This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Lock in centos 6.4 and redhat enterprise 6 using chcon
- From: Stefano Borini <stefano dot borini at quantumwise dot com>
- To: libc-help at sourceware dot org
- Date: Mon, 02 Feb 2015 09:35:54 +0100
- Subject: Lock in centos 6.4 and redhat enterprise 6 using chcon
- Authentication-results: sourceware.org; auth=none
Good morning,
I am encountering a strange hang with the selinux chcon utility trying
the following operation
chcon -t texrel_shlib_t /tmp/subdir/withheldpath
where withheld path is a .so that is going to be accessed with dlopen.
I am not invoking the chcon command directly nor performing the dlopen,
a closed-source library does that, apparently to prepare the .so for
dlopening.
Note that if I try the same operation from the command line no hang occurs.
I am unable to understand the details of what may cause this. I already
posted to selinux mailing list, where they suggested it's a potential
glibc issue, so I am asking your opinion on the topic.
This is the backtrace of chcon, apparently involving some thread local
storage
#0 0x0000003e3ea00b64 in rtld_lock_default_lock_recursive () from
/lib64/ld-linux-x86-64.so.2
#1 0x0000003e3ea11257 in tls_get_addr_tail () from
/lib64/ld-linux-x86-64.so.2
#2 0x0000003e3ea11660 in __tls_get_addr () from /lib64/ld-linux-x86-64.so.2
#3 0x0000003e40a14334 in selinux_raw_to_trans_context () from
/lib64/libselinux.so.1
#4 0x0000003e40a0ca7a in getfilecon () from /lib64/libselinux.so.1
Checking the tls_get_addr_tail function, it is apparently stuck in the
again: loop
http://code.woboq.org/userspace/glibc/elf/dl-tls.c.html#742
I have only access to the centos 6.4 and can run additional
non-destructive tests if needed. It's a customer machine so I am unable
to say if modifications have been done to it when it comes to security,
although I suspect it's a standard centos6.4 installation with selinux
enabled. However, attempts to reproduce the issue on a similar
installation failed.
Unfortunately I cannot propose an upgrade to the customer. I am trying
to find a workaround, and I am also curious about what's going on exactly.
I am using a default centos6.4 version, but just for reference, it's gcc
4.4.7 20120313, ldd says 2.12.
Thank you for your help.
--
Stefano Borini
QuantumWise A/S