Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2006-10-17 15:03:44
|
Revision: 2055
http://svn.sourceforge.net/selinux/?rev=2055&view=rev
Author: ssmalley
Date: 2006-10-17 08:03:32 -0700 (Tue, 17 Oct 2006)
Log Message:
-----------
From: Dan Walsh <dw...@re...>
Subject: New policycoreutils patch
Extract fixfiles diff from Fedora policycoreutils-rhat.patch. This
one changes fixfiles -R to use the new -i option for restorecon to
ignore non-existent files, removes the use of -R to restorecon (don't
perform recursive descent on entries returned by rpmlist), protects
$RPMFILES with quotes, and adds a verify command to apply restorecon
-n -o -.
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/fixfiles.8
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2006-10-17 15:00:45 UTC (rev 2054)
+++ trunk/policycoreutils/scripts/fixfiles 2006-10-17 15:03:32 UTC (rev 2055)
@@ -117,8 +117,8 @@
exit $?
fi
if [ ! -z "$RPMFILES" ]; then
- for i in `echo $RPMFILES | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
done
exit $?
fi
@@ -219,7 +219,7 @@
# check if they specified both DIRS and RPMFILES
#
-if [ ! -z $RPMFILES ]; then
+if [ ! -z "$RPMFILES" ]; then
if [ $OPTIND -le $# ]; then
usage
fi
@@ -236,6 +236,7 @@
case "$command" in
restore) restore -p ;;
check) restore -n -v ;;
+ verify) restore -n -o -;;
relabel) relabel;;
*)
usage
Modified: trunk/policycoreutils/scripts/fixfiles.8
===================================================================
--- trunk/policycoreutils/scripts/fixfiles.8 2006-10-17 15:00:45 UTC (rev 2054)
+++ trunk/policycoreutils/scripts/fixfiles.8 2006-10-17 15:03:32 UTC (rev 2055)
@@ -3,9 +3,9 @@
fixfiles \- fix file security contexts.
.SH "SYNOPSIS"
-.B fixfiles [-F] [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel }"
+.B fixfiles [-F] [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel | verify }"
-.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel } [[dir/file] ... ]
+.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
.SH "DESCRIPTION"
This manual page describes the
@@ -48,7 +48,7 @@
One of:
.TP
.B check
-show any incorrect file context labels but do not change them.
+print any incorrect file context labels, showing old and new context, but do not change them.
.TP
.B restore
change any incorrect file context labels.
@@ -56,6 +56,9 @@
.B relabel
Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
.TP
+.B verify
+List out files with incorrect file context labels, but do not change them.
+.TP
.B [[dir/file] ... ]
List of files or directories trees that you wish to check file context on.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-08-23 14:43:15
|
Revision: 2529
http://selinux.svn.sourceforge.net/selinux/?rev=2529&view=rev
Author: ssmalley
Date: 2007-08-23 07:43:09 -0700 (Thu, 23 Aug 2007)
Log Message:
-----------
Author: tm...@tr...
Email: tm...@tr...
Subject: libsemanage: remove genhomedircon python script
Date: Tue, 21 Aug 2007 15:10:46 -0400
remove legacy genhomedircon python script
Modified Paths:
--------------
trunk/policycoreutils/scripts/Makefile
Removed Paths:
-------------
trunk/policycoreutils/scripts/genhomedircon
trunk/policycoreutils/scripts/genhomedircon.8
Modified: trunk/policycoreutils/scripts/Makefile
===================================================================
--- trunk/policycoreutils/scripts/Makefile 2007-08-23 14:42:14 UTC (rev 2528)
+++ trunk/policycoreutils/scripts/Makefile 2007-08-23 14:43:09 UTC (rev 2529)
@@ -5,18 +5,14 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-TARGETS=genhomedircon
+all: fixfiles
-all: $(TARGETS) fixfiles
-
install: all
-mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
install -m 755 chcat $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
install -m 644 chcat.8 $(MANDIR)/man8/
clean:
Deleted: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon 2007-08-23 14:42:14 UTC (rev 2528)
+++ trunk/policycoreutils/scripts/genhomedircon 2007-08-23 14:43:09 UTC (rev 2529)
@@ -1,404 +0,0 @@
-#! /usr/bin/python -E
-# Copyright (C) 2004 Tresys Technology, LLC
-# see file 'COPYING' for use and warranty information
-#
-# genhomedircon - this script is used to generate file context
-# configuration entries for user home directories based on their
-# default prefixes and is run when building the policy. Specifically, we
-# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with
-# generic and user-specific values.
