[Puppet - Bug #3032] (Accepted) Race condition in SELinux mount handling

Mon, 11 Jan 2010 17:27:42 -0800 

Issue #3032 has been updated by Markus Roberts.

Status changed from Investigating to Accepted

This does at exit in MRI 1.8.6-p383 and probably in most other versions of MRI 
which support read_nonblock.
----------------------------------------
Bug #3032: Race condition in SELinux mount handling
http://projects.reductivelabs.com/issues/3032

Author: Markus Roberts
Status: Accepted
Priority: Normal
Assigned to: 
Category: plumbing
Target version: 0.25.4
Affected version: 0.25.3
Keywords: 
Branch: 


There may be a race condition in read_mounts, where a signal (e.g. a timer or 
child terminating in another thread) causes an EINTR while waiting for the 
mounts in read_nonblock.  This should be confirmed and, if present, fixed with 
something like:  


<pre>
diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb
index 3801ecd..1d671b7 100644
--- a/lib/puppet/util/selinux.rb
+++ b/lib/puppet/util/selinux.rb
@@ -149,21 +149,25 @@ module Puppet::Util::SELinux
     end
 
     # Internal helper function to read and parse /proc/mounts
     def read_mounts
         mounts = ""
         begin
             if File.instance_methods.include? "read_nonblock"
                 # If possible we use read_nonblock() in a loop rather than 
read() to work-
                 # a linux kernel bug.  See ticket #1963 for details.
                 mountfh = File.open("/proc/mounts")
-                mounts += mountfh.read_nonblock(1024) while true
+                begin
+                    mounts << mountfh.read_nonblock(1024)
+                rescue Errno::EINTR
+                    # Popped out to process an unrelated signal, not because 
we're done
+                end while true
             else
                 # Otherwise we shell out and let cat do it for us
                 mountfh = IO.popen("/bin/cat /proc/mounts")
                 mounts = mountfh.read
             end
         rescue EOFError
             # that's expected
         rescue
             return nil
         ensure
</pre>


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://reductivelabs.com/redmine/my/account
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to