RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libselinux: only mount /proc if necessary 

Commit 9df4988846 ("libselinux: Mount procfs before checking
/proc/filesystems") changed selinuxfs_exists() to always try
mounting /proc before reading /proc/filesystems.  However, this is
unnecessary if /proc is already mounted and can produce avc denials
if the process is not allowed to perform the mount.  Check first
to see if /proc is already present and only try the mount if it is not.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2016-02-29 10:10:55 -05:00
parent 085d7c99fd
commit 5a8d8c499b
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libselinux/src/init.c
View File

@ -12,6 +12,7 @@
#include <stdint.h>
#include <limits.h>
#include <sys/mount.h>
#include <linux/magic.h>
#include "dso.h"
#include "policy.h"
@ -57,13 +58,19 @@ static int verify_selinuxmnt(const char *mnt)
int selinuxfs_exists(void)
{
int exists = 0, mnt_rc = 0;
int exists = 0, mnt_rc = -1, rc;
struct statfs sb;
FILE *fp = NULL;
char *buf = NULL;
size_t len;
ssize_t num;
mnt_rc = mount("proc", "/proc", "proc", 0, 0);
do {
rc = statfs("/proc", &sb);
} while (rc < 0 && errno == EINTR);
if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC))
mnt_rc = mount("proc", "/proc", "proc", 0, 0);
fp = fopen("/proc/filesystems", "r");
if (!fp) {