-#
-# Based off original script by Dan Walsh, <dw...@re...>
-#
-# ASSUMPTIONS:
-#
-# The file CONTEXTDIR/files/homedir_template exists. This file is used to
-# set up the home directory context for each real user.
-#
-# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user
-#
-# "Real" users (as opposed to system users) are those whose UID is greater than
-# or equal STARTING_UID (usually 500) and whose login is not a member of
-# EXCLUDE_LOGINS. Users who are explicitly defined in CONTEXTDIR/seusers
-# are always "real" (including root, in the default configuration).
-#
-#
-
-import sys, os, pwd, string, getopt, re
-from semanage import *;
-import selinux
-import gettext
-gettext.install('policycoreutils')
-
-def grep(file, var):
- ret = ""
- fd = open(file, 'r')
-
- for i in fd.readlines():
- if re.search(var, i, 0) != None:
- ret = i
- break
- fd.close()
- return ret
-
-def findval(file, var, delim = ""):
- val = ""
- try:
- fd = open(file, 'r')
- for i in fd.readlines():
- if i.startswith(var) == 1:
- if delim == "":
- val = i.split()[1]
- else:
- val = i.split(delim)[1]
- val = val.split("#")[0]
- val = val.strip()
- fd.close()
- except:
- val = ""
- return val
-
-def getStartingUID():
- starting_uid = sys.maxint
- uid_min = findval("/etc/login.defs", "UID_MIN")
- if uid_min != "":
- uid_min = uid_min.split("#")[0]
- uid_min = uid_min.strip()
- if int(uid_min) < starting_uid:
- starting_uid = int(uid_min)
-
- uid_min = findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
- if uid_min != "":
- uid_min = uid_min.split("#")[0]
- uid_min = uid_min.strip()
- if int(uid_min) < starting_uid:
- starting_uid = int(uid_min)
-
- if starting_uid == sys.maxint:
- starting_uid = 500
- return starting_uid
-
-def getDefaultHomeDir():
- ret = []
- homedir = findval("/etc/default/useradd", "HOME", "=")
- if homedir != "" and not homedir in ret:
- ret.append(homedir)
-
- homedir = findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
- if homedir != "" and not homedir in ret:
- ret.append(homedir)
-
- if ret == []:
- ret.append("/home")
-
- # Add /export/home if it exists
- # Some customers use this for automounted homedirs
- if os.path.exists("/export/home"):
- ret.append("/export/home")
-
- return ret
-
-def getSELinuxType(directory):
- val = findval(directory+"/config", "SELINUXTYPE", "=")
- if val != "":
- return val
- return "targeted"
-
-def usage(rc=0, error = ""):
- if error != "":
- sys.stderr.write("%s\n" % error)
- rc = 1
- sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]\n" % sys.argv[0])
- sys.stderr.flush()
- sys.exit(rc)
-
-def warning(warning = ""):
- sys.stderr.write("%s\n" % warning)
- sys.stderr.flush()
-
-def errorExit(error):
- sys.stderr.write("%s exiting for: " % sys.argv[0])
- sys.stderr.write("%s\n" % error)
- sys.stderr.flush()
- sys.exit(1)
-
-class selinuxConfig:
- def __init__(self, selinuxdir = "/etc/selinux", type = "targeted", usepwd = 1):
- self.semanageHandle = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.semanageHandle)
- if self.semanaged:
- rc = semanage_connect(self.semanageHandle)
- if rc:
- errorExit("Unable to connect to semanage")
- (status, self.ulist) = semanage_user_list(self.semanageHandle)
- self.type = type
- self.selinuxdir = selinuxdir +"/"
- self.contextdir = "/contexts"
- self.filecontextdir = self.contextdir+"/files"
- self.usepwd = usepwd
- self.default_user = "user_u"
- self.default_prefix = "user"
- self.users = self.getUsers()
- fd = open(self.getFileContextFile())
- self.fclines=[]
- for i in fd.readlines():
- try:
- regex = i.split()[0]
- #match a trailing .+
- regex = re.sub("\.+$", "", regex)
- regex = re.sub("\.\*$", "", regex)
- regex = re.sub("\(\/\.\*\)\?", "", regex)
- regex = regex + "/*$"
- self.fclines.append(re.compile(regex))
- except:
- continue
-
- fd.close()
-
- def getFileContextDir(self):
- return self.selinuxdir+self.type+self.filecontextdir
