diff --git a/1231512-Set-GLib-IO-channels-to-binary-mode.patch b/1231512-Set-GLib-IO-channels-to-binary-mode.patch new file mode 100644 index 0000000..6354d78 --- /dev/null +++ b/1231512-Set-GLib-IO-channels-to-binary-mode.patch @@ -0,0 +1,30 @@ +By default, GIO channels use UTF-8 as encoding, which causes issues when +reading binary data such as inotify events. + +Signed-off-by: Fabian Vogt +--- + restorecond/user.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/restorecond/user.c b/restorecond/user.c +index 3ae3ebbb7230..7188c22e3119 100644 +--- a/restorecond/user.c ++++ b/restorecond/user.c +@@ -238,6 +238,7 @@ static int local_server(void) { + } + /* watch for stdin/terminal going away */ + GIOChannel *in = g_io_channel_unix_new(0); ++ g_io_channel_set_encoding(in, NULL, NULL); + g_io_add_watch_full( in, + G_PRIORITY_HIGH, + G_IO_IN|G_IO_ERR|G_IO_HUP, +@@ -282,6 +283,7 @@ int server(int master_fd, const char *watch_file) { + set_matchpathcon_flags(MATCHPATHCON_NOTRANS); + + GIOChannel *c = g_io_channel_unix_new(master_fd); ++ g_io_channel_set_encoding(c, NULL, NULL); + + g_io_add_watch_full(c, + G_PRIORITY_HIGH, +-- +2.47.0 diff --git a/1231512-Set-GLib-IO-channels-to-nonblocking.patch b/1231512-Set-GLib-IO-channels-to-nonblocking.patch new file mode 100644 index 0000000..f6b2b17 --- /dev/null +++ b/1231512-Set-GLib-IO-channels-to-nonblocking.patch @@ -0,0 +1,32 @@ +Without nonblocking IO, g_io_channel_read_chars waits indefinitely for more +data without ever returning control to the event loop. + +Set the IO channels to nonblocking to fix SIGTERM handling. + +Signed-off-by: Fabian Vogt +--- + restorecond/user.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/restorecond/user.c b/restorecond/user.c +index 7188c22e3119..25e70ae15b94 100644 +--- a/restorecond/user.c ++++ b/restorecond/user.c +@@ -239,6 +239,7 @@ static int local_server(void) { + /* watch for stdin/terminal going away */ + GIOChannel *in = g_io_channel_unix_new(0); + g_io_channel_set_encoding(in, NULL, NULL); ++ g_io_channel_set_flags(in, g_io_channel_get_flags(in) | G_IO_FLAG_NONBLOCK, NULL); + g_io_add_watch_full( in, + G_PRIORITY_HIGH, + G_IO_IN|G_IO_ERR|G_IO_HUP, +@@ -284,6 +285,7 @@ int server(int master_fd, const char *watch_file) { + + GIOChannel *c = g_io_channel_unix_new(master_fd); + g_io_channel_set_encoding(c, NULL, NULL); ++ g_io_channel_set_flags(c, g_io_channel_get_flags(c) | G_IO_FLAG_NONBLOCK, NULL); + + g_io_add_watch_full(c, + G_PRIORITY_HIGH, +-- +2.47.0 diff --git a/restorecond.changes b/restorecond.changes index 934c3d8..6872e15 100644 --- a/restorecond.changes +++ b/restorecond.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Oct 24 09:58:41 UTC 2024 - Cathy Hu + +- Fix issue where inotify events are not being handled properly + * added: 1231512-Set-GLib-IO-channels-to-binary-mode.patch +- Fix issue where restorecond -u is not terminating with SIGTERM (bsc#1231512) + * added: 1231512-Set-GLib-IO-channels-to-nonblocking.patch + ------------------------------------------------------------------- Mon Jul 1 08:12:59 UTC 2024 - Cathy Hu diff --git a/restorecond.spec b/restorecond.spec index b171319..9000f35 100644 --- a/restorecond.spec +++ b/restorecond.spec @@ -28,6 +28,8 @@ Source0: https://github.com/SELinuxProject/selinux/releases/download/%{ve Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc Source2: restorecond.keyring Patch0: harden_restorecond.service.patch +Patch1: 1231512-Set-GLib-IO-channels-to-binary-mode.patch +Patch2: 1231512-Set-GLib-IO-channels-to-nonblocking.patch BuildRequires: dbus-1-glib-devel BuildRequires: libselinux-devel >= %{libselinux_ver} Requires: libselinux1 >= %{libselinux_ver} @@ -39,6 +41,8 @@ Daemon that watches for file creation and then sets the default SELinux file con %prep %setup -q %patch -P0 -p1 +%patch -P1 -p2 +%patch -P2 -p2 %build export CFLAGS="%optflags"