Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 456914 - glibc's _get_nprocs reads /sys/devices/system/cpu/online
Summary: glibc's _get_nprocs reads /sys/devices/system/cpu/online
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
Whiteboard: sec-policy r1
Depends on:
Reported: 2013-02-12 11:17 UTC by Mira Ressel
Modified: 2013-06-16 18:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Mira Ressel 2013-02-12 11:17:56 UTC
glibc's linux-specific implementation of get_nprocs (__get_nprocs in sysdeps/unix/sysv/linux/getsysstats.c" tries to read /sys/devices/system/cpu/online, which has a type of sysfs_t and is therefore not readable for many processes. As a fallback, it uses /proc/stat or /proc/cpuinfo, but they aren't accessible by everyone either.

A solution would be to flag /sys/devices/system/cpu/online as another type, e.g. "cpu_online_t", and allow everyone access to that. But this approach would require an init script for reflagging the file on each boot.
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2013-02-12 18:50:27 UTC
Indeed; this is also the approach that fedora takes in this matter
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2013-03-10 15:29:48 UTC
Is in the repository, will be in rev 13. Am contemplating where/how to push out the init script.
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2013-03-10 15:53:32 UTC
policycoreutils-2.1.13-r8 will provide a "selinux_gentoo" init script that includes a restorecon against the cpu/online file.
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2013-05-06 18:27:18 UTC
In main tree,  ~arch'ed (20130424-r1 release)
Comment 5 Sven Vermeulen (RETIRED) gentoo-dev 2013-06-16 18:00:23 UTC
Now stable in repo