2004-09-17 02:04:18 +02:00
|
|
|
/* SELinux access controls for nscd.
|
2016-01-04 17:05:18 +01:00
|
|
|
Copyright (C) 2004-2016 Free Software Foundation, Inc.
|
2004-09-17 02:04:18 +02:00
|
|
|
This file is part of the GNU C Library.
|
|
|
|
|
Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
|
|
|
|
|
|
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
|
|
|
modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
License as published by the Free Software Foundation; either
|
|
|
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
2012-02-10 00:18:22 +01:00
|
|
|
License along with the GNU C Library; if not, see
|
|
|
|
|
<http://www.gnu.org/licenses/>. */
|
2004-09-17 02:04:18 +02:00
|
|
|
|
2005-06-15 00:52:30 +02:00
|
|
|
#include "config.h"
|
2004-09-17 02:04:18 +02:00
|
|
|
#include <error.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <libintl.h>
|
|
|
|
|
#include <pthread.h>
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <syslog.h>
|
2005-12-29 02:09:00 +01:00
|
|
|
#include <unistd.h>
|
2006-04-26 18:29:29 +02:00
|
|
|
#include <sys/prctl.h>
|
2004-09-17 02:04:18 +02:00
|
|
|
#include <selinux/avc.h>
|
|
|
|
|
#include <selinux/selinux.h>
|
2005-06-15 00:52:30 +02:00
|
|
|
#ifdef HAVE_LIBAUDIT
|
2006-04-26 18:29:29 +02:00
|
|
|
# include <libaudit.h>
|
2005-06-15 00:52:30 +02:00
|
|
|
#endif
|
2004-09-17 02:04:18 +02:00
|
|
|
|
|
|
|
|
#include "dbg_log.h"
|
|
|
|
|
#include "selinux.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_SELINUX
|
|
|
|
|
/* Global variable to tell if the kernel has SELinux support. */
|
|
|
|
|
int selinux_enabled;
|
|
|
|
|
|
2014-04-11 00:31:53 +02:00
|
|
|
/* Define mappings of request type to AVC permission name. */
|
|
|
|
|
static const char *perms[LASTREQ] =
|
2004-09-17 02:04:18 +02:00
|
|
|
{
|
2014-04-11 00:31:53 +02:00
|
|
|
[GETPWBYNAME] = "getpwd",
|
|
|
|
|
[GETPWBYUID] = "getpwd",
|
|
|
|
|
[GETGRBYNAME] = "getgrp",
|
|
|
|
|
[GETGRBYGID] = "getgrp",
|
|
|
|
|
[GETHOSTBYNAME] = "gethost",
|
|
|
|
|
[GETHOSTBYNAMEv6] = "gethost",
|
|
|
|
|
[GETHOSTBYADDR] = "gethost",
|
|
|
|
|
[GETHOSTBYADDRv6] = "gethost",
|
|
|
|
|
[SHUTDOWN] = "admin",
|
|
|
|
|
[GETSTAT] = "getstat",
|
|
|
|
|
[INVALIDATE] = "admin",
|
|
|
|
|
[GETFDPW] = "shmempwd",
|
|
|
|
|
[GETFDGR] = "shmemgrp",
|
|
|
|
|
[GETFDHST] = "shmemhost",
|
|
|
|
|
[GETAI] = "gethost",
|
|
|
|
|
[INITGROUPS] = "getgrp",
|
|
|
|
|
[GETSERVBYNAME] = "getserv",
|
|
|
|
|
[GETSERVBYPORT] = "getserv",
|
|
|
|
|
[GETFDSERV] = "shmemserv",
|
|
|
|
|
[GETNETGRENT] = "getnetgrp",
|
|
|
|
|
[INNETGR] = "getnetgrp",
|
|
|
|
|
[GETFDNETGR] = "shmemnetgrp",
|
2004-09-17 02:04:18 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Store an entry ref to speed AVC decisions. */
|
|
|
|
|
static struct avc_entry_ref aeref;
|
|
|
|
|
|
|
|
|
|
/* Thread to listen for SELinux status changes via netlink. */
|
|
|
|
|
static pthread_t avc_notify_thread;
|
|
|
|
|
|
2005-06-15 00:52:30 +02:00
|
|
|
#ifdef HAVE_LIBAUDIT
|
|
|
|
|
/* Prototype for supporting the audit daemon */
|
|
|
|
|
static void log_callback (const char *fmt, ...);
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-09-17 02:04:18 +02:00
|
|
|
/* Prototypes for AVC callback functions. */
|
|
|
|
|
static void *avc_create_thread (void (*run) (void));
|
|
|
|
|
static void avc_stop_thread (void *thread);
|
|
|
|
|
static void *avc_alloc_lock (void);
|
|
|
|
|
static void avc_get_lock (void *lock);
|
|
|
|
|
static void avc_release_lock (void *lock);
|
|
|
|
|
static void avc_free_lock (void *lock);
|
|
|
|
|
|
|
|
|
|
/* AVC callback structures for use in avc_init. */
|
|
|
|
|
static const struct avc_log_callback log_cb =
|
|
|
|
|
{
|
2005-06-15 00:52:30 +02:00
|
|
|
#ifdef HAVE_LIBAUDIT
|
|
|
|
|
.func_log = log_callback,
|
|
|
|
|
#else
|
2004-09-17 02:04:18 +02:00
|
|
|
.func_log = dbg_log,
|
2005-06-15 00:52:30 +02:00
|
|
|
#endif
|
2004-09-17 02:04:18 +02:00
|
|
|
.func_audit = NULL
|
|
|
|
|
};
|
|
|
|
|
static const struct avc_thread_callback thread_cb =
|
|
|
|
|
{
|
|
|
|
|
.func_create_thread = avc_create_thread,
|
|
|
|
|
.func_stop_thread = avc_stop_thread
|
|
|
|
|
};
|
|
|
|
|
static const struct avc_lock_callback lock_cb =
|
|
|
|
|
{
|
|
|
|
|
.func_alloc_lock = avc_alloc_lock,
|
|
|
|
|
.func_get_lock = avc_get_lock,
|
|
|
|
|
.func_release_lock = avc_release_lock,
|
|
|
|
|
.func_free_lock = avc_free_lock
|
|
|
|
|
};
|
|
|
|
|
|
2005-06-15 00:52:30 +02:00
|
|
|
#ifdef HAVE_LIBAUDIT
|
|
|
|
|
/* The audit system's netlink socket descriptor */
|
|
|
|
|
static int audit_fd = -1;
|
|
|
|
|
|
|
|
|
|
/* When an avc denial occurs, log it to audit system */
|
2005-06-20 17:49:08 +02:00
|
|
|
static void
|
2005-06-15 00:52:30 +02:00
|
|
|
log_callback (const char *fmt, ...)
