR(sh, "semanage_genhomedircon returned error 
> code %d.",
> -                           retval);
> -                       goto cleanup;
> -               }
> -       } else {
> -               WARN(sh, "WARNING: genhomedircon is disabled. \
> -See /etc/selinux/semanage.conf if you need to enable it.");
> -       }
> 
>        if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
>                retval = commit_num;
> Index: libsemanage/src/semanage_store.h
> ===================================================================
> --- libsemanage/src/semanage_store.h    (revision 2774)
> +++ libsemanage/src/semanage_store.h    (working copy)
> @@ -100,8 +100,7 @@
> int semanage_write_policydb(semanage_handle_t * sh,
>                            sepol_policydb_t * policydb);
> 
> -int semanage_install_sandbox(semanage_handle_t * sh,
> -                            sepol_policydb_t * policydb);
> +int semanage_install_sandbox(semanage_handle_t * sh);
> 
> int semanage_verify_modules(semanage_handle_t * sh,
>                            char **module_filenames, int num_modules);
> 
> 
> 
> 
> -- 
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov 
> with
> the words "unsubscribe selinux" without quotes as the message.
> 




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libsemanage: free policydb before fork

[Stephen Smalley]

On Sun, 2008-02-03 at 16:47 -0500, Joshua Brindle wrote:
> Joshua Brindle wrote:
> > While testing the recent memory-related patches on a low memory machine 
> > (512m total) I found that semodule still failed. It turns out that 
> > fork() requires enough free ram for the amount of private dirty memory 
> > in the parent process to succeed (even if it is never written to in the 
> > child process). This patch moves the genhomedircon call to outside of 
> > semanage_sandbox_install so that the policydb can be freed before any 
> > forks happen. With this patch and the prior ones semodule runs fine on a 
> > 512m machine.
> > 
> > Signed-off-By: Joshua Brindle <method@manicmethod.com>
> > 
> 
> Interestingly this works sometimes and not others. I suppose it depends
> on whether the libc allocator feels like giving up the memory when we
> free the policydb or not. I am not sure what the best way to address
> this is, any ideas?

First, slightly unrelated, am I correct that only your patch for
consuming base has been merged and not my two patches thus far?  I'd
like to get those two merged before we do anything further.  Should I
commit them?  Looks like there is a minor conflict that I'll have to
resolve against your patch.

Second, have we considered dropping the separate execution of the
load_policy program and just directly invoking the libselinux function
for loading policy from libsemanage?  Might require a policy change to
allow semodule to load policy directly.

Then there is the separate execution of setfiles -c to validate the file
contexts configuration against the policy.  But that too could possibly
be replaced by direct calls to the relevant library functions.

We've encapsulated almost all of the load policy and setfiles logic in
libselinux these days, so it doesn't seem hard to eliminate the use of
separate helpers there.  And since semodule is writing out the kernel
policy file that will be loaded, we aren't actually protecting against
anything by keeping load_policy in a separate domain (this is all under
direct method, of course).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libsemanage: free policydb before fork

[Joshua Brindle]

Stephen Smalley wrote:
> On Sun, 2008-02-03 at 16:47 -0500, Joshua Brindle wrote:
>   
>> Joshua Brindle wrote:
>>     
>>> While testing the recent memory-related patches on a low memory machine 
>>> (512m total) I found that semodule still failed. It turns out that 
>>> fork() requires enough free ram for the amount of private dirty memory 
>>> in the parent process to succeed (even if it is never written to in the 
>>> child process). This patch moves the genhomedircon call to outside of 
>>> semanage_sandbox_install so that the policydb can be freed before any 
>>> forks happen. With this patch and the prior ones semodule runs fine on a 
>>> 512m machine.
>>>
>>> Signed-off-By: Joshua Brindle <method@manicmethod.com>
>>>
>>>       
>> Interestingly this works sometimes and not others. I suppose it depends
>> on whether the libc allocator feels like giving up the memory when we
>> free the policydb or not. I am not sure what the best way to address
>> this is, any ideas?
>>     
>
> First, slightly unrelated, am I correct that only your patch for
> consuming base has been merged and not my two patches thus far?  I'd
> like to get those two merged before we do anything further.  Should I
> commit them?  Looks like there is a minor conflict that I'll have to
> resolve against your patch.
>
>   
Yes, I didn't merge them, please go ahead and do so.

