mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-14 01:10:49 +00:00
libsemanage: sync filesystem with sandbox
Commit 331a109f91
("libsemanage: fsync final files before rename")
added fsync() for policy files and improved situation when something
unexpected happens right after rename(). However the module store could
be affected as well. After the following steps module files could be 0
size:
1. Run `semanage fcontext -a -t var_t "/tmp/abc"`
2. Force shutdown the server during the command is run, or right after
it's finished
3. Boot the system and look for empty files:
# find /var/lib/selinux/targeted/ -type f -size 0 | wc -l
1266
It looks like this situation can be avoided if the filesystem with the
sandbox is sync()ed before we start to rename() directories in the
store.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
be7f54cb1f
commit
c35919a703
@ -1736,6 +1736,19 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
|
||||
}
|
||||
close(fd);
|
||||
|
||||
/* sync changes in sandbox to filesystem */
|
||||
fd = open(sandbox, O_DIRECTORY);
|
||||
if (fd == -1) {
|
||||
ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno);
|
||||
return -1;
|
||||
}
|
||||
if (syncfs(fd) == -1) {
|
||||
ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno);
|
||||
close(fd);
|
||||
return -1;
|
||||
}
|
||||
close(fd);
|
||||
|
||||
retval = commit_number;
|
||||
|
||||
if (semanage_get_active_lock(sh) < 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user