|
|
|
|
|
{
|
2005-12-29 02:09:00 +01:00
|
|
|
if (audit_fd >= 0)
|
|
|
|
|
{
|
|
|
|
|
va_list ap;
|
|
|
|
|
va_start (ap, fmt);
|
|
|
|
|
|
|
|
|
|
char *buf;
|
|
|
|
|
int e = vasprintf (&buf, fmt, ap);
|
|
|
|
|
if (e < 0)
|
|
|
|
|
{
|
|
|
|
|
buf = alloca (BUFSIZ);
|
|
|
|
|
vsnprintf (buf, BUFSIZ, fmt, ap);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* FIXME: need to attribute this to real user, using getuid for now */
|
|
|
|
|
audit_log_user_avc_message (audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
|
|
|
|
NULL, getuid ());
|
2005-06-15 00:52:30 +02:00
|
|
|
|
2005-12-29 02:09:00 +01:00
|
|
|
if (e >= 0)
|
|
|
|
|
free (buf);
|
|
|
|
|
|
|
|
|
|
va_end (ap);
|
|
|
|
|
}
|
2005-06-15 00:52:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Initialize the connection to the audit system */
|
2005-06-20 17:49:08 +02:00
|
|
|
static void
|
2005-06-15 00:52:30 +02:00
|
|
|
audit_init (void)
|
|
|
|
|
{
|
|
|
|
|
audit_fd = audit_open ();
|
2005-12-29 02:09:00 +01:00
|
|
|
if (audit_fd < 0
|
|
|
|
|
/* If kernel doesn't support audit, bail out */
|
|
|
|
|
&& errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
|
2006-02-22 08:30:15 +01:00
|
|
|
dbg_log (_("Failed opening connection to the audit subsystem: %m"));
|
2005-06-15 00:52:30 +02:00
|
|
|
}
|
2006-04-26 18:29:29 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# ifdef HAVE_LIBCAP
|
|
|
|
|
static const cap_value_t new_cap_list[] =
|
|
|
|
|
{ CAP_AUDIT_WRITE };
|
|
|
|
|
# define nnew_cap_list (sizeof (new_cap_list) / sizeof (new_cap_list[0]))
|
|
|
|
|
static const cap_value_t tmp_cap_list[] =
|
|
|
|
|
{ CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
|
|
|
|
|
# define ntmp_cap_list (sizeof (tmp_cap_list) / sizeof (tmp_cap_list[0]))
|
|
|
|
|
|
|
|
|
|
cap_t
|
|
|
|
|
preserve_capabilities (void)
|
|
|
|
|
{
|
|
|
|
|
if (getuid () != 0)
|
|
|
|
|
/* Not root, then we cannot preserve anything. */
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
if (prctl (PR_SET_KEEPCAPS, 1) == -1)
|
|
|
|
|
{
|
|
|
|
|
dbg_log (_("Failed to set keep-capabilities"));
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
|
2006-04-26 18:29:29 +02:00
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cap_t tmp_caps = cap_init ();
|
2007-07-28 22:44:03 +02:00
|
|
|
cap_t new_caps = NULL;
|
2006-04-26 18:29:29 +02:00
|
|
|
if (tmp_caps != NULL)
|
|
|
|
|
new_caps = cap_init ();
|
|
|
|
|
|
|
|
|
|
if (tmp_caps == NULL || new_caps == NULL)
|
|
|
|
|
{
|
|
|
|
|
if (tmp_caps != NULL)
|
2007-03-26 22:41:09 +02:00
|
|
|
cap_free (tmp_caps);
|
2006-04-26 18:29:29 +02:00
|
|
|
|
|
|
|
|
dbg_log (_("Failed to initialize drop of capabilities"));
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, 0, _("cap_init failed"));
|
2006-04-26 18:29:29 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* There is no reason why these should not work. */
|
2007-03-26 22:41:09 +02:00
|
|
|
cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list,
|
|
|
|
|
(cap_value_t *) new_cap_list, CAP_SET);
|
|
|
|
|
cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list,
|
|
|
|
|
(cap_value_t *) new_cap_list, CAP_SET);
|
|
|
|
|
|
|
|
|
|
cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list,
|
|
|
|
|
(cap_value_t *) tmp_cap_list, CAP_SET);
|
|
|
|
|
cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list,
|
|
|
|
|
(cap_value_t *) tmp_cap_list, CAP_SET);
|
2006-04-26 18:29:29 +02:00
|
|
|
|
|
|
|
|
int res = cap_set_proc (tmp_caps);
|
|
|
|
|
|
|
|
|
|
cap_free (tmp_caps);
|
|
|
|
|
|
2014-02-10 14:45:42 +01:00
|
|
|
if (__glibc_unlikely (res != 0))
|
2006-04-26 18:29:29 +02:00
|
|
|
{
|
|
|
|
|
cap_free (new_caps);
|
[BZ #2510, BZ #2830, BZ #3137, BZ #3313, BZ #3426, BZ #3465, BZ #3480, BZ #3483, BZ #3493, BZ #3514, BZ #3515, BZ #3664, BZ #3673, BZ #3674]
2007-01-11 Jakub Jelinek <jakub@redhat.com>
* sysdeps/i386/soft-fp/sfp-machine.h: Remove.
* sysdeps/x86_64/soft-fp/sfp-machine.h: Likewise.
2007-01-10 Ulrich Drepper <drepper@redhat.com>
* io/fts.c: Make sure fts_cur is always valid after return from
fts_read.
Patch by Miloslav Trmac <mitr@redhat.com>.
2006-10-27 Richard Sandiford <richard@codesourcery.com>
* elf/elf.h (R_MIPS_GLOB_DAT): Define.
(R_MIPS_NUM): Bump by 1.
2007-01-03 Jakub Jelinek <jakub@redhat.com>
* posix/execvp.c: Include alloca.h.
(allocate_scripts_argv): Renamed to...
(scripts_argv): ... this. Don't allocate buffer here nor count
arguments.
(execvp): Use alloca if possible.
* posix/Makefile: Add rules to build and run tst-vfork3 test.
* posix/tst-vfork3.c: New test.
* stdlib/Makefile (tst-strtod3-ENV): Define.
2007-01-02 Ulrich Drepper <drepper@redhat.com>
* posix/getconf.c: Update copyright year.
* nss/getent.c: Likewise.
* iconv/iconvconfig.c: Likewise.
* iconv/iconv_prog.c: Likewise.
* elf/ldconfig.c: Likewise.