> Second, have we considered dropping the separate execution of the
> load_policy program and just directly invoking the libselinux function
> for loading policy from libsemanage?  Might require a policy change to
> allow semodule to load policy directly.
>
>   

We can, I don't think we are winning much by executing it separately.

> Then there is the separate execution of setfiles -c to validate the file
> contexts configuration against the policy.  But that too could possibly
> be replaced by direct calls to the relevant library functions.
>
> We've encapsulated almost all of the load policy and setfiles logic in
> libselinux these days, so it doesn't seem hard to eliminate the use of
> separate helpers there.  And since semodule is writing out the kernel
> policy file that will be loaded, we aren't actually protecting against
> anything by keeping load_policy in a separate domain (this is all under
> direct method, of course).
>   

Agreed. I am currently on vacation and probably won't get around to 
doing this though.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Todd Miller]

Joshua Brindle wrote:
> Interestingly this works sometimes and not others. I suppose it
> depends on whether the libc allocator feels like giving up the memory
> when we free the policydb or not. I am not sure what the best way to
> address this is, any ideas?

You might try calling malloc_stats() before you free the policydb and
see how the stats differ in the two cases.  We may also be able to tune
malloc via mallopt().  I would guess that mmap()'d data is more likely
to be returned to the system so we might try reducing M_MMAP_THRESHOLD
from 128K to a smaller amount (maybe try 64K).  The flip side of this
is M_TRIM_THRESHOLD (which also defaults to 128K).  A lower value of
M_TRIM_THRESHOLD will result in malloc() returning sbrk()'d memory
back to the system more often.  So, there are knobs we can twiddle--
I just don't know how likely they are to help.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Todd Miller]

Todd Miller wrote:
> You might try calling malloc_stats() before you free the policydb and
> see how the stats differ in the two cases.

Actually, the info returned by mallinfo() may be more useful.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Todd Miller]

Joshua Brindle wrote:
> While testing the recent memory-related patches on a low memory
> machine (512m total) I found that semodule still failed. It turns out
> that fork() requires enough free ram for the amount of private dirty
> memory in the parent process to succeed (even if it is never written
> to in the child process).

I would suggest trying to use vfork() instead of fork() in
semanage_exec_prog().
This should result in less of the parent's memory being copied into the
child.
You would also have to change the exit() following execve() failure to
_exit()
but that should be it.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Stephen Smalley]

On Mon, 2008-02-04 at 10:14 -0500, Todd Miller wrote:
> Joshua Brindle wrote:
> > While testing the recent memory-related patches on a low memory
> > machine (512m total) I found that semodule still failed. It turns out
> > that fork() requires enough free ram for the amount of private dirty
> > memory in the parent process to succeed (even if it is never written
> > to in the child process).
> 
> I would suggest trying to use vfork() instead of fork() in
> semanage_exec_prog().
> This should result in less of the parent's memory being copied into the
> child.
> You would also have to change the exit() following execve() failure to
> _exit()
> but that should be it.

Might be interesting to see the results of that change, but just to
note, from the man page for vfork in Linux:

BUGS
       It is rather unfortunate that Linux revived this specter from the past.
       The  BSD  man  page  states:  "This system call will be eliminated when
       proper system sharing mechanisms are  implemented.   Users  should  not
       depend  on  the memory sharing semantics of vfork() as it will, in that
       case, be made synonymous to fork(2)."

       Details of the signal handling are obscure and differ between  systems.
       The  BSD man page states: "To avoid a possible deadlock situation, pro-
       cesses that are children in the middle of  a  vfork()  are  never  sent
       SIGTTOU  or  SIGTTIN  signals; rather, output or ioctls are allowed and
       input attempts result in an end-of-file indication."

