libselinux does not work properly in upstart/initrd

libselinux does not work properly in upstart/initrd

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 953 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://bugzilla.redhat.com/show_bug.cgi?id=434793

The way the upstart initrd works is to run nash with a builtin
loadpolicy.  The problem is nash starts before the /sysmount files
system is mounted, so libselinux does not have an /etc/selinux/config to
read.  It defaults to targeted.  So when nash finally executes
loadpolicy (selinux_init_load_policy) it has the wrong config.
Switching to any other type of policy will fail and
selinux_init_load_policy will look for targeted.

I changed this function to reload the config, to fix this problem.

I think I did all the hidden stuff correctly.  I don't think we want to
expose these functions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfG8GYACgkQrlYvE4MpobNudgCg25fnGfQ6WNyzGiMckpfXy11O
0i8AnjskiEKZX/84EKnpjwujdPydUJEz
=Ku86
-----END PGP SIGNATURE-----

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 2325 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.57/src/load_policy.c
--- nsalibselinux/src/load_policy.c	2008-02-13 11:16:14.000000000 -0500
+++ libselinux-2.0.57/src/load_policy.c	2008-02-28 11:11:20.000000000 -0500
@@ -308,6 +308,13 @@
 	FILE *cfg;
 	char *buf;
 
+
+	/*
+	  Reinitialize the library, so chroot will work correctly.
+	 */
+	fini_selinux_policyroot();
+	init_selinux_config();
+
 	/*
 	 * Get desired mode (disabled, permissive, enforcing) from 
 	 * /etc/selinux/config. 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.57/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c	2007-08-03 16:02:56.000000000 -0400
+++ libselinux-2.0.57/src/selinux_config.c	2008-02-28 11:10:01.000000000 -0500
@@ -127,9 +127,9 @@
 static char *selinux_policyroot = NULL;
 static char *selinux_rootpath = NULL;
 
-static void init_selinux_config(void) __attribute__ ((constructor));
+void init_selinux_config(void) __attribute__ ((constructor));
 
-static void init_selinux_config(void)
+void init_selinux_config(void)
 {
 	int i, *intptr;
 	size_t line_len;
@@ -207,10 +207,11 @@
 		    == -1)
 			return;
 }
+hidden_def(init_selinux_config)
 
-static void fini_selinux_policyroot(void) __attribute__ ((destructor));
+void fini_selinux_policyroot(void) __attribute__ ((destructor));
 
-static void fini_selinux_policyroot(void)
+void fini_selinux_policyroot(void)
 {
 	int i;
 	free(selinux_policyroot);
@@ -222,6 +223,7 @@
 	free(selinux_policytype);
 	selinux_policytype = NULL;
 }
+hidden_def(fini_selinux_policyroot)
 
 static const char *get_path(int idx)
 {
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.57/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h	2007-08-03 16:02:56.000000000 -0400
+++ libselinux-2.0.57/src/selinux_internal.h	2008-02-28 11:11:04.000000000 -0500
@@ -80,6 +80,13 @@
 hidden_proto(security_get_initial_context);
 hidden_proto(security_get_initial_context_raw);
 
+extern void init_selinux_config(void) hidden;
+extern void fini_selinux_policyroot(void) hidden;
+
+hidden_proto(init_selinux_config);
+hidden_proto(fini_selinux_policyroot);
+
 extern int load_setlocaldefs hidden;
 extern int require_seusers hidden;
 extern int selinux_page_size hidden;
+

[-- Attachment #3: diff.sig --]
[-- Type: application/octet-stream, Size: 72 bytes --]

Re: libselinux does not work properly in upstart/initrd

[Stephen Smalley]

[-- Attachment #1: Type: text/plain, Size: 1460 bytes --]


On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=434793
> 
> The way the upstart initrd works is to run nash with a builtin
> loadpolicy.  The problem is nash starts before the /sysmount files
> system is mounted, so libselinux does not have an /etc/selinux/config to
> read.  It defaults to targeted.  So when nash finally executes
> loadpolicy (selinux_init_load_policy) it has the wrong config.
> Switching to any other type of policy will fail and
> selinux_init_load_policy will look for targeted.
> 
> I changed this function to reload the config, to fix this problem.
> 
> I think I did all the hidden stuff correctly.  I don't think we want to
> expose these functions.