* catgets/gencat.c: Likewise.
* csu/version.c: Likewise.
* elf/ldd.bash.in: Likewise.
* elf/sprof.c (print_version): Likewise.
* locale/programs/locale.c: Likewise.
* locale/programs/localedef.c: Likewise.
* nscd/nscd.c (print_version): Likewise.
* debug/xtrace.sh: Likewise.
* malloc/memusage.sh: Likewise.
* malloc/mtrace.pl: Likewise.
* debug/catchsegv.sh: Likewise.
2006-12-24 Ulrich Drepper <drepper@redhat.com>
* malloc/malloc.c (sYSMALLOc): Remove some unnecessary alignment
attempts.
2006-12-23 Ulrich Drepper <drepper@redhat.com>
* posix/wordexp.c: Remove some unnecessary tests.
2006-12-20 SUGIOKA Toshinobu <sugioka@itonet.co.jp>
* sysdeps/unix/sysv/linux/sh/bits/shm.h: New file.
* nss/getXXbyYY_r.c: Include atomic.h.
(INTERNAL (REENTRANT_NAME)): Write startp after start_fct,
add atomic_write_barrier () in between.
2006-11-28 Jakub Jelinek <jakub@redhat.com>
* elf/dl-support.c: Include dl-procinfo.h.
* sysdeps/powerpc/dl-procinfo.h (PPC_PLATFORM_POWER4,
PPC_PLATFORM_PPC970, PPC_PLATFORM_POWER5, PPC_PLATFORM_POWER5_PLUS,
PPC_PLATFORM_POWER6, PPC_PLATFORM_CELL_BE, PPC_PLATFORM_POWER6X):
Define.
(_dl_string_platform): Use PPC_PLATFORM_* macros instead of
hardcoded constants.
* sysdeps/powerpc/dl-procinfo.c (_dl_powerpc_platform): Use
PPC_PLATFORM_* macros for array designators.
2006-11-11 Steven Munroe <sjmunroe@us.ibm.com>
* sysdeps/powerpc/dl-procinfo.c (_dl_powerpc_cap_flags): Add 3 new cap
names to the beginning.
(_dl_powerpc_platforms): Add "power6x".
* sysdeps/powerpc/dl-procinfo.h (_DL_HWCAP_FIRST): Decrease.
(HWCAP_IMPORTANT): Add PPC_FEATURE_HAS_DFP.
(_DL_PLATFORMS_COUNT): Increase.
(_dl_string_platform): Handle power6x case.
* sysdeps/powerpc/sysdep.h (PPC_FEATURE_PA6T, PPC_FEATURE_HAS_DFP,
PPC_FEATURE_POWER6_EXT): Define.
(PPC_FEATURE_POWER5, PPC_FEATURE_POWER5_PLUS): Correct Comment.
[-2^31 .. 2^31) range.
* sysdeps/unix/sysv/linux/bits/statvfs.h: Define ST_RELATIME.
* sysdeps/unix/sysv/linux/internal_statvfs.c (__statvfs_getflags):
Handle relatime mount option.
2006-12-13 Jakub Jelinek <jakub@redhat.com>
* sysdeps/unix/sysv/linux/powerpc/powerpc32/setcontext.S: Include
kernel-features.h.
2006-12-11 Ulrich Drepper <drepper@redhat.com>
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Parse thousand
separators also if no non-zero digits found.
* stdlib/Makefile (tests): Add tst-strtod3.
[BZ #3664]
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Fix test to recognize
empty parsed strings.
* stdlib/Makefile (tests): Add tst-strtod2.
* stdlib/tst-strtod2.c: New file.
[BZ #3673]
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Fix exp_limit
computation.
* stdlib/Makefile (tests): Add tst-atof2.
* stdlib/tst-atof2.c: New file.
[BZ #3674]
* stdlib/strtod_l.c (____STRTOF_INTERNAL): Adjust exponent value
correctly if removing trailing zero of hex-float.
* stdlib/Makefile (tests): Add tst-atof1.
* stdlib/tst-atof1.c: New file.
* misc/mntent_r.c (__hasmntopt): Check p[optlen] even when p == rest.
Start searching for next comma at p rather than rest.
* misc/Makefile (tests): Add tst-mntent2.
* misc/tst-mntent2.c: New test.
2006-12-08 Ulrich Drepper <drepper@redhat.com>
* malloc/memusage.c: Handle realloc with new size of zero and
non-NULL pointer correctly.
(me): Really write first record twice.
(struct entry): Make format bi-arch safe.
(dest): Write out more realloc statistics.
* malloc/memusagestat.c (struct entry): Make format bi-arch safe.
2006-12-05 Jakub Jelinek <jakub@redhat.com>
* nis/nis_subr.c (nis_getnames): Revert last change.
2006-12-03 Kaz Kojima <kkojima@rr.iij4u.or.jp>
* sysdeps/unix/sysv/linux/sh/sys/io.h: Removed.
2006-11-30 H.J. Lu <hongjiu.lu@intel.com>
* sysdeps/i386/i686/memcmp.S: Use jump table as the base of
jump table entries.
2006-11-30 Jan Kratochvil <jan.kratochvil@redhat.com>
* sysdeps/unix/sysv/linux/i386/clone.S: Provide CFI for the outermost
`clone' function to ensure proper unwinding stop of gdb.
* sysdeps/unix/sysv/linux/x86_64/clone.S: Likewise.
2006-12-01 Ulrich Drepper <drepper@redhat.com>
* nscd/nscd.init: Remove obsolete and commented-out -S option
handling.
2006-11-23 Jakub Jelinek <jakub@redhat.com>
[BZ #3514]
* manual/string.texi (strncmp): Fix pastos from wcscmp description.
[BZ #3515]
* manual/string.texi (strtok): Remove duplicate paragraph.
2006-12-01 Jan Kratochvil <jan.kratochvil@redhat.com>
* sysdeps/unix/sysv/linux/x86_64/sigaction.c: Fix compatibility with
libgcc not supporting `rflags' unwinding (register # >= 17).
2006-11-30 Jakub Jelinek <jakub@redhat.com>
* sunrpc/svc_run.c (svc_run): Set my_pollfd to new_pollfd if realloc
succeeded.
2006-11-29 Daniel Jacobowitz <dan@codesourcery.com>
Jakub Jelinek <jakub@redhat.com>
Jan Kratochvil <jan.kratochvil@redhat.com>
* sysdeps/unix/sysv/linux/x86_64/sigaction.c (restore_rt): Add correct
unwind information.
* sysdeps/unix/sysv/linux/x86_64/Makefile: Provide symbols for
'restore_rt' even in the 'signal' directory.
