When I run the following on a F12 system booted with selinux=0, the tcmalloc heap checker complains about a leak somewhere in libselinux:
$ HEAPCHECK=normal LD_PRELOAD=/usr/lib64/libtcmalloc.so.0 /usr/bin/python -c 'import _ssl'
Leak check _main_ detected leaks of 120 bytes in 1 objects The 1 largest leaks: Leak of 120 bytes in 1 objects allocated from: @ 0x3bf9866589 _IO_getdelim @ 0x3bfb40ca53 set_selinuxmnt @ 0x3bfb414fe6 string_to_security_class @ 0x3bfb404cdb _init @ 0x7fff4bdfa8ed 0x00007fff4bdfa8ed
No leak is detected when I run this with selinux enabled. My system has libselinux-2.0.87-1.fc12 installed.
--Ed
On Wed, 2009-12-30 at 16:32 -0800, Ed Swierk wrote:
When I run the following on a F12 system booted with selinux=0, the tcmalloc heap checker complains about a leak somewhere in libselinux:
$ HEAPCHECK=normal LD_PRELOAD=/usr/lib64/libtcmalloc.so.0 /usr/bin/python -c 'import _ssl'
Leak check _main_ detected leaks of 120 bytes in 1 objects The 1 largest leaks: Leak of 120 bytes in 1 objects allocated from: @ 0x3bf9866589 _IO_getdelim @ 0x3bfb40ca53 set_selinuxmnt @ 0x3bfb414fe6 string_to_security_class @ 0x3bfb404cdb _init @ 0x7fff4bdfa8ed 0x00007fff4bdfa8ed
No leak is detected when I run this with selinux enabled. My system has libselinux-2.0.87-1.fc12 installed.
Likely introduced by Eric's short cut for checking /proc/filesystems and bailing immediately in the non-selinux case. Try this:
diff --git a/libselinux/src/init.c b/libselinux/src/init.c index ecb3199..4d010dc 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -59,8 +59,10 @@ static void init_selinuxmnt(void) } fclose(fp);
- if (!exists) + if (!exists) { + free(buf); return; + }
/* At this point, the usual spot doesn't have an selinuxfs so * we look around for it */
On Mon, Jan 4, 2010 at 1:36 PM, Stephen Smalley sds@tycho.nsa.gov wrote:
Likely introduced by Eric's short cut for checking /proc/filesystems and bailing immediately in the non-selinux case. Try this:
There are a couple of other leakage cases to worry about. I submitted a patch here: http://userspace.selinuxproject.org/trac/ticket/10
--Ed
Ed Swierk wrote:
On Mon, Jan 4, 2010 at 1:36 PM, Stephen Smalleysds@tycho.nsa.gov wrote:
Likely introduced by Eric's short cut for checking /proc/filesystems and bailing immediately in the non-selinux case. Try this:
There are a couple of other leakage cases to worry about. I submitted a patch here: http://userspace.selinuxproject.org/trac/ticket/10
Can you send the patch to the list please?
Guidelines on patch preparations are available at: http://userspace.selinuxproject.org/trac/wiki/Contributing
selinux@lists.fedoraproject.org
-
Ed Swierk -
Joshua Brindle -
Stephen Smalley