To make a function hidden, just mark it with hidden.
hidden_def and hidden_proto are about creating a private definition
within the library for intra-library calls that do not cause a
relocation, not about hiding the definition altogether.

Concerns about this patch:
- it isn't thread safe,
- it only "fixes" the load policy case, not any other libselinux
function call.

As an alternative, maybe we should revive Steve Grubb's lazy init patch
for libselinux?  That won't reload each time, but will defer the initial
reading until you first invoke a libselinux function.  The last version
of the patch that I saw is attached.

-- 
Stephen Smalley
National Security Agency

[-- Attachment #2: libselinux-2.0.7-lazy-config.patch --]
[-- Type: text/x-patch, Size: 2278 bytes --]

diff -urp libselinux-2.0.7.orig/src/selinux_config.c libselinux-2.0.7/src/selinux_config.c
--- libselinux-2.0.7.orig/src/selinux_config.c	2007-03-17 21:09:48.000000000 -0400
+++ libselinux-2.0.7/src/selinux_config.c	2007-03-18 09:03:05.000000000 -0400
@@ -7,6 +7,7 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <unistd.h>
+#include <pthread.h>
 #include "selinux_internal.h"
 #include "get_default_type_internal.h"
 
@@ -40,6 +41,24 @@
 #define SECURETTY_TYPES   18
 #define NEL               19
 
+/* Make pthread_once optional */
+#pragma weak pthread_once
+
+/* Part of one-time lazy init */
+static pthread_once_t once = PTHREAD_ONCE_INIT;
+static void init_selinux_config(void);
+
+/* Call handler iff the first call.  */
+#define __selinux_once(ONCE_CONTROL, INIT_FUNCTION)	\
+	do {						\
+		if (pthread_once != NULL)		\
+			pthread_once (&(ONCE_CONTROL), (INIT_FUNCTION));  \
+		else if ((ONCE_CONTROL) == PTHREAD_ONCE_INIT) {		  \
+			INIT_FUNCTION ();		\
+			(ONCE_CONTROL) = 2;		\
+		}					\
+	} while (0)
+
 /* New layout is relative to SELINUXDIR/policytype. */
 static char *file_paths[NEL];
 #define L1(l) L2(l)
@@ -115,6 +134,7 @@ static char *selinux_policytype;
 
 int selinux_getpolicytype(char **type)
 {
+	__selinux_once(once, init_selinux_config);
 	if (!selinux_policytype)
 		return -1;
 	*type = strdup(selinux_policytype);
@@ -124,9 +144,7 @@ int selinux_getpolicytype(char **type)
 hidden_def(selinux_getpolicytype)
 
 static char *selinux_policyroot = NULL;
-static char *selinux_rootpath = NULL;
-
-static void init_selinux_config(void) __attribute__ ((constructor));
+static const char *selinux_rootpath = SELINUXDIR;
 
 static void init_selinux_config(void)
 {
@@ -139,7 +157,6 @@ static void init_selinux_config(void)
 	if (selinux_policyroot)
 		return;
 
-	selinux_rootpath = SELINUXDIR;
 	fp = fopen(SELINUXCONFIG, "r");
 	if (fp) {
 		__fsetlocking(fp, FSETLOCKING_BYCALLER);
@@ -224,6 +241,7 @@ static void fini_selinux_policyroot(void
 
 static const char *get_path(int idx)
 {
+	__selinux_once(once, init_selinux_config);
 	return file_paths[idx];
 }
 
@@ -236,6 +254,7 @@ hidden_def(selinux_default_type_path)
 
 const char *selinux_policy_root()
 {
+	__selinux_once(once, init_selinux_config);
 	return selinux_policyroot;
 }
 

Re: libselinux does not work properly in upstart/initrd

[Stephen Smalley]

On Thu, 2008-02-28 at 13:25 -0500, Stephen Smalley wrote:
> On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=434793
> > 
> > The way the upstart initrd works is to run nash with a builtin
> > loadpolicy.  The problem is nash starts before the /sysmount files
> > system is mounted, so libselinux does not have an /etc/selinux/config to
> > read.  It defaults to targeted.  So when nash finally executes
> > loadpolicy (selinux_init_load_policy) it has the wrong config.
> > Switching to any other type of policy will fail and
> > selinux_init_load_policy will look for targeted.
> > 
> > I changed this function to reload the config, to fix this problem.
> > 
> > I think I did all the hidden stuff correctly.  I don't think we want to
> > expose these functions.
> 
> To make a function hidden, just mark it with hidden.
> hidden_def and hidden_proto are about creating a private definition
> within the library for intra-library calls that do not cause a
> relocation, not about hiding the definition altogether.

