diff options
author | Luca BRUNO <luca.bruno@coreos.com> | 2022-01-11 15:39:30 +0000 |
---|---|---|
committer | Luca BRUNO <luca.bruno@coreos.com> | 2022-01-11 15:56:13 +0000 |
commit | 840cd7ab2da3e9992a6b91ba312a702e3ba55e0d (patch) | |
tree | fd4cae3f4a90624a1eaba93542660a259612c0b0 | |
parent | 7cc84819078aec6b9637b3ad29712ca3e2f8433e (diff) | |
download | ostree-840cd7ab2da3e9992a6b91ba312a702e3ba55e0d.tar.gz |
libostree/sepolicy: get rid of a g_setenv() call
This removes a 'g_setenv()' call, which could potentially be unsafe
in a multi-thread context.
The current libselinux codebase does not seem to check for
`LIBSELINUX_DISABLE_PCRE_PRECOMPILED`, so I think this has no effects
nowadays.
Additionally, I could not find any reference to it in libselinux
git history, so I'm not sure if it ever played any role at all.
My current understanding is that this is coming from version
incompatibilities between an older libselinux in the build environment
and a newer policy (with precompiled regexs) in the target.
But from the ML discussion I found, I think it eventually got
solved in a different way, possibly by avoiding the policy binary
caches.
Refs:
* https://www.spinics.net/lists/selinux/msg14822.html
* https://github.com/ostreedev/ostree/pull/2513#discussion_r781042884
-rw-r--r-- | src/libostree/ostree-sepolicy.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/src/libostree/ostree-sepolicy.c b/src/libostree/ostree-sepolicy.c index 0fed6457..5fd59a82 100644 --- a/src/libostree/ostree-sepolicy.c +++ b/src/libostree/ostree-sepolicy.c @@ -422,10 +422,6 @@ initable_init (GInitable *initable, { const char *policy_rootpath = gs_file_get_path_cached (policy_root); - /* TODO(lucab): get rid of this setenv(), it may be unsafe in a multi-thread context. */ - if (!g_setenv ("LIBSELINUX_DISABLE_PCRE_PRECOMPILED", "1", FALSE)) - return glnx_throw (error, "Failed to set environment variable LIBSELINUX_DISABLE_PCRE_PRECOMPILED"); - if (selinux_set_policy_root (policy_rootpath) != 0) return glnx_throw_errno_prefix (error, "selinux_set_policy_root(%s)", policy_rootpath); |