-
- def getFileContextFile(self):
- return self.getFileContextDir()+"/file_contexts"
-
- def getContextDir(self):
- return self.selinuxdir+self.type+self.contextdir
-
- def getHomeDirTemplate(self):
- return self.getFileContextDir()+"/homedir_template"
-
- def getHomeRootContext(self, homedir):
- ret = ""
- fd = open(self.getHomeDirTemplate(), 'r')
-
- for i in fd.readlines():
- if i.find("HOME_ROOT") == 0:
- i = i.replace("HOME_ROOT", homedir)
- ret += i
- fd.close()
- if ret == "":
- errorExit("No Home Root Context Found")
- return ret
-
- def heading(self):
- ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
- if self.semanaged:
- ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n"
- else:
- ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers")
- return ret
-
- def get_default_prefix(self, name):
- for user in self.ulist:
- if semanage_user_get_name(user) == name:
- return semanage_user_get_prefix(user)
- return name
-
- def get_old_prefix(self, user):
- rc = grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user)
- if rc == "":
- rc = grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user)
- if rc != "":
- user = rc.split()
- prefix = user[3]
- if prefix == "{":
- prefix = user[4]
- if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"):
- prefix = prefix[:-2]
- return prefix
-
- def adduser(self, udict, user, seuser, prefix):
- if seuser == self.default_user or user == "__default__" or user == "system_u":
- return
- # !!! chooses first prefix in the list to use in the file context !!!
- try:
- home = pwd.getpwnam(user)[5]
- if home == "/":
- # Probably install so hard code to /root
- if user == "root":
- home = "/root"
- else:
- return
- except KeyError:
- if user == "root":
- home = "/root"
- else:
- sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
- return
- prefs = {}
- prefs["seuser"] = seuser
- prefs["prefix"] = prefix
- prefs["home"] = home
- udict[user] = prefs
-
- def setDefaultUser(self, user, prefix):
- self.default_user = user
- self.default_prefix = prefix
-
- def getUsers(self):
- udict = {}
- if self.semanaged:
- (status, list) = semanage_seuser_list(self.semanageHandle)
- for seuser in list:
- user = []
- seusername = semanage_seuser_get_sename(seuser)
- prefix = self.get_default_prefix(seusername)
- if semanage_seuser_get_name(seuser) == "__default__":
- self.setDefaultUser(seusername, prefix)
-
- self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
-
- else:
- try:
- fd = open(self.selinuxdir+self.type+"/seusers")
- for u in fd.readlines():
- u = u.strip()
- if len(u) == 0 or u[0] == "#":
- continue
- user = u.split(":")
- if len(user) < 2:
- continue
-
- prefix = self.get_old_prefix(user[1])
- self.adduser(udict, user[0], user[1], prefix)
- fd.close()
- except IOError, error:
- # Must be install so force add of root
- self.adduser(udict, "root", "root", "root")
-
- return udict
-
- def getHomeDirContext(self, user, seuser, home, prefix):
- ret = "\n\n#\n# Home Context for user %s\n#\n\n" % user
- fd = open(self.getHomeDirTemplate(), 'r')
- for i in fd.readlines():
- if i.startswith("HOME_DIR") == 1:
- i = i.replace("HOME_DIR", home)
- i = i.replace("ROLE", prefix)
- i = i.replace("system_u", seuser)
- # Validate if the generated context exists. Some user types may not exist
- scon = i.split()[-1]
- if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:
- ret = ret+i
- fd.close()
- return ret
-
- def getUserContext(self, user, sel_user, prefix):
- ret = ""
- fd = open(self.getHomeDirTemplate(), 'r')
- for i in fd.readlines():
- if i.find("USER") >= 0:
- i = i.replace("USER", user)
- i = i.replace("ROLE", prefix)
- i = i.replace("system_u", sel_user)
- ret = ret+i
- fd.close()
- return ret
-
- def genHomeDirContext(self):
- ret = ""
- # Fill in HOME and prefix for users that are defined
- for u in self.users.keys():
- ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
- ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
- return ret+"\n"
-
- def checkExists(self, home):
- for i in self.fclines:
- try:
- if i.match(home):
- return 1
- except:
- continue
- return 0
-
- def getHomeDirs(self):
- homedirs = getDefaultHomeDir()
- starting_uid = getStartingUID()
- if self.usepwd == 0:
- return homedirs
- ulist = pwd.getpwall()
- for u in ulist:
- if u[2] >= starting_uid and \
- u[6] in VALID_SHELLS and \
- u[5] != "/" and \
- string.count(u[5], "/") > 1:
- homedir = u[5][:string.rfind(u[5], "/")]
- if not homedir in homedirs:
- if self.checkExists(homedir) == 1:
- warning("%s homedir %s or its parent directory conflicts with a\ndefined context in %s,\n%s will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
- else:
- homedirs.append(homedir)
-
- homedirs.sort()
- return homedirs
-
- def genoutput(self):
- ret = self.heading()
- for h in self.getHomeDirs():
- ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
- ret += self.getHomeRootContext(h)
- ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
- ret += self.genHomeDirContext()
- return ret
-
- def printout(self):
- print self.genoutput()
-
- def write(self):
- fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w")
- fd.write(self.genoutput())
- fd.close()
-
-if os.getuid() > 0 or os.geteuid() > 0:
- print _("You must be root to run %s.") % sys.argv[0]
- sys.exit(1)
-
-try:
- fd = open("/etc/shells", 'r')
- VALID_SHELLS = fd.read().split("\n")
- fd.close()
- if "/sbin/nologin" in VALID_SHELLS:
- VALID_SHELLS.remove("/sbin/nologin")
- if "" in VALID_SHELLS:
- VALID_SHELLS.remove("")
-except:
- VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
-
-#
-# This script will generate home dir file context
-# based off the homedir_template file, entries in the password file, and
-#
-try:
- usepwd = 1
- directory = "/etc/selinux"
- type = None
- gopts, cmds = getopt.getopt(sys.argv[1:], 'hnd:t:', ['help',
- 'type=',
- 'nopasswd',
- 'dir='])
- for o,a in gopts:
- if o == '--type' or o == "-t":
- type = a
- if o == '--nopasswd' or o == "-n":
- usepwd = 0
- if o == '--dir' or o == "-d":
- directory = a
- if o == '--help' or o == "-h":
- usage()
-except getopt.error, error:
- errorExit(_("Options Error %s ") % error)
-
-if type == None:
- type = getSELinuxType(directory)
-
-if len(cmds) != 0:
- usage(1)
-
-selconf = selinuxConfig(directory, type, usepwd)
-try:
- selconf.write()
-except IOError, error:
- sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
- sys.exit(1)
-
Deleted: trunk/policycoreutils/scripts/genhomedircon.8
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon.8 2007-08-23 14:42:14 UTC (rev 2528)
+++ trunk/policycoreutils/scripts/genhomedircon.8 2007-08-23 14:43:09 UTC (rev 2529)
@@ -1,82 +0,0 @@
-.\" Hey, Emacs! This is an -*- nroff -*- source file.
-.\" Copyright (c) 2005 Manoj Srivastava <sri...@de...>
-.\"
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, write to the Free
-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-.\" USA.
-.\"
-.\"
-.TH GENHOMEDIRCON "8" "January 2005" "Security Enhanced Linux" ""
-.SH NAME
-genhomedircon \- generate SELinux file context configuration entries for user home directories
-.SH SYNOPSIS
-.B genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ] [-h]
-
-.SH OPTIONS
-.TP
-.B "\-h"
-Print a short usage message
-.TP
-.B "\-d selinuxdir (\-\-directory)"
-Directory where selinux files are installed defaults to /etc/selinux
-.TP
-.B
-\-n \-\-nopasswd
-Indicates to the utility not to read homedirectories out of the password database.
-.TP
-\-t selinuxtype (\-\-type)
-Indicates the selinux type of this install. Defaults to "targeted".
-.SH DESCRIPTION
-.PP
-This utility is used to generate file context configuration entries for
-user home directories based on their
-.B prefix
-entry in the the
-.B semanage user record.