IOW, hidden_def and hidden_proto are only required when you have a
symbol that is exported to users of the library that is also called
internally by the library.  If the symbol is not exported or if the
symbol is not called internally by the library, then you don't need
them.

"hidden" by itself is to prevent export entirely.

> 
> Concerns about this patch:
> - it isn't thread safe,
> - it only "fixes" the load policy case, not any other libselinux
> function call.
> 
> As an alternative, maybe we should revive Steve Grubb's lazy init patch
> for libselinux?  That won't reload each time, but will defer the initial
> reading until you first invoke a libselinux function.  The last version
> of the patch that I saw is attached.
> 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux does not work properly in upstart/initrd

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=434793
>>
>> The way the upstart initrd works is to run nash with a builtin
>> loadpolicy.  The problem is nash starts before the /sysmount files
>> system is mounted, so libselinux does not have an /etc/selinux/config to
>> read.  It defaults to targeted.  So when nash finally executes
>> loadpolicy (selinux_init_load_policy) it has the wrong config.
>> Switching to any other type of policy will fail and
>> selinux_init_load_policy will look for targeted.
>>
>> I changed this function to reload the config, to fix this problem.
>>
>> I think I did all the hidden stuff correctly.  I don't think we want to
>> expose these functions.
> 
> To make a function hidden, just mark it with hidden.
> hidden_def and hidden_proto are about creating a private definition
> within the library for intra-library calls that do not cause a
> relocation, not about hiding the definition altogether.
> 
So the hidden_def and hidden_proto lines can be removed as login as the
extern hidden remains.
> Concerns about this patch:
> - it isn't thread safe,
selinux_init_load_policy should not be called repeatedly, or probably
from a threaded app.
> - it only "fixes" the load policy case, not any other libselinux
> function call.
Well this is a very strange occurrance where the config is not there and
then when the function gets called, it is there.
> 
> As an alternative, maybe we should revive Steve Grubb's lazy init patch
> for libselinux?  That won't reload each time, but will defer the initial
> reading until you first invoke a libselinux function.  The last version
> of the patch that I saw is attached.
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfHAfgACgkQrlYvE4MpobMjdgCfftLE1H66/lvy5iyZ78884D4s
+dYAoKCvAhRpTUu5Oaxtl7w9Lo3JFDB7
=oWsG
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux does not work properly in upstart/initrd

[Stephen Smalley]

On Thu, 2008-02-28 at 13:25 -0500, Stephen Smalley wrote:
> On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=434793
> > 
> > The way the upstart initrd works is to run nash with a builtin
> > loadpolicy.  The problem is nash starts before the /sysmount files
> > system is mounted, so libselinux does not have an /etc/selinux/config to
> > read.  It defaults to targeted.  So when nash finally executes
> > loadpolicy (selinux_init_load_policy) it has the wrong config.
> > Switching to any other type of policy will fail and
> > selinux_init_load_policy will look for targeted.
> > 
> > I changed this function to reload the config, to fix this problem.
> > 
> > I think I did all the hidden stuff correctly.  I don't think we want to
> > expose these functions.
> 
> To make a function hidden, just mark it with hidden.
> hidden_def and hidden_proto are about creating a private definition
> within the library for intra-library calls that do not cause a
> relocation, not about hiding the definition altogether.
> 
> Concerns about this patch:
> - it isn't thread safe,
> - it only "fixes" the load policy case, not any other libselinux
> function call.
> 
> As an alternative, maybe we should revive Steve Grubb's lazy init patch
> for libselinux?  That won't reload each time, but will defer the initial
> reading until you first invoke a libselinux function.  The last version
> of the patch that I saw is attached.

Note that Steve's patch (and yours) only addressed
init_selinux_config(), not the other constructor - init_lib().

So, for example, if selinuxfs isn't already mounted at startup, then
we'd have a similar problem with selinux_mnt not getting defined.

