From: Stefano Borini <stefano.borini@quantumwise.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, selinux@tycho.nsa.gov
Subject: Re: spinlock in centos 6.4 and redhat enterprise 6 using chcon
Date: Fri, 30 Jan 2015 22:25:10 +0100 [thread overview]
Message-ID: <54CBF6B6.9040002@quantumwise.com> (raw)
In-Reply-To: <54CBAE30.5060402@tycho.nsa.gov>
On 01/30/2015 05:15 PM, Stephen Smalley wrote:
> While this obviously shouldn't hang, it is definitely wrong for this
> library to be invoking chcon on the .so file. The label should be set
> when the .so file is first installed, preferably by rpm itself by adding
> a file_contexts entry via semanage fcontext -a followed by a restorecon
> call in the %post scriptlet. Can you bug the author of the
> closed-source library to fix their package?
I mailed them and waiting for an answer, but I guess that they are doing
so as a workaround because they need to dlopen it and they are unable to
do so.
The version of selinux is the default provided by centos6.4. I'll write
back the specific detail on Monday. I don't have access to the machine
outside of office hours.
I tried to produce some code that simulate what I think it might happen
in the closed source library, but I was unable to reproduce the problem.
My assumption was that a separate thread was issuing a dlopen and then
the chcon, but besides the fact that I don't see how this may lead to
chcon hanging, it failed to produce any problem.
I also tried to reproduce the issue on another centos6.4 installation
without success. However, we already encountered this hang condition in
two unrelated customers, so it's not a random fluke.
--
Stefano Borini
QuantumWise A/S
next prev parent reply other threads:[~2015-01-30 21:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-29 10:14 spinlock in centos 6.4 and redhat enterprise 6 using chcon Stefano Borini
2015-01-30 16:08 ` Stephen Smalley
2015-01-30 16:15 ` Stephen Smalley
2015-01-30 21:25 ` Stefano Borini [this message]
2015-01-30 21:36 ` Stephen Smalley
2015-02-01 11:17 ` Stefano Borini
2015-02-02 11:09 ` Stefano Borini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54CBF6B6.9040002@quantumwise.com \
--to=stefano.borini@quantumwise.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.