selinux: fix SEGV during switch-root if SELinux policy loaded

mirror of https://github.com/AuxXxilium/eudev.git synced 2025-02-20 08:37:55 +07:00

If you've got SELinux policy loaded, label_hnd is your labeling handle.
When systemd is shutting down, we free that handle via mac_selinux_finish().

But: switch_root() calls mkdir_p_label(), which tries to look up a label
using that freed handle, and so we get a bunch of garbage and eventually
SEGV in libselinux.

(This doesn't happen in the switch-root from initramfs to real root because
there's no SELinux policy loaded in initramfs, so label_hnd is NULL and we
never attempt any lookups.)

So: make sure that mac_selinux_finish() actually sets label_hnd to NULL, so
nobody tries to use it after it becomes invalid.

https://bugzilla.redhat.com/show_bug.cgi?id=1185604

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>

This commit is contained in:

Will Woods

2015-03-13 17:24:46 -04:00

committed by

Anthony G. Basile

parent c45230b3b0

commit 59b6fb3b75

1 changed files with 1 additions and 0 deletions

									
										1

src/shared/selinux-util.c
									
										View File
										
				@ -115,6 +115,7 @@ void mac_selinux_finish(void) {

				                return;

				        selabel_close(label_hnd);

				        label_hnd = NULL;

				#endif

				}

selinux: fix SEGV during switch-root if SELinux policy loaded

1 src/shared/selinux-util.c Unescape Escape View File

1

src/shared/selinux-util.c

View File