If not initialized to the current policyload count, an enforcing change
will trigger policyload-callbacks in selinux_status_updated().
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libselinux/src/sestatus.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index ca2d3bbf..9ff2785d 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -278,9 +278,10 @@ static int fallback_cb_policyload(int policyload)
*/
int selinux_status_open(int fallback)
{
- int fd;
- char path[PATH_MAX];
- long pagesize;
+ int fd;
+ char path[PATH_MAX];
+ long pagesize;
+ uint32_t seqno;
if (!selinux_mnt) {
errno = ENOENT;
@@ -304,6 +305,14 @@ int selinux_status_open(int fallback)
selinux_status_fd = fd;
last_seqno = (uint32_t)(-1);
+ /* sequence must not be changed during references */
+ do {
+ seqno = read_sequence(selinux_status);
+
+ last_policyload = selinux_status->policyload;
+
+ } while (seqno != read_sequence(selinux_status));
+
/* No need to use avc threads if the kernel status page is available */
avc_using_threads = 0;
--
2.28.0