* sysdeps/unix/sysv/linux/x86_64/ucontext_i.sym: Extend the regs list.
malloc crashed. Don't allocate memory unnecessarily in each
loop.
2006-10-21 Jakub Jelinek <jakub@redhat.com>
* resolv/mapv4v6addr.h (map_v4v6_address): Fix last change.
2006-11-20 Ulrich Drepper <drepper@redhat.com>
* resolv/mapv4v6addr.h (map_v4v6_address): Optimize a bit.
2006-11-18 Bruno Haible <bruno@clisp.org>
* sysdeps/unix/sysv/linux/i386/getgroups.c (__getgroups): Invoke
__sysconf only after having tried to call getgroups32.
2006-11-19 Ulrich Drepper <drepper@redhat.com>
* nss/nss_files/files-hosts.c (LINE_PARSER): Support IPv6-style
addresses for IPv4 queries if they can be mapped.
2006-11-16 Jakub Jelinek <jakub@redhat.com>
* sysdeps/x86_64/fpu/s_copysignf.S (__copysignf): Switch to .text.
* sysdeps/x86_64/fpu/s_copysign.S (__copysign): Likewise.
(signmask): Add .size directive.
(othermask): Add .type directive.
2006-11-14 Ulrich Drepper <drepper@redhat.com>
* po/nl.po: Update from translation team.
* timezone/zdump.c: Redo fix for BZ #3137.
2006-11-14 Jakub Jelinek <jakub@redhat.com>
* nss/nss_files/files-alias.c (get_next_alias): Set line back
to first_unused after parsing :include: file.
* timezone/africa: Update from tzdata2006o.
* timezone/antarctica: Likewise.
* timezone/asia: Likewise.
* timezone/australasia: Likewise.
* timezone/backward: Likewise.
* timezone/europe: Likewise.
* timezone/iso3166.tab: Likewise.
* timezone/northamerica: Likewise.
* timezone/southamerica: Likewise.
* timezone/zone.tab: Likewise.
* time/tzfile.c (__tzfile_read): Extend to handle new file format
on machines with 64-bit time_t.
* timezone/checktab.awk: Update from tzcode2006o.
* timezone/ialloc.c: Likewise.
* timezone/private.h: Likewise.
* timezone/scheck.c: Likewise.
* timezone/tzfile.h: Likewise.
* timezone/tzselect.ksh: Likewise.
* timezone/zdump.c: Likewise.
* timezone/zic.c: Likewise.
[BZ #3483]
* elf/ldconfig.c (main): Call setlocale and textdomain.
Patch mostly by Benno Schulenberg <bensberg@justemail.net>.
[BZ #3480]
* manual/argp.texi: Fix typos.
* manual/charset.texi: Likewise.
* manual/errno.texi: Likewise.
* manual/filesys.texi: Likewise.
* manual/lang.texi: Likewise.
* manual/maint.texi: Likewise.
* manual/memory.texi: Likewise.
* manual/message.texi: Likewise.
* manual/resource.texi: Likewise.
* manual/search.texi: Likewise.
* manual/signal.texi: Likewise.
* manual/startup.texi: Likewise.
* manual/stdio.texi: Likewise.
* manual/sysinfo.texi: Likewise.
* manual/syslog.texi: Likewise.
* manual/time.texi: Likewise.
Patch by Ralf Wildenhues <Ralf.Wildenhues@gmx.de>.
[BZ #3465]
* sunrpc/clnt_raw.c: Minimal message improvements.
* sunrpc/pm_getmaps.c: Likewise.
* nis/nss_nisplus/nisplus-publickey.c: Likewise.
* nis/nis_print_group_entry.c: Likewise.
* locale/programs/repertoire.c: Likewise.
* locale/programs/charmap.c: Likewise.
* malloc/memusage.sh: Likewise.
* elf/dl-deps.c: Likewise.
* locale/programs/ld-collate.c: Likewise.
* libio/vswprintf.c: Likewise.
* malloc/memusagestat.c: Likewise.
* sunrpc/auth_unix.c: Likewise.
* sunrpc/rpc_main.c: Likewise.
* nscd/cache.c: Likewise.
* locale/programs/repertoire.c: Unify output messages.
* locale/programs/charmap.c: Likewise.
* locale/programs/ld-ctype.c: Likewise.
* locale/programs/ld-monetary.c: Likewise.
* locale/programs/ld-numeric.c: Likewise.
* locale/programs/ld-time.c: Likewise.
* elf/ldconfig.c: Likewise.
* nscd/selinux.c: Likewise.
* elf/cache.c: Likewise.
Patch mostly by Benno Schulenberg <bensberg@justemail.net>.
2006-11-10 Jakub Jelinek <jakub@redhat.com>
* string/strxfrm_l.c (STRXFRM): Fix trailing \1 optimization
if N is one bigger than return value.
* string/tst-strxfrm2.c (do_test): Also test strxfrm with l1 + 1
and l1 last arguments, if buf is defined, verify the return value
equals to strlen (buf) and verify no byte beyond passed length
is modified.
2006-11-10 Ulrich Drepper <drepper@redhat.com>
* po/sv.po: Update from translation team.
* sysdeps/gnu/siglist.c (__old_sys_siglist, __old_sys_sigabbrev):
Use __new_sys_siglist instead of _sys_siglist_internal as
second macro argument.
(_old_sys_siglist): Use declare_symbol_alias macro instead of
strong_alias.
2006-11-09 Ulrich Drepper <drepper@redhat.com>
[BZ #3493]
* posix/unistd.h (sysconf): Remove const attribute.
* sysdeps/posix/getaddrinfo.c (getaddrinfo): Fix test for
temporary or deprecated addresses.
Patch by Sridhar Samudrala <sri@us.ibm.com>.
* string/Makefile (tests): Add tst-strxfrm2.
* string/tst-strxfrm2.c: New file.
2006-10-09 Jakub Jelinek <jakub@redhat.com>
* elf/dl-debug.c (_dl_debug_initialize): Check r->r_map for 0
rather than r->r_brk.
* string/strxfrm_l.c (STRXFRM): Do the trailing \1 removal
optimization even if needed > n.
2006-11-07 Jakub Jelinek <jakub@redhat.com>
* include/libc-symbols.h (declare_symbol): Rename to...
(declare_symbol_alias): ... this. Add ORIGINAL argument, imply
strong_alias (ORIGINAL, SYMBOL) in asm to make sure it preceedes
.size directive.
* sysdeps/gnu/errlist-compat.awk: Adjust for declare_symbol_alias
changes.
* sysdeps/gnu/siglist.c: Likewise.
