6ead03f02f
- Fix fixfiles to cleanup /tmp and /var/tmp
117 lines
5.1 KiB
Diff
117 lines
5.1 KiB
Diff
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.49/Makefile
|
|
--- nsapolicycoreutils/Makefile 2008-05-22 14:01:49.292734000 -0400
|
|
+++ policycoreutils-2.0.49/Makefile 2008-05-16 11:27:02.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
|
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
|
|
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
|
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.49/restorecond/restorecond.c
|
|
--- nsapolicycoreutils/restorecond/restorecond.c 2008-05-22 14:01:42.385538000 -0400
|
|
+++ policycoreutils-2.0.49/restorecond/restorecond.c 2008-05-16 11:27:02.000000000 -0400
|
|
@@ -210,9 +210,10 @@
|
|
}
|
|
|
|
if (fsetfilecon(fd, scontext) < 0) {
|
|
- syslog(LOG_ERR,
|
|
- "set context %s->%s failed:'%s'\n",
|
|
- filename, scontext, strerror(errno));
|
|
+ if (errno != EOPNOTSUPP)
|
|
+ syslog(LOG_ERR,
|
|
+ "set context %s->%s failed:'%s'\n",
|
|
+ filename, scontext, strerror(errno));
|
|
if (retcontext >= 0)
|
|
free(prev_context);
|
|
free(scontext);
|
|
@@ -225,8 +226,9 @@
|
|
if (retcontext >= 0)
|
|
free(prev_context);
|
|
} else {
|
|
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
|
|
- filename, strerror(errno));
|
|
+ if (errno != EOPNOTSUPP)
|
|
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
|
|
+ filename, strerror(errno));
|
|
}
|
|
free(scontext);
|
|
close(fd);
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.49/restorecond/restorecond.init
|
|
--- nsapolicycoreutils/restorecond/restorecond.init 2008-05-22 14:01:42.394526000 -0400
|
|
+++ policycoreutils-2.0.49/restorecond/restorecond.init 2008-05-16 11:27:02.000000000 -0400
|
|
@@ -2,7 +2,7 @@
|
|
#
|
|
# restorecond: Daemon used to maintain path file context
|
|
#
|
|
-# chkconfig: 2345 12 87
|
|
+# chkconfig: - 12 87
|
|
# description: restorecond uses inotify to look for creation of new files \
|
|
# listed in the /etc/selinux/restorecond.conf file, and restores the \
|
|
# correct security context.
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.49/scripts/fixfiles
|
|
--- nsapolicycoreutils/scripts/fixfiles 2008-05-22 14:01:41.983778000 -0400
|
|
+++ policycoreutils-2.0.49/scripts/fixfiles 2008-05-22 13:56:53.737824000 -0400
|
|
@@ -138,6 +138,9 @@
|
|
fi
|
|
LogReadOnly
|
|
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
|
|
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
|
|
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
|
|
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
|
|
exit $?
|
|
}
|
|
|
|
@@ -180,6 +183,10 @@
|
|
check) restore -n -v;;
|
|
verify) restore -n -o -;;
|
|
relabel) relabel;;
|
|
+ onboot)
|
|
+ touch /.autorelabel
|
|
+ echo "System will relabel on next boot"
|
|
+ ;;
|
|
*)
|
|
usage
|
|
exit 1
|
|
@@ -189,6 +196,7 @@
|
|
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
|
|
echo or
|
|
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
|
|
+ echo $"Usage: $0 onboot"
|
|
}
|
|
|
|
if [ $# = 0 ]; then
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.49/scripts/fixfiles.8
|
|
--- nsapolicycoreutils/scripts/fixfiles.8 2008-05-22 14:01:41.942823000 -0400
|
|
+++ policycoreutils-2.0.49/scripts/fixfiles.8 2008-05-16 11:27:02.000000000 -0400
|
|
@@ -7,6 +7,8 @@
|
|
|
|
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
|
|
|
|
+.B fixfiles onboot
|
|
+
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR fixfiles
|
|
@@ -20,6 +22,9 @@
|
|
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
|
jfs file systems as long as they do not have a security context mount
|
|
option. You can use the -R flag to use rpmpackages as an alternative.
|
|
+.P
|
|
+.B fixfiles onboot
|
|
+will setup the machine to relabel on the next reboot.
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.49/semanage/seobject.py
|
|
--- nsapolicycoreutils/semanage/seobject.py 2008-05-22 14:01:41.602159000 -0400
|
|
+++ policycoreutils-2.0.49/semanage/seobject.py 2008-05-16 11:27:02.000000000 -0400
|
|
@@ -464,7 +464,7 @@
|
|
def __init__(self, store = ""):
|
|
semanageRecords.__init__(self, store)
|
|
|
|
- def add(self, name, roles, selevel, serange, prefix):
|
|
+ def add(self, name, roles, selevel, serange, prefix = "user"):
|
|
if is_mls_enabled == 1:
|
|
if serange == "":
|
|
serange = "s0"
|