From b2b65393499ae8ce92291853cce582da214049b7 Mon Sep 17 00:00:00 2001
From: Quentin Armitage <quentin@armitage.org.uk>
Date: Wed, 23 Aug 2023 09:39:33 +0100
Subject: [PATCH] lib: Stop setting MAGIC_PRESERVE_ATIME flag

On RedHat systems setting MAGIC_PRESERVE_ATIME caused SELinux errors.

RedHat bugzilla identified in BZ
   https://bugzilla.redhat.com/show_bug.cgi?id=1997148
that this was caused by a call to utimensat().

Issue #2333 identified that setting MAGIC_PRESERVE_ATIME triggers the
call of utimensat(). Inspecting src/magic.c in the "file" utility source
code shows that the call of utimensat() was made due to utimes() being
called. glibc maps this to a call of utimensat().

Although setting the flag, and hence preserving atime when ascertaining
the file type is not unreasonable, the atime will be modified anyway
when the file is subsequently executed. Also it is clear from the
"file" code in src/magic.c, that not only is the atime not properly
restored when MAGIC_PRESERVE_ATIME is set, but that mtime is also
modified, even though the file has not been modified. This is due to
close_and_restore() in src/magic.c only restoring the seconds field,
and not the microseconds that utimes() can specify, and that
utime()/utimes() update both the atime and mtime fields. Consequently
the fractions of a second of atime and mtime are both set to 0.

Further, there is a comment in src/magic.c:
    /*
     * Try to restore access, modification times if read it.
     * This is really *bad* because it will modify the status
     * time of the file... And of course this will affect
     * backup programs
     */

We don't want to be doing *bad* things in keepalived, so that reinforces
removing MAGIC_PRESERVE_ATIME.

Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
---
 lib/keepalived_magic.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/keepalived_magic.h b/lib/keepalived_magic.h
index ff97aa2ba3..f1c2fa99e8 100644
--- a/lib/keepalived_magic.h
+++ b/lib/keepalived_magic.h
@@ -31,7 +31,7 @@
 static inline magic_t
 ka_magic_open(void)
 {
-	magic_t magic = magic_open(MAGIC_PRESERVE_ATIME | MAGIC_ERROR | MAGIC_NO_CHECK_CDF | MAGIC_NO_CHECK_COMPRESS);
+	magic_t magic = magic_open(MAGIC_ERROR | MAGIC_NO_CHECK_CDF | MAGIC_NO_CHECK_COMPRESS);
 	if (!magic)
 		log_message(LOG_INFO, "Unable to open magic");
 	else if (magic_load(magic, NULL)) {