2006-11-03 Steven Munroe <sjmunroe@us.ibm.com>
* sysdeps/powerpc/fpu/bits/mathinline.h
[__LIBC_INTERNAL_MATH_INLINES]: Moved to ...
* sysdeps/powerpc/fpu/math_private.h: ...here. New file.
2006-11-05 Ulrich Drepper <drepper@redhat.com>
* sysdeps/unix/sysv/linux/i386/sysconf.c (intel_check_word):
Update handling of cache descriptor 0x49 for new models.
* sysdeps/unix/sysv/linux/x86_64/sysconf.c (intel_check_word):
Likewise.
2006-11-02 Ulrich Drepper <drepper@redhat.com>
* configure.in: Work around ld --help change and avoid -z relro
test completely if the architecture doesn't care about security.
2006-11-01 Ulrich Drepper <drepper@redhat.com>
* po/sv.po: Update from translation team.
2006-10-31 Ulrich Drepper <drepper@redhat.com>
* stdlib/atexit.c (atexit): Don't mark as hidden when used to
generate compatibility version.
2006-10-29 Ulrich Drepper <drepper@redhat.com>
* configure.in: Relax -z relro requirement a bit.
* po/sv.po: Update from translation team.
2006-10-29 Jakub Jelinek <jakub@redhat.com>
* elf/dl-sym.c (do_sym): Use RTLD_SINGLE_THREAD_P.
* elf/dl-runtime.c (_dl_fixup, _dl_profile_fixup): Likewise.
* elf/dl-close.c (_dl_close_worker): Likewise.
* elf/dl-open.c (_dl_open_worker): Likewise.
* sysdeps/generic/sysdep-cancel.h (RTLD_SINGLE_THREAD_P): Define.
* configure.in: Require assembler support for visibility, compiler
support for visibility and aliases, linker support for various -z
options.
* Makeconfig: Remove conditional code which now is unnecessary.
* config.h.in: Likewise.
* config.make.in: Likewise.
* dlfcn/Makefile: Likewise.
* elf/Makefile: Likewise.
* elf/dl-load.c: Likewise.
* elf/rtld.c: Likewise.
* include/libc-symbols.h: Likewise.
* include/stdio.h: Likewise.
* io/Makefile: Likewise.
* io/fstat.c: Likewise.
* io/fstat64.c: Likewise.
* io/fstatat.c: Likewise.
* io/fstatat64.c: Likewise.
* io/lstat.c: Likewise.
* io/lstat64.c: Likewise.
* io/mknod.c: Likewise.
* io/mknodat.c: Likewise.
* io/stat.c: Likewise.
* io/stat64.c: Likewise.
* libio/stdio.c: Likewise.
* nscd/Makefile: Likewise.
* stdlib/Makefile: Likewise.
* stdlib/atexit.c: Likewise.
* sysdeps/generic/ldsodefs.h: Likewise.
* sysdeps/i386/dl-machine.h: Likewise.
* sysdeps/i386/sysdep.h: Likewise.
* sysdeps/i386/i686/memcmp.S: Likewise.
* sysdeps/powerpc/powerpc32/sysdep.h: Likewise.
* sysdeps/unix/sysv/linux/i386/sigaction.c: Likewise.
* sysdeps/unix/sysv/linux/x86_64/sigaction.c: Likewise.
* Makerules: USE_TLS support is now default.
* tls.make.c: Likewise.
* csu/Versions: Likewise.
* csu/libc-start.c: Likewise.
* csu/libc-tls.c: Likewise.
* csu/version.c: Likewise.
* dlfcn/dlinfo.c: Likewise.
* elf/dl-addr.c: Likewise.
* elf/dl-cache.c: Likewise.
* elf/dl-close.c: Likewise.
* elf/dl-iteratephdr.c: Likewise.
* elf/dl-load.c: Likewise.
* elf/dl-lookup.c: Likewise.
* elf/dl-object.c: Likewise.
* elf/dl-open.c: Likewise.
* elf/dl-reloc.c: Likewise.
* elf/dl-support.c: Likewise.
* elf/dl-sym.c: Likewise.
* elf/dl-sysdep.c: Likewise.
* elf/dl-tls.c: Likewise.
* elf/ldconfig.c: Likewise.
* elf/rtld.c: Likewise.
* elf/tst-tls-dlinfo.c: Likewise.
* elf/tst-tls1.c: Likewise.
* elf/tst-tls10.h: Likewise.
* elf/tst-tls14.c: Likewise.
* elf/tst-tls2.c: Likewise.
* elf/tst-tls3.c: Likewise.
* elf/tst-tls4.c: Likewise.
* elf/tst-tls5.c: Likewise.
* elf/tst-tls6.c: Likewise.
* elf/tst-tls7.c: Likewise.
* elf/tst-tls8.c: Likewise.
* elf/tst-tls9.c: Likewise.
* elf/tst-tlsmod1.c: Likewise.
* elf/tst-tlsmod13.c: Likewise.
* elf/tst-tlsmod13a.c: Likewise.
* elf/tst-tlsmod14a.c: Likewise.
* elf/tst-tlsmod2.c: Likewise.
* elf/tst-tlsmod3.c: Likewise.
* elf/tst-tlsmod4.c: Likewise.
* elf/tst-tlsmod5.c: Likewise.
* elf/tst-tlsmod6.c: Likewise.
* include/errno.h: Likewise.
* include/link.h: Likewise.
* include/tls.h: Likewise.
* locale/global-locale.c: Likewise.
* locale/localeinfo.h: Likewise.
* malloc/arena.c: Likewise.
* malloc/hooks.c: Likewise.
* malloc/malloc.c: Likewise.
* resolv/Versions: Likewise.
* sysdeps/alpha/dl-machine.h: Likewise.
* sysdeps/alpha/libc-tls.c: Likewise.
* sysdeps/generic/ldsodefs.h: Likewise.
* sysdeps/generic/tls.h: Likewise.
* sysdeps/i386/dl-machine.h: Likewise.
* sysdeps/ia64/dl-machine.h: Likewise.
* sysdeps/ia64/libc-tls.c: Likewise.
* sysdeps/mach/hurd/fork.c: Likewise.
* sysdeps/mach/hurd/i386/tls.h: Likewise.
* sysdeps/powerpc/powerpc32/dl-machine.c: Likwise.
* sysdeps/powerpc/powerpc32/dl-machine.h: Likewise.
* sysdeps/powerpc/powerpc64/dl-machine.h: Likewise.
* sysdeps/s390/libc-tls.c: Likewise.
* sysdeps/s390/s390-32/dl-machine.h: Likewise.
* sysdeps/s390/s390-64/dl-machine.h: Likewise.
