libselinux: only mount /proc if necessary

Commit 9df4988 ("libselinux: Mount procfs before checking /proc/filesystems") changed selinuxfs_exists() to always try mounting /proc before reading /proc/filesystems. However, this is unnecessary if /proc is already mounted and can produce avc denials if the process is not allowed to perform the mount. Check first to see if /proc is already present and only try the mount if it is not. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
SELinuxProject · Feb 29, 2016 · 5a8d8c4 · 5a8d8c4
1 parent 085d7c9
commit 5a8d8c4
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/libselinux/src/init.c b/libselinux/src/init.c
@@ -12,6 +12,7 @@
 #include <stdint.h>
 #include <limits.h>
 #include <sys/mount.h>
+#include <linux/magic.h>
 
 #include "dso.h"
 #include "policy.h"
@@ -57,13 +58,19 @@ static int verify_selinuxmnt(const char *mnt)
 
 int selinuxfs_exists(void)
 {
-	int exists = 0, mnt_rc = 0;
+	int exists = 0, mnt_rc = -1, rc;
+	struct statfs sb;
 	FILE *fp = NULL;
 	char *buf = NULL;
 	size_t len;
 	ssize_t num;
 
-	mnt_rc = mount("proc", "/proc", "proc", 0, 0);
+	do {
+		rc = statfs("/proc", &sb);
+	} while (rc < 0 && errno == EINTR);
+
+	if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC))
+		mnt_rc = mount("proc", "/proc", "proc", 0, 0);
 
 	fp = fopen("/proc/filesystems", "r");
 	if (!fp) {