Same approach could be applied to init_lib(), although it would require
inserting the guards appropriately.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux does not work properly in upstart/initrd

[Stephen Smalley]

On Thu, 2008-02-28 at 13:48 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Stephen Smalley wrote:
> > On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=434793
> >>
> >> The way the upstart initrd works is to run nash with a builtin
> >> loadpolicy.  The problem is nash starts before the /sysmount files
> >> system is mounted, so libselinux does not have an /etc/selinux/config to
> >> read.  It defaults to targeted.  So when nash finally executes
> >> loadpolicy (selinux_init_load_policy) it has the wrong config.
> >> Switching to any other type of policy will fail and
> >> selinux_init_load_policy will look for targeted.
> >>
> >> I changed this function to reload the config, to fix this problem.
> >>
> >> I think I did all the hidden stuff correctly.  I don't think we want to
> >> expose these functions.
> > 
> > To make a function hidden, just mark it with hidden.
> > hidden_def and hidden_proto are about creating a private definition
> > within the library for intra-library calls that do not cause a
> > relocation, not about hiding the definition altogether.
> > 
> So the hidden_def and hidden_proto lines can be removed as login as the
> extern hidden remains.
> > Concerns about this patch:
> > - it isn't thread safe,
> selinux_init_load_policy should not be called repeatedly, or probably
> from a threaded app.
> > - it only "fixes" the load policy case, not any other libselinux
> > function call.
> Well this is a very strange occurrance where the config is not there and
> then when the function gets called, it is there.

Fair enough - we can just handle this specific case then.
I'd suggest a single reset_selinux_config() or similar function added to
src/selinux_config.c that does the fini_ and init_ calls internally, and
then call that single function from load policy.

> > 
> > As an alternative, maybe we should revive Steve Grubb's lazy init patch
> > for libselinux?  That won't reload each time, but will defer the initial
> > reading until you first invoke a libselinux function.  The last version
> > of the patch that I saw is attached.
> > 
> > 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkfHAfgACgkQrlYvE4MpobMjdgCfftLE1H66/lvy5iyZ78884D4s
> +dYAoKCvAhRpTUu5Oaxtl7w9Lo3JFDB7
> =oWsG
> -----END PGP SIGNATURE-----
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux does not work properly in upstart/initrd

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 2831 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Thu, 2008-02-28 at 13:48 -0500, Daniel J Walsh wrote:
> Stephen Smalley wrote:
>>>> On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=434793
>>>>>
>>>>> The way the upstart initrd works is to run nash with a builtin
>>>>> loadpolicy.  The problem is nash starts before the /sysmount files
>>>>> system is mounted, so libselinux does not have an /etc/selinux/config to
>>>>> read.  It defaults to targeted.  So when nash finally executes
>>>>> loadpolicy (selinux_init_load_policy) it has the wrong config.
>>>>> Switching to any other type of policy will fail and
>>>>> selinux_init_load_policy will look for targeted.
>>>>>
>>>>> I changed this function to reload the config, to fix this problem.
>>>>>
>>>>> I think I did all the hidden stuff correctly.  I don't think we want to
>>>>> expose these functions.
>>>> To make a function hidden, just mark it with hidden.
>>>> hidden_def and hidden_proto are about creating a private definition
>>>> within the library for intra-library calls that do not cause a
>>>> relocation, not about hiding the definition altogether.
>>>>
> So the hidden_def and hidden_proto lines can be removed as login as the
> extern hidden remains.
>>>> Concerns about this patch:
>>>> - it isn't thread safe,
> selinux_init_load_policy should not be called repeatedly, or probably
> from a threaded app.
>>>> - it only "fixes" the load policy case, not any other libselinux
>>>> function call.
> Well this is a very strange occurrance where the config is not there and
> then when the function gets called, it is there.
> 
>> Fair enough - we can just handle this specific case then.
>> I'd suggest a single reset_selinux_config() or similar function added to
>> src/selinux_config.c that does the fini_ and init_ calls internally, and
>> then call that single function from load policy.
> 
>>>> As an alternative, maybe we should revive Steve Grubb's lazy init patch
>>>> for libselinux?  That won't reload each time, but will defer the initial
>>>> reading until you first invoke a libselinux function.  The last version
>>>> of the patch that I saw is attached.
>>>>
>>>>
>>
- --
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

New simplified patch to reset the selinux_config.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfHDRMACgkQrlYvE4MpobNEjACgygyCp4ISNXrpMajwozPEbqwH
2kQAoLgnTNDv9KlsFpIBGGYnCEFHThfA
=HcRn
-----END PGP SIGNATURE-----