* sysdeps/sh/dl-machine.h: Likewise.
* sysdeps/sparc/sparc32/dl-machine.h: Likewise.
* sysdeps/sparc/sparc64/dl-machine.h: Likewise.
* sysdeps/x86_64/dl-machine.h: Likewise.
[BZ #3426]
* stdlib/stdlib.h: Adjust comment for canonicalize_file_name to
reality.
2006-10-27 Jakub Jelinek <jakub@redhat.com>
* elf/dl-lookup.c (_dl_debug_bindings): Remove unused symbol_scope
argument.
(_dl_lookup_symbol_x): Adjust caller.
* sysdeps/generic/ldsodefs.h (struct link_namespaces): Remove
_ns_global_scope.
* elf/rtld.c (dl_main): Don't initialize _ns_global_scope.
* elf/dl-libc.c: Revert l_scope name changes.
* elf/dl-load.c: Likewise.
* elf/dl-object.c: Likewise.
* elf/rtld.c: Likewise.
* elf/dl-close.c (_dl_close): Likewise.
* elf/dl-open.c (dl_open_worker): Likewise. If not SINGLE_THREAD_P,
always use __rtld_mrlock_{change,done}. Always free old scope list
here if not l_scope_mem.
* elf/dl-runtime.c (_dl_fixup, _dl_profile_fixup): Revert l_scope name
change. Never free scope list here. Just __rtld_mrlock_lock before
the lookup and __rtld_mrlock_unlock it after the lookup.
* elf/dl-sym.c: Likewise.
* include/link.h (struct r_scoperec): Remove.
(struct link_map): Replace l_scoperec with l_scope, l_scoperec_mem
with l_scope_mem and l_scoperec_lock with l_scope_lock.
2006-10-25 Ulrich Drepper <drepper@redhat.com>
* sysdeps/gnu/netinet/tcp.h: Define TCP_CONGESTION.
2006-10-18 Ulrich Drepper <drepper@redhat.com>
* configure.in: Disable building profile libraries by default.
2006-10-18 Ulrich Drepper <drepper@redhat.com>
* elf/dl-lookup.c (_dl_lookup_symbol_x): Add warning to
_dl_lookup_symbol_x code.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
* elf/dl-runtime.c: Include sysdep-cancel.h.
(_dl_fixup, _dl_profile_fixup): Use __rtld_mrlock_* and
scoperec->nusers only if !SINGLE_THREAD_P. Use atomic_*
instead of catomic_* macros.
* elf/dl-sym.c: Include sysdep-cancel.h.
(do_sym): Use __rtld_mrlock_* and scoperec->nusers only
if !SINGLE_THREAD_P. Use atomic_* instead of catomic_* macros.
* elf/dl-close.c: Include sysdep-cancel.h.
(_dl_close): Use __rtld_mrlock_* and scoperec->nusers only
if !SINGLE_THREAD_P. Use atomic_* instead of catomic_* macros.
* elf/dl-open.c: Include sysdep-cancel.h.
(dl_open_worker): Use __rtld_mrlock_* and scoperec->nusers only
if !SINGLE_THREAD_P. Use atomic_* instead of catomic_* macros.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
[BZ #3313]
* malloc/malloc.c (malloc_consolidate): Set maxfb to address of last
fastbin rather than end of fastbin array.
2006-10-18 Ulrich Drepper <drepper@redhat.com>
* sysdeps/i386/i486/bits/atomic.h (catomic_decrement): Use correct
body macro.
* sysdeps/x86_64/bits/atomic.h
(__arch_c_compare_and_exchange_val_64_acq): Add missing casts.
(catomic_decrement): Use correct body macro.
2006-10-17 Jakub Jelinek <jakub@redhat.com>
* include/atomic.h: Add a unique prefix to all local variables
in macros.
* csu/tst-atomic.c (do_test): Test also catomic_* macros.
2006-10-14 Ulrich Drepper <drepper@redhat.com>
* resolv/arpa/nameser.h: Document that ns_t_a6 is deprecated.
[BZ #3313]
* malloc/malloc.c (malloc_consolidate): Don't use get_fast_max to
determine highest fast bin to consolidate, always look into all of
them.
(do_check_malloc_state): Only require for empty bins for large
sizes in main arena.
* libio/stdio.h: Add more __wur attributes.
2006-11-12 Andreas Jaeger <aj@suse.de>
[BZ #2510]
* manual/search.texi (Hash Search Function): Clarify.
(Array Search Function): Clarify.
2006-11-12 Joseph Myers <joseph@codesourcery.com>
[BZ #2830]
* math/atest-exp.c (main): Cast hex value to mp_limb_t before
shifting.
* math/atest-exp2.c (read_mpn_hex): Likewise.
* math/atest-sincos.c (main): Likewise.
* sysdeps/unix/sysv/linux/syscalls.list: Add epoll_pwait.
* sysdeps/unix/sysv/linux/sys/epoll.h: Declare epoll_pwait.
* sysdeps/unix/sysv/linux/Versions (libc): Add epoll_pwait for
version GLIBC_2.6.
* Versions.def: Add GLIBC_2.6 for libc.
* sysdeps/i386/i486/bits/atomic.h: Add catomic_* support.
2006-10-11 Jakub Jelinek <jakub@redhat.com>
* malloc/malloc.c (_int_malloc): Remove unused any_larger variable.
* nis/nis_defaults.c (__nis_default_access): Don't call getenv twice.
* nis/nis_subr.c (nis_getnames): Use __secure_getenv instead of getenv.
* sysdeps/generic/unsecvars.h: Add NIS_PATH.
2006-10-11 Ulrich Drepper <drepper@redhat.com>
* include/atomic.c: Define catomic_* operations.
* sysdeps/x86_64/bits/atomic.h: Likewise. Fix a few minor problems.
* stdlib/cxa_finalize.c: Use catomic_* operations instead of atomic_*.
* malloc/memusage.c: Likewise.
* gmon/mcount.c: Likewise.
* elf/dl-close.c: Likewise.
* elf/dl-open.c: Likewise.
* elf/dl-profile.c: Likewise.
* elf/dl-sym.c: Likewise.
* elf/dl-runtime.c: Likewise.
* elf/dl-fptr.c: Likewise.
* resolv/res_libc.c: Likewise.
2006-10-10 Roland McGrath <roland@frob.com>
* sysdeps/mach/hurd/utimes.c: Use a union to avoid an improper cast.
* sysdeps/mach/hurd/futimes.c: Likewise.
* sysdeps/mach/hurd/lutimes.c: Likewise.