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Todd Miller]

Stephen Smalley wrote:
>Might be interesting to see the results of that change, but just to
> note, from the man page for vfork in Linux:
> 
> BUGS
>        It is rather unfortunate that Linux revived this specter from
>        the past. The  BSD  man  page  states:  "This system call will
>        be eliminated when proper system sharing mechanisms are 
>        implemented.   Users  should  not depend  on  the memory
>        sharing semantics of vfork() as it will, in that case, be made
> synonymous to fork(2)." 
> 
>        Details of the signal handling are obscure and differ between 
>        systems. The  BSD man page states: "To avoid a possible
>        deadlock situation, pro- cesses that are children in the
>        middle of  a  vfork()  are  never  sent SIGTTOU  or  SIGTTIN 
>        signals; rather, output or ioctls are allowed and input
> attempts result in an end-of-file indication." 

Be that as it may, vfork() is now part of POSIX so I don't think it
is going anywhere.  On modern systems it is really just an asyncronous
fork(), though we are not even relying on that here.  That info from
the BSD manual page dates from back when BSD had a less advanced VM
system.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Stephen Smalley]

On Mon, 2008-02-04 at 10:14 -0500, Todd Miller wrote:
> Joshua Brindle wrote:
> > While testing the recent memory-related patches on a low memory
> > machine (512m total) I found that semodule still failed. It turns out
> > that fork() requires enough free ram for the amount of private dirty
> > memory in the parent process to succeed (even if it is never written
> > to in the child process).
> 
> I would suggest trying to use vfork() instead of fork() in
> semanage_exec_prog().
> This should result in less of the parent's memory being copied into the
> child.
> You would also have to change the exit() following execve() failure to
> _exit()
> but that should be it.

Ok, patch below makes this change.

Index: trunk/libsemanage/src/semanage_store.c
===================================================================
--- trunk/libsemanage/src/semanage_store.c	(revision 2783)
+++ trunk/libsemanage/src/semanage_store.c	(working copy)
@@ -911,14 +911,14 @@
 
 	/* no need to use pthread_atfork() -- child will not be using
 	 * any mutexes. */
-	if ((forkval = fork()) == -1) {
+	if ((forkval = vfork()) == -1) {
 		ERR(sh, "Error while forking process.");
 		return -1;
 	} else if (forkval == 0) {
 		/* child process.  file descriptors will be closed
 		 * because they were set as close-on-exec. */
 		execve(e->path, argv, NULL);
-		exit(EXIT_FAILURE);	/* if execve() failed */
+		_exit(EXIT_FAILURE);	/* if execve() failed */
 	} else {
 		/* parent process.  wait for child to finish */
 		int status = 0;

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] libsemanage: free policydb before fork

[Todd Miller]

Stephen Smalley wrote:
> Ok, patch below makes this change.
> 
> Index: trunk/libsemanage/src/semanage_store.c
> ===================================================================
> --- trunk/libsemanage/src/semanage_store.c	(revision 2783)
> +++ trunk/libsemanage/src/semanage_store.c	(working copy)
> @@ -911,14 +911,14 @@
> 
>  	/* no need to use pthread_atfork() -- child will not be using
>  	 * any mutexes. */
> -	if ((forkval = fork()) == -1) {
> +	if ((forkval = vfork()) == -1) {
>  		ERR(sh, "Error while forking process.");
>  		return -1;
>  	} else if (forkval == 0) {
>  		/* child process.  file descriptors will be closed
>  		 * because they were set as close-on-exec. */
>  		execve(e->path, argv, NULL);
> -		exit(EXIT_FAILURE);	/* if execve() failed */
> +		_exit(EXIT_FAILURE);	/* if execve() failed */
>  	} else {
>  		/* parent process.  wait for child to finish */
>  		int status = 0;

That's identical to what I have in my tree.  Works fine here.

Acked-By: Todd C. Miller <tmiller@tresys.com>

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libsemanage: free policydb before fork

[Stephen Smalley]

On Sat, 2008-02-02 at 22:12 -0500, Joshua Brindle wrote:
> While testing the recent memory-related patches on a low memory machine 
> (512m total) I found that semodule still failed. It turns out that 
> fork() requires enough free ram for the amount of private dirty memory 
> in the parent process to succeed (even if it is never written to in the 
> child process). This patch moves the genhomedircon call to outside of 
> semanage_sandbox_install so that the policydb can be freed before any 
> forks happen. With this patch and the prior ones semodule runs fine on a 
> 512m machine.
>  
> Signed-off-By: Joshua Brindle <method@manicmethod.com>

Merged, as I think it is a worthwhile improvement even separate from the
fork issue.

