From 6be2be0a076a792d44987050f5d196ae4a28cd67 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 27 Jul 2009 09:21:35 -0400 Subject: [PATCH] policycoreutils: get setfiles to skip mounts without seclabel On Fri, 2009-07-24 at 16:12 -0400, Stephen Smalley wrote: > On Fri, 2009-07-17 at 10:48 -0400, Thomas Liu wrote: > > Get setfiles to check paths for seclabel and skip them > > if it is not supported. > > > > Parse /proc/mounts and add paths that do not have seclabel > > to the exclude list. If another path shows up that does > > have seclabel, remove it from the exclude list, since setfiles > > will try and when it fails it will skip it. > > > > Also made one of the error messages in add_exclude more > > descriptive. > > > > Signed-off-by: Thomas Liu > > Signed-off-by: Dan Walsh > > --- > > Thanks, merged in policycoreutils 2.0.68. Applied this patch on top to free the buffer allocated by getline() and to free any removed entries from the excludeArray. valgrind --leak-check=full then shows no leakage. Signed-off-by: Stephen Smalley --- policycoreutils/setfiles/setfiles.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index 1c780a49..5e5d957c 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -281,6 +281,7 @@ static void remove_exclude(const char *directory) int i = 0; for (i = 0; i < excludeCtr; i++) { if (strcmp(directory, excludeArray[i].directory) == 0) { + free(excludeArray[i].directory); if (i != excludeCtr-1) excludeArray[i] = excludeArray[excludeCtr-1]; excludeCtr--; @@ -728,9 +729,11 @@ static void exclude_non_seclabel_mounts() int index = 0, found = 0; char *mount_info[4]; char *buf = NULL, *item; + /* Check to see if the kernel supports seclabel */ if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) return; + fp = fopen("/proc/mounts", "r"); if (!fp) return; @@ -769,6 +772,8 @@ static void exclude_non_seclabel_mounts() if (!found) add_exclude(mount_info[1]); } + + free(buf); } int main(int argc, char **argv)