--- policycoreutils-1.17.5/scripts/fixfiles.rhat 2004-08-30 11:46:47.000000000 -0400 +++ policycoreutils-1.17.5/scripts/fixfiles 2004-09-23 12:37:51.805467493 -0400 @@ -36,6 +36,8 @@ FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*\(ro/{print $3}';` FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO" SELINUXTYPE="targeted" +FCFILE=`mktemp /var/tmp/file_contexts.XXXXXXXXXX` +trap "rm -f $FCFILE; exit 2" 1 2 3 5 15 if [ -e /etc/selinux/config ]; then . /etc/selinux/config @@ -48,14 +50,14 @@ echo "logging to $LOGFILE" if [ ! -z "$1" ]; then for i in `echo $1 | sed 's/,/ /g'`; do - rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE + rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 > $LOGFILE done else if [ ! -z "$FILESYSTEMSRO" ]; then echo "Warning: Skipping the following R/O filesystems:" echo "$FILESYSTEMSRO" fi - ${SETFILES} ${OUTFILES} -n -v ${FC} ${FILESYSTEMSRW} 2>&1 | tee $LOGFILE + ${SETFILES} ${OUTFILES} -n -v ${FCFILE} ${FILESYSTEMSRW} 2>&1 > $LOGFILE fi } @@ -63,14 +65,14 @@ echo "logging to $LOGFILE" if [ ! -z "$1" ]; then for i in `echo $1 | sed 's/,/ /g'`; do - rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE + rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 > $LOGFILE done else if [ ! -z "$FILESYSTEMSRO" ]; then echo "Warning: Skipping the following R/O filesystems:" echo "$FILESYSTEMSRO" fi - ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE + ${SETFILES} ${OUTFILES} -v ${FCFILE} ${FILESYSTEMS} 2>&1 > $LOGFILE fi } @@ -80,29 +82,29 @@ rm -rf /tmp/.??* /tmp/* if [ ! -z "$1" ]; then for i in `echo $1 | sed 's/,/ /g'`; do - rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE + rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 > $LOGFILE done else if [ ! -z "$FILESYSTEMSRO" ]; then echo "Warning: Skipping the following R/O filesystems:" echo "$FILESYSTEMSRO" fi - ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE + ${SETFILES} ${OUTFILES} -v ${FCFILE} ${FILESYSTEMS} 2>&1 > $LOGFILE fi } relabelCheck() { -echo -n " -Files in the /tmp directory may be labeled incorrectly, this command -can remove all files in /tmp. If you choose to remove files from /tmp, -a reboot will be required after completion. - -Do you wish to clean out the /tmp directory [N]? " -read answer -if [ "$answer" = y -o "$answer" = Y ]; then - relabel $1 -else - restoreLabels $1 -fi + echo -n " + Files in the /tmp directory may be labeled incorrectly, this command + can remove all files in /tmp. If you choose to remove files from /tmp, + a reboot will be required after completion. + + Do you wish to clean out the /tmp directory [N]? " + read answer + if [ "$answer" = y -o "$answer" = Y ]; then + relabel $1 + else + restoreLabels $1 + fi } @@ -110,6 +112,12 @@ echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}" } +if [ $# = 0 ]; then + usage + rm -f $FCFILE + exit 1 +fi + # See how we were called. for i in $@; do if [ $rpmFlag = 2 ]; then @@ -127,6 +135,7 @@ logfileFlag=1 continue fi + case "$i" in check) checkFlag=1 @@ -151,22 +160,38 @@ ;; *) usage + rm -f $FCFILE exit 1 esac done if [ `expr $checkFlag + $restoreFlag + $relabelFlag` -gt 1 ]; then usage + rm -f $FCFILE exit 1 fi + +cp $FC $FCFILE +# +# Check for removable devices +# +for i in /proc/ide/hd*/media; do + grep -q cdrom $i && echo $i | awk -F / '{ print "/dev/"$4"\t-b\tsystem_u:object_r:removable_device_t"}' >> $FCFILE || true +done + +if [ $logfileFlag = 0 ]; then + LOGFILE=`mktemp /var/tmp/fixfiles.log.XXXXXXXXXX` + if [ ! -w $LOGFILE ] ; then + rm -f $FCFILE + exit 1 + fi +fi + if [ $checkFlag = 1 ]; then checkLabels $rpmFiles fi if [ $restoreFlag = 1 ]; then restoreLabels $rpmFiles fi -if [ $logfileFlag = 0 ]; then - LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1 -fi if [ $relabelFlag = 1 ]; then if [ $fullFlag = 1 ]; then relabel $rpmFiles @@ -174,6 +199,6 @@ relabelCheck $rpmFiles fi fi -exit $? - +rm $FCFILE +exit $?