Patch was whitespace damaged, so applied with -l and then re-indented.

> 
> ------
> 
> Index: libsemanage/src/direct_api.c
> ===================================================================
> --- libsemanage/src/direct_api.c        (revision 2774)
> +++ libsemanage/src/direct_api.c        (working copy)
> @@ -41,6 +41,7 @@
>  #include "boolean_internal.h"
>  #include "fcontext_internal.h"
>  #include "node_internal.h"
> +#include "genhomedircon.h"
>  
>  #include "debug.h"
>  #include "handle.h"
> @@ -701,8 +702,27 @@
>         if (retval < 0)
>                 goto cleanup;
>  
> +       /* run genhomedircon if its enabled, this should be the last operation
> +        * which requires the out policydb */
> +       if (!sh->conf->disable_genhomedircon) {
> +               if ((retval =
> +                               semanage_genhomedircon(sh, out, 1)) != 0) {
> +                       ERR(sh, "semanage_genhomedircon returned error code %d.",
> +                                       retval);
> +                       goto cleanup;
> +               }
> +       } else {
> +               WARN(sh, "WARNING: genhomedircon is disabled. \
> +                               See /etc/selinux/semanage.conf if you need to enable it.");
> +        }
> +
> +       /* free out, if we don't free it before calling semanage_install_sandbox 
> +        * then fork() may fail on low memory machines */
> +       sepol_policydb_free(out);
> +       out = NULL;
> +
>         if (sh->do_rebuild || modified) {
> -               retval = semanage_install_sandbox(sh, out);
> +               retval = semanage_install_sandbox(sh);
>         }
>  
>        cleanup:
> Index: libsemanage/src/semanage_store.c
> ===================================================================
> --- libsemanage/src/semanage_store.c    (revision 2775)
> +++ libsemanage/src/semanage_store.c    (working copy)
> @@ -34,7 +34,6 @@
>  #include "semanage_store.h"
>  #include "database_policydb.h"
>  #include "handle.h"
> -#include "genhomedircon.h"
>  
>  #include <selinux/selinux.h>
>  #include <sepol/policydb.h>
> @@ -1279,8 +1278,7 @@
>   * should be placed within a mutex lock to ensure that it runs
>   * atomically. Returns commit number on success, -1 on error.
>   */
> -int semanage_install_sandbox(semanage_handle_t * sh,
> -                            sepol_policydb_t * policydb)
> +int semanage_install_sandbox(semanage_handle_t * sh)
>  {
>         int retval = -1, commit_num = -1;
>  
> @@ -1293,17 +1291,6 @@
>                 ERR(sh, "No setfiles program specified in configuration file.");
>                 goto cleanup;
>         }
> -       if (!sh->conf->disable_genhomedircon) {
> -               if ((retval =
> -                    semanage_genhomedircon(sh, policydb, TRUE)) != 0) {
> -                       ERR(sh, "semanage_genhomedircon returned error code %d.",
> -                           retval);
> -                       goto cleanup;
> -               }
> -       } else {
> -               WARN(sh, "WARNING: genhomedircon is disabled. \
> -See /etc/selinux/semanage.conf if you need to enable it.");
> -       }
>  
>         if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
>                 retval = commit_num;
> Index: libsemanage/src/semanage_store.h
> ===================================================================
> --- libsemanage/src/semanage_store.h    (revision 2774)
> +++ libsemanage/src/semanage_store.h    (working copy)
> @@ -100,8 +100,7 @@
>  int semanage_write_policydb(semanage_handle_t * sh,
>                             sepol_policydb_t * policydb);
>  
> -int semanage_install_sandbox(semanage_handle_t * sh,
> -                            sepol_policydb_t * policydb);
> +int semanage_install_sandbox(semanage_handle_t * sh);
>  
>  int semanage_verify_modules(semanage_handle_t * sh,
>                             char **module_filenames, int num_modules);
> 
> 
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.