From: Jakub Jelinek <jakub@redhat.com>
To: Ulrich Drepper <drepper@redhat.com>
Cc: Glibc hackers <libc-hacker@sources.redhat.com>
Subject: [PATCH] Fix nscd -K
Date: Wed, 13 May 2009 23:22:00 -0000 [thread overview]
Message-ID: <20090513233319.GM16681@sunsite.ms.mff.cuni.cz> (raw)
Hi!
When nscd runs with SELinux enabled, running nscd -K might
segfault the daemon before exit, because avc_destroy is called
in the thread calling termination_handler, but other threads
might be busy doing other stuff and possibly calling something that
expects the avc not to be destroyed yet.
2009-05-14 Jakub Jelinek <jakub@redhat.com>
* nscd/selinux.c (nscd_avc_destroy): Removed.
* nscd/selinux.h (nscd_avc_destroy): Likewise.
* nscd/nscd.c (termination_handler): Don't call
nscd_avc_destroy.
--- libc/nscd/nscd.c.jj 2009-02-16 14:47:30.000000000 +0100
+++ libc/nscd/nscd.c 2009-05-14 01:13:59.000000000 +0200
@@ -488,10 +488,6 @@ termination_handler (int signum)
msync (dbs[cnt].head, dbs[cnt].memsize, MS_ASYNC);
}
- /* Shutdown the SELinux AVC. */
- if (selinux_enabled)
- nscd_avc_destroy ();
-
_exit (EXIT_SUCCESS);
}
--- libc/nscd/selinux.c.jj 2007-12-10 09:05:34.000000000 +0100
+++ libc/nscd/selinux.c 2009-05-14 01:15:02.000000000 +0200
@@ -1,5 +1,5 @@
/* SELinux access controls for nscd.
- Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2005, 2006, 2007, 2009 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
@@ -418,15 +418,4 @@ nscd_avc_print_stats (struct avc_cache_s
cstats->cav_probes, cstats->cav_misses);
}
-
-/* Clean up the AVC before exiting. */
-void
-nscd_avc_destroy (void)
-{
- avc_destroy ();
-#ifdef HAVE_LIBAUDIT
- audit_close (audit_fd);
-#endif
-}
-
#endif /* HAVE_SELINUX */
--- libc/nscd/selinux.h.jj 2007-04-23 10:54:02.000000000 +0200
+++ libc/nscd/selinux.h 2009-05-14 01:14:40.000000000 +0200
@@ -1,5 +1,5 @@
/* Header for nscd SELinux access controls.
- Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2006, 2007, 2009 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
@@ -35,8 +35,6 @@ struct avc_cache_stats;
/* Initialize the userspace AVC. */
extern void nscd_avc_init (void);
-/* Destroy the userspace AVC. */
-extern void nscd_avc_destroy (void);
/* Determine if we are running on an SELinux kernel. */
extern void nscd_selinux_enabled (int *selinux_enabled);
/* Check if the client has permission for the request type. */
@@ -55,7 +53,6 @@ extern void install_real_capabilities (c
#else
# define selinux_enabled 0
# define nscd_avc_init() (void) 0
-# define nscd_avc_destroy() (void) 0
# define nscd_selinux_enabled(selinux_enabled) (void) 0
# define nscd_request_avc_has_perm(fd, req) 0
# define nscd_avc_cache_stats(cstats) (void) 0
Jakub
reply other threads:[~2009-05-13 23:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090513233319.GM16681@sunsite.ms.mff.cuni.cz \
--to=jakub@redhat.com \
--cc=drepper@redhat.com \
--cc=libc-hacker@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).