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 1527 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/src/load_policy.c libselinux-2.0.57/src/load_policy.c
--- nsalibselinux/src/load_policy.c	2008-02-13 11:16:14.000000000 -0500
+++ libselinux-2.0.57/src/load_policy.c	2008-02-28 14:30:24.000000000 -0500
@@ -308,6 +308,12 @@
 	FILE *cfg;
 	char *buf;
 
+
+	/*
+	  Reinitialize the library, so chroot will work correctly.
+	 */
+	reset_selinux_config();
+
 	/*
 	 * Get desired mode (disabled, permissive, enforcing) from 
 	 * /etc/selinux/config. 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.57/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c	2007-08-03 16:02:56.000000000 -0400
+++ libselinux-2.0.57/src/selinux_config.c	2008-02-28 14:33:02.000000000 -0500
@@ -223,6 +223,12 @@
 	selinux_policytype = NULL;
 }
 
+void reset_selinux_config(void)
+{
+	fini_selinux_policyroot();
+	init_selinux_config();
+}
+
 static const char *get_path(int idx)
 {
 	return file_paths[idx];
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-2.0.57/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h	2007-08-03 16:02:56.000000000 -0400
+++ libselinux-2.0.57/src/selinux_internal.h	2008-02-28 14:30:24.000000000 -0500
@@ -80,6 +80,7 @@
 hidden_proto(security_get_initial_context);
 hidden_proto(security_get_initial_context_raw);
 
+extern void reset_selinux_config(void) hidden;
 extern int load_setlocaldefs hidden;
 extern int require_seusers hidden;
 extern int selinux_page_size hidden;

[-- Attachment #3: diff.sig --]
[-- Type: application/octet-stream, Size: 72 bytes --]

Re: libselinux does not work properly in upstart/initrd

[Stephen Smalley]

On Thu, 2008-02-28 at 14:35 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Stephen Smalley wrote:
> > On Thu, 2008-02-28 at 13:48 -0500, Daniel J Walsh wrote:
> > Stephen Smalley wrote:
> >>>> On Thu, 2008-02-28 at 12:33 -0500, Daniel J Walsh wrote:
> >>>>> -----BEGIN PGP SIGNED MESSAGE-----
> >>>>> Hash: SHA1
> >>>>>
> >>>>> https://bugzilla.redhat.com/show_bug.cgi?id=434793
> >>>>>
> >>>>> The way the upstart initrd works is to run nash with a builtin
> >>>>> loadpolicy.  The problem is nash starts before the /sysmount files
> >>>>> system is mounted, so libselinux does not have an /etc/selinux/config to
> >>>>> read.  It defaults to targeted.  So when nash finally executes
> >>>>> loadpolicy (selinux_init_load_policy) it has the wrong config.
> >>>>> Switching to any other type of policy will fail and
> >>>>> selinux_init_load_policy will look for targeted.
> >>>>>
> >>>>> I changed this function to reload the config, to fix this problem.
> >>>>>
> >>>>> I think I did all the hidden stuff correctly.  I don't think we want to
> >>>>> expose these functions.
> >>>> To make a function hidden, just mark it with hidden.
> >>>> hidden_def and hidden_proto are about creating a private definition
> >>>> within the library for intra-library calls that do not cause a
> >>>> relocation, not about hiding the definition altogether.
> >>>>
> > So the hidden_def and hidden_proto lines can be removed as login as the
> > extern hidden remains.
> >>>> Concerns about this patch:
> >>>> - it isn't thread safe,
> > selinux_init_load_policy should not be called repeatedly, or probably
> > from a threaded app.
> >>>> - it only "fixes" the load policy case, not any other libselinux
> >>>> function call.
> > Well this is a very strange occurrance where the config is not there and
> > then when the function gets called, it is there.
> > 
> >> Fair enough - we can just handle this specific case then.
> >> I'd suggest a single reset_selinux_config() or similar function added to
> >> src/selinux_config.c that does the fini_ and init_ calls internally, and
> >> then call that single function from load policy.
> > 
> >>>> As an alternative, maybe we should revive Steve Grubb's lazy init patch
> >>>> for libselinux?  That won't reload each time, but will defer the initial
> >>>> reading until you first invoke a libselinux function.  The last version
> >>>> of the patch that I saw is attached.
> >>>>
> >>>>
> >>
> - --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
> 
> New simplified patch to reset the selinux_config.

Thanks, merged with minor change to the comments.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.