From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id s6P2C3mP019245 for ; Thu, 24 Jul 2014 22:12:03 -0400 Message-ID: <53D1BCF0.1020806@windriver.com> Date: Fri, 25 Jul 2014 10:12:00 +0800 From: wenzong fan MIME-Version: 1.0 To: Joe Nall Subject: Re: [mcstransd] Fails after Reload Translations References: <53C766F5.4090905@windriver.com> <7E820C6F-E375-4E61-8DDF-77E8BE2D1BD2@nall.com> In-Reply-To: <7E820C6F-E375-4E61-8DDF-77E8BE2D1BD2@nall.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Cc: selinux@tycho.nsa.gov List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 07/17/2014 09:15 PM, Joe Nall wrote: > > On Jul 17, 2014, at 1:02 AM, wenzong fan wrote: > >> Hello, >> >> Generally the mcstransd works well on mls enabled system, but if "restart daemon" triggered, it will fail to trans the mls levels. > > domain does seems to be scoped improperly for a reload. I'll take a look and get back in a couple of days. Thanks for taking care of this but may I have your patches to replace my workaround? Wenzong > > joe > >> >> * To reproduce the issue: >> 1) apply attached patch: force-to-reload-translations.patch >> 2) build mcstransd and replace the one: "/sbin/mcstransd" >> 3) start the daemon and check results: >> >> $ run_init /etc/init.d/mcstrans start >> $ id -Z >> staff_u:lspp_test_r:lspp_harness_t:s0-s15:c0.c1023 >> >> $ ps aux|grep mcs >> root 3004 0.0 0.0 14884 668 ? Ss 09:37 0:00 mcstransd >> root 3116 0.0 0.0 103252 832 pts/1 S+ 10:39 0:00 grep mcs >> >> $ grep mcs /var/log/messages >> Jul 17 09:37:05 localhost mcstransd: mcstransd starting >> Jul 17 09:37:05 localhost mcstransd: Failed to initialize color translations >> Jul 17 09:37:05 localhost mcstransd: No color information will be available >> Jul 17 09:37:05 localhost mcstransd: mcstransd initialized >> Jul 17 09:37:05 localhost mcstransd: Reload Translations >> Jul 17 09:37:05 localhost mcstransd: cache sizes: tr = 26, rt = 26 >> Jul 17 09:37:05 localhost mcstransd: Failed to initialize color translations >> Jul 17 09:37:05 localhost mcstransd: No color information will be available >> >> I tested this on CentOS 6.5 with mls policy enabled. >> >> * Why does it fail? >> >> Check process_trans() in mcstrans.c: >> >> 723 process_trans(char *buffer) { >> 724 static domain_t *domain; >> [snip] ... >> 784 if (!domain) { >> 785 domain = create_domain("Default"); >> 786 if (!domain) >> 787 return -1; >> 788 group = NULL; >> 789 } >> >> As I think, the static pointer "domain" will be initialized when the daemon is starting, it will work well if that's all; But if "restart daemon" triggered after that, the point "domain" will have an old value but not NULL, this will prevent the create_domain() from running. In this case, an empty "domains" causes the translation failed. >> >> I have a workaround to get it works: workaround-for-mcstransd.patch, but it's a bit ugly, I hope someone could give a better fix for it:) >> >> Thanks >> Wenzong >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. > >