libsemanage: open lock_file with O_RDWR

bachradsusi · bachradsusi · commit 96569bd98de1 · 2024-11-11T13:27:47.000+01:00
man 2 flock:
    Since Linux 2.6.12, NFS clients support flock() locks by emulating
    them as fcntl(2) byte-range locks on the entire file.  This means
    that fcntl(2) and  flock()  locks  do  interact with one another
    over NFS.  It also means that in order to place an exclusive lock,
    the file must be opened for writing.

Fixes:
    # semanage fcontext -d -e /home /tmp/testdir
    libsemanage.semanage_get_lock: Error obtaining direct transaction lock at /var/lib/selinux/targeted/semanage.trans.LOCK. (Bad file descriptor).
    OSError: Bad file descriptor

Signed-off-by: Petr Lautrbach &lt;lautrbach@redhat.com&gt;
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
@@ -1899,14 +1899,12 @@ static int semanage_get_lock(semanage_handle_t * sh,
 	struct timeval origtime, curtime;
 	int got_lock = 0;
 
-	if ((fd = open(lock_file, O_RDONLY)) == -1) {
-		if ((fd =
-		     open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
-			  S_IRUSR | S_IWUSR)) == -1) {
-			ERR(sh, "Could not open direct %s at %s.", lock_name,
-			    lock_file);
-			return -1;
-		}
+	if ((fd =
+	     open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
+		  S_IRUSR | S_IWUSR)) == -1) {
+		ERR(sh, "Could not open direct %s at %s.", lock_name,
+		    lock_file);
+		return -1;
 	}
 	if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) {
 		ERR(sh, "Could not set close-on-exec for %s at %s.", lock_name,
