summaryrefslogtreecommitdiff
path: root/src/basic/socket-label.c
diff options
context:
space:
mode:
authorPetr Lautrbach <plautrba@redhat.com>2016-03-10 10:19:56 +0100
committerPetr Lautrbach <plautrba@redhat.com>2016-03-10 10:34:37 +0100
commita0c9496cc826957fe0f3926f619e073f17a9ab4d (patch)
tree1f4fc19ef7cef27fdf851af386338418ff14c1d8 /src/basic/socket-label.c
parentc41d3b3a0ca1c53cbf05563f00bcef72db58d9b0 (diff)
socket_address_listen - do not rely on errno
Currently socket_address_listen() calls mac_selinux_bind() to bind a UNIX socket and checks its return value and errno for EADDRINUSE. This is not correct. When there's an SELinux context change made for the new socket, bind() is not the last function called in mac_selinux_bind(). In that case the last call is setfscreatecon() from libselinux which can change errno as it uses access() to check if /proc/thread-self is available. It fails on kernels before 3.17 and errno is set to ENOENT. It's safe to check only the return value at it's set to -errno.
Diffstat (limited to 'src/basic/socket-label.c')
-rw-r--r--src/basic/socket-label.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/basic/socket-label.c b/src/basic/socket-label.c
index 35e9573aa4..65509be901 100644
--- a/src/basic/socket-label.c
+++ b/src/basic/socket-label.c
@@ -122,7 +122,7 @@ int socket_address_listen(
r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
- if (r < 0 && errno == EADDRINUSE) {
+ if (r == -EADDRINUSE) {
/* Unlink and try again */
unlink(a->sockaddr.un.sun_path);
r = bind(fd, &a->sockaddr.sa, a->size);