2006-10-09 Ulrich Drepper <drepper@redhat.com>
Jakub Jelinek <jakub@redhat.com>
Implement reference counting of scope records.
* elf/dl-close.c (_dl_close): Remove all scopes from removed objects
from the list in objects which remain. Always allocate new scope
record.
* elf/dl-open.c (dl_open_worker): When growing array for scopes,
don't resize, allocate a new one.
* elf/dl-runtime.c: Update reference counters before using a scope
array.
* elf/dl-sym.c: Likewise.
* elf/dl-libc.c: Adjust for l_scope name change.
* elf/dl-load.c: Likewise.
* elf/dl-object.c: Likewise.
* elf/rtld.c: Likewise.
* include/link.h: Include <rtld-lowlevel.h>. Define struct
r_scoperec. Replace r_scope with pointer to r_scoperec structure.
Add l_scoperec_lock.
* sysdeps/generic/ldsodefs.h: Include <rtld-lowlevel.h>.
* sysdeps/generic/rtld-lowlevel.h: New file.
* include/atomic.h: Rename atomic_and to atomic_and_val and
atomic_or to atomic_or_val. Define new macros atomic_and and
atomic_or which do not return values.
* sysdeps/x86_64/bits/atomic.h: Define atomic_and and atomic_or.
Various cleanups.
* sysdeps/i386/i486/bits/atomic.h: Likewise.
* po/sv.po: Update from translation team.
2006-10-07 Ulrich Drepper <drepper@redhat.com>
* Versions.def: Add GLIBC_2.6 to libpthread.
* include/shlib-compat.h (SHLIB_COMPAT): Expand parameters before use.
(versioned_symbol): Likewise.
(compat_symbol): Likewise.
* po/tr.po: Update from translation team.
* nis/Banner: Removed. It's been integral part forever and the
author info is incomplete anyway.
* libio/Banner: Likewise.
2006-10-06 Ulrich Drepper <drepper@redhat.com>
* version.h (VERSION): Bump to 2.5.90 for new development tree.
2007-01-11 22:51:07 +01:00
|
|
|
dbg_log (_("Failed to drop capabilities"));
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, 0, _("cap_set_proc failed"));
|
2006-04-26 18:29:29 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new_caps;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
install_real_capabilities (cap_t new_caps)
|
|
|
|
|
{
|
|
|
|
|
/* If we have no capabilities there is nothing to do here. */
|
|
|
|
|
if (new_caps == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (cap_set_proc (new_caps))
|
|
|
|
|
{
|
|
|
|
|
cap_free (new_caps);
|
|
|
|
|
dbg_log (_("Failed to drop capabilities"));
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, 0, _("cap_set_proc failed"));
|
2006-04-26 18:29:29 +02:00
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cap_free (new_caps);
|
|
|
|
|
|
|
|
|
|
if (prctl (PR_SET_KEEPCAPS, 0) == -1)
|
|
|
|
|
{
|
|
|
|
|
dbg_log (_("Failed to unset keep-capabilities"));
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
|
2006-04-26 18:29:29 +02:00
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
# endif /* HAVE_LIBCAP */
|
2005-06-15 00:52:30 +02:00
|
|
|
#endif /* HAVE_LIBAUDIT */
|
2004-09-17 02:04:18 +02:00
|
|
|
|
|
|
|
|
/* Determine if we are running on an SELinux kernel. Set selinux_enabled
|
|
|
|
|
to the result. */
|
|
|
|
|
void
|
|
|
|
|
nscd_selinux_enabled (int *selinux_enabled)
|
|
|
|
|
{
|
|
|
|
|
*selinux_enabled = is_selinux_enabled ();
|
|
|
|
|
if (*selinux_enabled < 0)
|
|
|
|
|
{
|
|
|
|
|
dbg_log (_("Failed to determine if kernel supports SELinux"));
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, 0, NULL);
|
2004-09-17 02:04:18 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Create thread for AVC netlink notification. */
|
|
|
|
|
static void *
|
|
|
|
|
avc_create_thread (void (*run) (void))
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
rc =
|
|
|
|
|
pthread_create (&avc_notify_thread, NULL, (void *(*) (void *)) run, NULL);
|
|
|
|
|
if (rc != 0)
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, rc, _("Failed to start AVC thread"));
|
2004-09-17 02:04:18 +02:00
|
|
|
|
|
|
|
|
return &avc_notify_thread;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Stop AVC netlink thread. */
|
|
|
|
|
static void
|
|
|
|
|
avc_stop_thread (void *thread)
|
|
|
|
|
{
|
|
|
|
|
pthread_cancel (*(pthread_t *) thread);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Allocate a new AVC lock. */
|
|
|
|
|
static void *
|
|
|
|
|
avc_alloc_lock (void)
|
|
|
|
|
{
|
|
|
|
|
pthread_mutex_t *avc_mutex;
|
|
|
|
|
|
|
|
|
|
avc_mutex = malloc (sizeof (pthread_mutex_t));
|
|
|
|
|
if (avc_mutex == NULL)
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, errno, _("Failed to create AVC lock"));
|
2004-09-17 02:04:18 +02:00
|
|
|
pthread_mutex_init (avc_mutex, NULL);
|
|
|
|
|
|
|
|
|
|
return avc_mutex;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Acquire an AVC lock. */
|
|
|
|
|
static void
|
|
|
|
|
avc_get_lock (void *lock)
|
|
|
|
|
{
|
|
|
|
|
pthread_mutex_lock (lock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Release an AVC lock. */
|
|
|
|
|
static void
|
|
|
|
|
avc_release_lock (void *lock)
|
|
|
|
|
{
|
|
|
|
|
pthread_mutex_unlock (lock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Free an AVC lock. */
|
|
|
|
|
static void
|
|
|
|
|
avc_free_lock (void *lock)
|
|
|
|
|
{
|
|
|
|
|
pthread_mutex_destroy (lock);
|
|
|
|
|
free (lock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Initialize the user space access vector cache (AVC) for NSCD along with
|
|
|
|
|
log/thread/lock callbacks. */
|
|
|
|
|
void
|
|
|
|
|
nscd_avc_init (void)
|
|
|
|
|
{
|
|
|
|
|
avc_entry_ref_init (&aeref);
|
|
|
|
|
|
|
|
|
|
if (avc_init ("avc", NULL, &log_cb, &thread_cb, &lock_cb) < 0)
|
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
2014-03-03 18:21:39 +01:00
|
|
|
do_exit (EXIT_FAILURE, errno, _("Failed to start AVC"));
|
2004-09-17 02:04:18 +02:00
|
|
|
else
|
|
|
|
|
dbg_log (_("Access Vector Cache (AVC) started"));
|
2005-06-15 00:52:30 +02:00
|
|
|
#ifdef HAVE_LIBAUDIT
|
|
|
|
|
audit_init ();
|
|
|
|
|
#endif
|
2004-09-17 02:04:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Check the permission from the caller (via getpeercon) to nscd.
