summaryrefslogtreecommitdiff
path: root/src/shared/socket-label.c
diff options
context:
space:
mode:
authorWill Woods <wwoods@redhat.com>2015-03-13 17:24:46 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-03-13 23:42:18 -0400
commitf5ce2b49585a14cefb6d02f61c8dcdf7628a8605 (patch)
treed0199354e4bfd7efc096f948be36c1d6c3bb7845 /src/shared/socket-label.c
parent5de0ccffcc4a5a946102a14e0b0e681d964e3225 (diff)
selinux: fix SEGV during switch-root if SELinux policy loaded
If you've got SELinux policy loaded, label_hnd is your labeling handle. When systemd is shutting down, we free that handle via mac_selinux_finish(). But: switch_root() calls mkdir_p_label(), which tries to look up a label using that freed handle, and so we get a bunch of garbage and eventually SEGV in libselinux. (This doesn't happen in the switch-root from initramfs to real root because there's no SELinux policy loaded in initramfs, so label_hnd is NULL and we never attempt any lookups.) So: make sure that mac_selinux_finish() actually sets label_hnd to NULL, so nobody tries to use it after it becomes invalid. https://bugzilla.redhat.com/show_bug.cgi?id=1185604
Diffstat (limited to 'src/shared/socket-label.c')
0 files changed, 0 insertions, 0 deletions