Description of problem: I found a theoretical crach in mkswap command with SELinux relabeling support. See the following section. It is a part of util-linux-ng-2.13/disk- utils/mkswap.c . ---------------- #ifdef HAVE_LIBSELINUX if (S_ISREG(statbuf.st_mode) && is_selinux_enabled()) { security_context_t context_string; security_context_t oldcontext; context_t newcontext; if ((fgetfilecon(DEV, &oldcontext) < 0) && <-- ATTENTION! (errno != ENODATA)) { fprintf(stderr, _("%s: %s: unable to obtain selinux file label: % s\n"), program_name, device_name, strerror(errno)); exit(1); } if (!(newcontext = context_new(oldcontext))) die(_("unable to create new selinux context")); if (context_type_set(newcontext, SELINUX_SWAPFILE_TYPE)) die(_("couldn't compute selinux context")); context_string = context_str(newcontext); if (strcmp(context_string, oldcontext)!=0) { if (fsetfilecon(DEV, context_string)) { fprintf(stderr, _("%s: unable to relabel %s to %s: %s\n"), program_name, device_name, context_string, strerror(errno)); exit(1); } } context_free(newcontext); freecon(oldcontext); } #endif ---------------- When fgetfilecon() is failed with -ENODATA, this process does not exit. However, "oldcontext" is not initialized in this case, so context_new() will be called with uninitialized "oldcontext" at the next. Finally, it makes a segmentation fault, because context_new() have to refer an incorrect memory region. Version-Release number of selected component (if applicable): - util-linux-ng-2.13-2.fc8.src.rpm The attached patch fixes this matter using matchpathcon(). If we cannot obtain actual file context due to -ENODATA, a context which is returned by matchpathcon() is applied as oldcontext. Then, the type of the context is relabeled to "swapfile_t" explicitly.
Created attachment 225681 [details] The patch fixes the reported matter using matchpathcon()
This bugfix will be included in the next stable update (to v2.13.1). Thanks.