|
2014-04-11 00:31:53 +02:00
|
|
|
Returns 0 if access is allowed, 1 if denied, and -1 on error.
|
|
|
|
|
|
|
|
|
|
The SELinux policy, enablement, and permission bits are all dynamic and the
|
|
|
|
|
caching done by glibc is not entirely correct. This nscd support should be
|
|
|
|
|
rewritten to use selinux_check_permission. A rewrite is risky though and
|
|
|
|
|
requires some refactoring. Currently we use symbolic mappings instead of
|
|
|
|
|
compile time constants (which SELinux upstream says are going away), and we
|
|
|
|
|
use security_deny_unknown to determine what to do if selinux-policy* doesn't
|
|
|
|
|
have a definition for the the permission or object class we are looking
|
|
|
|
|
up. */
|
2004-09-17 02:04:18 +02:00
|
|
|
int
|
|
|
|
|
nscd_request_avc_has_perm (int fd, request_type req)
|
|
|
|
|
{
|
|
|
|
|
/* Initialize to NULL so we know what to free in case of failure. */
|
|
|
|
|
security_context_t scon = NULL;
|
|
|
|
|
security_context_t tcon = NULL;
|
|
|
|
|
security_id_t ssid = NULL;
|
|
|
|
|
security_id_t tsid = NULL;
|
|
|
|
|
int rc = -1;
|
2014-04-11 00:31:53 +02:00
|
|
|
security_class_t sc_nscd;
|
|
|
|
|
access_vector_t perm;
|
|
|
|
|
int avc_deny_unknown;
|
|
|
|
|
|
|
|
|
|
/* Check if SELinux denys or allows unknown object classes
|
|
|
|
|
and permissions. It is 0 if they are allowed, 1 if they
|
|
|
|
|
are not allowed and -1 on error. */
|
|
|
|
|
if ((avc_deny_unknown = security_deny_unknown ()) == -1)
|
|
|
|
|
dbg_log (_("Error querying policy for undefined object classes "
|
|
|
|
|
"or permissions."));
|
|
|
|
|
|
|
|
|
|
/* Get the security class for nscd. If this fails we will likely be
|
|
|
|
|
unable to do anything unless avc_deny_unknown is 0. */
|
|
|
|
|
sc_nscd = string_to_security_class ("nscd");
|
2014-05-07 14:08:57 +02:00
|
|
|
if (sc_nscd == 0 && avc_deny_unknown == 1)
|
2014-04-11 00:31:53 +02:00
|
|
|
dbg_log (_("Error getting security class for nscd."));
|
|
|
|
|
|
|
|
|
|
/* Convert permission to AVC bits. */
|
|
|
|
|
perm = string_to_av_perm (sc_nscd, perms[req]);
|
|
|
|
|
if (perm == 0 && avc_deny_unknown == 1)
|
|
|
|
|
dbg_log (_("Error translating permission name "
|
|
|
|
|
"\"%s\" to access vector bit."), perms[req]);
|
|
|
|
|
|
|
|
|
|
/* If the nscd security class was not found or perms were not
|
|
|
|
|
found and AVC does not deny unknown values then allow it. */
|
|
|
|
|
if ((sc_nscd == 0 || perm == 0) && avc_deny_unknown == 0)
|
|
|
|
|
return 0;
|
2004-09-17 02:04:18 +02:00
|
|
|
|
|
|
|
|
if (getpeercon (fd, &scon) < 0)
|
|
|
|
|
{
|
|
|
|
|
dbg_log (_("Error getting context of socket peer"));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (getcon (&tcon) < 0)
|
|
|
|
|
{
|
|
|
|
|
dbg_log (_("Error getting context of nscd"));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2004-10-03 03:21:47 +02:00
|
|
|
if (avc_context_to_sid (scon, &ssid) < 0
|
|
|
|
|
|| avc_context_to_sid (tcon, &tsid) < 0)
|
2004-09-17 02:04:18 +02:00
|
|
|
{
|
|
|
|
|
dbg_log (_("Error getting sid from context"));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-11 00:31:53 +02:00
|
|
|
/* The SELinux API for avc_has_perm conflates access denied and error into
|
|
|
|
|
the return code -1, while nscd_request_avs_has_perm has distinct error
|
|
|
|
|
(-1) and denied (1) return codes. We map the avc_has_perm access denied or
|
|
|
|
|
error into an access denied at the nscd interface level (we do accurately
|
|
|
|
|
report error for the getpeercon, getcon, and avc_context_to_sid interfaces
|
|
|
|
|
used above). */
|
|
|
|
|
rc = avc_has_perm (ssid, tsid, sc_nscd, perm, &aeref, NULL) < 0;
|
2004-09-17 02:04:18 +02:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
if (scon)
|
|
|
|
|
freecon (scon);
|
|
|
|
|
if (tcon)
|
|
|
|
|
freecon (tcon);
|
|
|
|
|
if (ssid)
|
|
|
|
|
sidput (ssid);
|
|
|
|
|
if (tsid)
|
|
|
|
|
sidput (tsid);
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Wrapper to get AVC statistics. */
|
|
|
|
|
void
|
|
|
|
|
nscd_avc_cache_stats (struct avc_cache_stats *cstats)
|
|
|
|
|
{
|
|
|
|
|
avc_cache_stats (cstats);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Print the AVC statistics to stdout. */
|
|
|
|
|
void
|
|
|
|
|
nscd_avc_print_stats (struct avc_cache_stats *cstats)
|
|
|
|
|
{
|
|
|
|
|
printf (_("\nSELinux AVC Statistics:\n\n"
|
|
|
|
|
"%15u entry lookups\n"
|
|
|
|
|
"%15u entry hits\n"
|
|
|
|
|
"%15u entry misses\n"
|
|
|
|
|
"%15u entry discards\n"
|
|
|
|
|
"%15u CAV lookups\n"
|
|
|
|
|
"%15u CAV hits\n"
|
|
|
|
|
"%15u CAV probes\n"
|
|
|
|
|
"%15u CAV misses\n"),
|
|
|
|
|
cstats->entry_lookups, cstats->entry_hits, cstats->entry_misses,
|
|
|
|
|
cstats->entry_discards, cstats->cav_lookups, cstats->cav_hits,
|
|
|
|
|
cstats->cav_probes, cstats->cav_misses);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* HAVE_SELINUX */
|