selinux: fix SEGV during switch-root if SELinux policy loaded

If you've got SELinux policy loaded, label_hnd is your labeling handle.
When systemd is shutting down, we free that handle via mac_selinux_finish().

But: switch_root() calls mkdir_p_label(), which tries to look up a label
using that freed handle, and so we get a bunch of garbage and eventually
SEGV in libselinux.

(This doesn't happen in the switch-root from initramfs to real root because
there's no SELinux policy loaded in initramfs, so label_hnd is NULL and we
never attempt any lookups.)

So: make sure that mac_selinux_finish() actually sets label_hnd to NULL, so
nobody tries to use it after it becomes invalid.

https://bugzilla.redhat.com/show_bug.cgi?id=1185604

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index a8d5fc4f3e8f372c3611dbd9caed137c3663b2a8..7c58985cd26ae29975e4e7fc5458a5e5dd6b12d6 100644 (file)
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -116,6 +116,7 @@ void mac_selinux_finish(void) {
                 return;
 
         selabel_close(label_hnd);
                 return;
 
         selabel_close(label_hnd);

+        label_hnd = NULL;

 #endif
 }
 
 #endif
 }