-genhomedircon is run when building
-the policy. It is also run automaticaly when ever the
-.B semanage
-utility modifies
-.B user
-or
-.B login
-records.
-Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
-.I /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template
-file with generic and user-specific values. HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located. Defaults to /home. ROLE is replaced based on the prefix entry in the
-.B user
-record.
-.PP
-genhomedircon searches through all password entires for all "login" user home directories, (as opposed
-to system users). Login users are those whose UID is greater than or equal
-.I STARTING_UID
-(default 500) and whose login shell is not "/sbin/nologin", or
-"/bin/false".
-.PP
-.SH AUTHOR
-This manual page was originally written by
-.I Manoj Srivastava <sri...@de...>,
-for the Debian GNU/Linux system, based on the comments and the code
-in the utility, and then updated by Dan Walsh of Red Hat. The
-.B genhomedircon
-utility was originally written by
-.I Dan Walsh of Red Hat
-with some modifications by
-.I Tresys Technology, LLC.
-
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 17:48:26
|
Revision: 2643
http://selinux.svn.sourceforge.net/selinux/?rev=2643&view=rev
Author: ssmalley
Date: 2007-10-05 10:48:23 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: genhomedircon script
Date: Fri, 05 Oct 2007 13:16:24 -0400
Certain tools were calling genhomedircon and in certain cases
genhomedircon is handy for rebuilding the home directory mapping.
Since semodule -Bn will rebuild, added genhomedircon script that just
executes that command.
Modified Paths:
--------------
trunk/policycoreutils/scripts/Makefile
Added Paths:
-----------
trunk/policycoreutils/scripts/genhomedircon
Modified: trunk/policycoreutils/scripts/Makefile
===================================================================
--- trunk/policycoreutils/scripts/Makefile 2007-10-05 14:10:56 UTC (rev 2642)
+++ trunk/policycoreutils/scripts/Makefile 2007-10-05 17:48:23 UTC (rev 2643)
@@ -5,12 +5,13 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-all: fixfiles
+all: fixfiles genhomedircon
install: all
-mkdir -p $(BINDIR)
install -m 755 chcat $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
+ install -m 755 genhomedircon $(SBINDIR)
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8 $(MANDIR)/man8/
install -m 644 chcat.8 $(MANDIR)/man8/
Added: trunk/policycoreutils/scripts/genhomedircon
===================================================================
--- trunk/policycoreutils/scripts/genhomedircon (rev 0)
+++ trunk/policycoreutils/scripts/genhomedircon 2007-10-05 17:48:23 UTC (rev 2643)
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/semodule -Bn
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-01 00:24:06
|
Revision: 2917
http://selinux.svn.sourceforge.net/selinux/?rev=2917&view=rev
Author: madmethod
Date: 2008-06-30 17:24:02 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: fixfiles patch
Date: Mon, 30 Jun 2008 12:05:30 -0400
This patch adds a function onboot
which creates the /.autorelabel file
It also removes tmp files that map directly to a user. This fixes the
problem where a user login gets created with the wrong context in /tmp
and then can not login, even after a relabel.
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/fixfiles.8
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-06-30 13:14:43 UTC (rev 2916)
+++ trunk/policycoreutils/scripts/fixfiles 2008-07-01 00:24:02 UTC (rev 2917)
@@ -138,6 +138,9 @@
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
exit $?
}
@@ -180,6 +183,10 @@
check) restore -n -v;;
verify) restore -n -o -;;
relabel) relabel;;
+ onboot)
+ touch /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
*)
usage
exit 1
@@ -189,6 +196,7 @@
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+ echo $"Usage: $0 onboot"
}
if [ $# = 0 ]; then
Modified: trunk/policycoreutils/scripts/fixfiles.8
===================================================================
--- trunk/policycoreutils/scripts/fixfiles.8 2008-06-30 13:14:43 UTC (rev 2916)
+++ trunk/policycoreutils/scripts/fixfiles.8 2008-07-01 00:24:02 UTC (rev 2917)
@@ -7,6 +7,8 @@
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+.B fixfiles onboot
+
.SH "DESCRIPTION"
This manual page describes the
.BR fixfiles
@@ -20,6 +22,9 @@
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot
+will setup the machine to relabel on the next reboot.
.SH "OPTIONS"
.TP
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X