LU-16977 utils: access_log_reader accesses beyond batch array

[fs/lustre-release.git] / lustre / utils / l_getsepol.c

diff --git a/lustre/utils/l_getsepol.c b/lustre/utils/l_getsepol.c
index effa8e1..990d016 100644 (file)
--- a/lustre/utils/l_getsepol.c
+++ b/lustre/utils/l_getsepol.c
@@ -69,6 +69,8 @@ static void errlog(const char *fmt, ...)
 
        va_start(args, fmt);
        vsyslog(LOG_NOTICE, fmt, args);
+       if (isatty(STDIN_FILENO))
+               vfprintf(stderr, fmt, args);
        va_end(args);
 
        closelog();
@@ -205,7 +207,7 @@ int get_opts(int argc, char *const argv[])
                ref_pol_mtime = (time_t)strtoul(sel_mtime, &res, 0);
                if (*res != '\0') {
                        /* not a valid number */
-                       errlog("invalid sel_mtime");
+                       errlog("invalid sel_mtime\n");
                        return -EINVAL;
                }
        }
@@ -214,7 +216,7 @@ int get_opts(int argc, char *const argv[])
                ref_selinux_mode = sel_mode[0] - '0';
                if (ref_selinux_mode != 0 && ref_selinux_mode != 1) {
                        /* not a valid enforcing mode */
-                       errlog("invalid sel_mode");
+                       errlog("invalid sel_mode\n");
                        return -EINVAL;
                }
        }
@@ -329,8 +331,9 @@ int main(int argc, char **argv)
        int policyver = 0;
        char pol_bin_path[PATH_MAX + 1];
        struct stat st;
-       time_t policymtime;
+       time_t policymtime = 0;
        int enforce;
+       int is_selinux;
        char *policy_type = NULL;
        unsigned char *mdval = NULL;
        unsigned int mdsize = 0;
@@ -342,25 +345,47 @@ int main(int argc, char **argv)
        if (rc < 0)
                goto out;
 
-       /* Version of loaded policy */
-       policyver = security_policyvers();
-       if (policyver < 0) {
-               errlog("unknown policy version: %s\n", strerror(errno));
+       is_selinux = is_selinux_enabled();
+       if (is_selinux < 0) {
+               errlog("is_selinux_enabled() failed\n");
                rc = -errno;
                goto out;
        }
 
-       /* Path of binary policy file */
-       snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
-                selinux_binary_policy_path(), policyver);
+       if (!is_selinux) {
+               errlog("SELinux is disabled, ptlrpc 'send_sepol' value should be set to 0\n");
+               rc = -ENODEV;
+               goto out;
+       }
 
-       /* Stat binary policy file */
-       if (stat(pol_bin_path, &st)) {
-               errlog("can't stat %s: %s\n", pol_bin_path, strerror(errno));
+       /* Max version of loaded policy */
+       policyver = security_policyvers();
+       if (policyver < 0) {
+               errlog("unknown policy version: %s\n", strerror(errno));
                rc = -errno;
                goto out;
        }
-       policymtime = st.st_mtime;
+
+       while (policymtime == 0) {
+               /* Path of binary policy file */
+               snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
+                        selinux_binary_policy_path(), policyver);
+
+               /* Stat binary policy file */
+               if (stat(pol_bin_path, &st)) {
+                       if (policyver > 0) {
+                               policyver--;
+                       } else {
+                               errlog("can't stat %s.*: %s\n",
+                                      selinux_binary_policy_path(),
+                                      strerror(errno));
+                               rc = -errno;
+                               goto out;
+                       }
+               } else {
+                       policymtime = st.st_mtime;
+               }
+       }
 
        /* Determine if SELinux is in permissive or enforcing mode */
        enforce = security_getenforce();