From 04b2851781cad3d913b55ce69f2846c9bb7a2c77 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 2 Sep 2011 09:24:40 -0400 Subject: [PATCH] Allow setfiles and restorecon to use labeledprefix to speed up processing and limit memory. --- policycoreutils-rhat.patch | 108 ++++++++++++++++++++++++++++++++++--- policycoreutils.spec | 10 ++-- 2 files changed, 109 insertions(+), 9 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 4fbb0d2..0b2ed9f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -2855,7 +2855,7 @@ index 0000000..e2befdb + packages=["policycoreutils"], +) diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage -index 0140cd2..656a028 100644 +index 0140cd2..2c0cfdd 100644 --- a/policycoreutils/semanage/semanage +++ b/policycoreutils/semanage/semanage @@ -20,6 +20,7 @@ @@ -2984,6 +2984,12 @@ index 0140cd2..656a028 100644 except ValueError, error: errorExit(error.args[0]) except KeyError, error: +@@ -564,3 +575,5 @@ Object-specific Options (see above): + errorExit(error.args[1]) + except OSError, error: + errorExit(error.args[1]) ++ except RuntimeError, error: ++ errorExit(error.args[0]) diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index 6842b07..7f11c4e 100644 --- a/policycoreutils/semanage/seobject.py @@ -3681,26 +3687,116 @@ index ac27222..fb8eaf9 100644 }; void restore_init(struct restore_opts *opts); +diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 +index c8ea4bb..6cb7d3d 100644 +--- a/policycoreutils/setfiles/restorecon.8 ++++ b/policycoreutils/setfiles/restorecon.8 +@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts. + + .SH "SYNOPSIS" + .B restorecon +-.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname... ++.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] [\-L labelprefix ] pathname... + .P + .B restorecon +-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F] ++.I \-f infilename [\-o outfilename ] [\-e directory ] [\-L labelprefix ] [\-R] [\-n] [\-p] [\-v] [\-F] + + .SH "DESCRIPTION" + This manual page describes the +@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s + .B \-e directory + directory to exclude (repeat option for more than one directory.) + .TP ++.B \-L labelprefix ++Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory. ++ ++# restorecon -R -v -L /dev /dev ++ ++.TP + .B \-R \-r + change files and directories file labels recursively + .TP +diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 +index 7f700ca..c77431a 100644 +--- a/policycoreutils/setfiles/setfiles.8 ++++ b/policycoreutils/setfiles/setfiles.8 +@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts. + + .SH "SYNOPSIS" + .B setfiles +-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... ++.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... + .SH "DESCRIPTION" + This manual page describes the + .BR setfiles +@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.) + .B \-F + Force reset of context to match file_context for customizable files + .TP ++.B \-L labelprefix ++Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory. ++.TP + .B \-o filename + save list of files with incorrect context in filename. + .TP diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index fa0cd6a..81c6c13 100644 +index fa0cd6a..eb8a7aa 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c +@@ -39,7 +39,7 @@ void usage(const char *const name) + { + if (iamrestorecon) { + fprintf(stderr, +- "usage: %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", ++ "usage: %s [-iFnprRv0] [ -L labelprefix ] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", + name); + } else { + fprintf(stderr, @@ -217,7 +217,7 @@ int main(int argc, char **argv) exclude_non_seclabel_mounts(); /* Process any options. */ - while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) { -+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) { ++ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FL:RW0")) > 0) { switch (opt) { case 'c': { -@@ -280,6 +280,9 @@ int main(int argc, char **argv) +@@ -280,6 +280,23 @@ int main(int argc, char **argv) case 'n': r_opts.change = 0; break; -+ case 'S': -+ r_opts.selabel_opt_subset = optarg; ++ case 'L': ++ if (r_opts.selabel_opt_subset) { ++ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) { ++ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n", ++ optarg, strerror(errno)); ++ exit(1); ++ } ++ } ++ else { ++ r_opts.selabel_opt_subset = strdup(optarg); ++ if (! r_opts.selabel_opt_subset) { ++ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n", ++ optarg, strerror(errno)); ++ exit(1); ++ } ++ } + break; case 'o': if (strcmp(optarg, "-") == 0) { r_opts.outfile = stdout; +@@ -433,7 +450,11 @@ int main(int argc, char **argv) + if (r_opts.outfile) + fclose(r_opts.outfile); + +- if (r_opts.progress && r_opts.count >= STAR_COUNT) +- printf("\n"); ++ if (r_opts.progress && r_opts.count >= STAR_COUNT) ++ printf("\n"); ++ ++ free(r_opts.progname); ++ free(r_opts.selabel_opt_subset); ++ free(r_opts.rootpath); + exit(errors); + } diff --git a/policycoreutils.spec b/policycoreutils.spec index 6ace70d..64ec931 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,13 +1,13 @@ %define libauditver 1.4.2-1 %define libsepolver 2.1.2-1 %define libsemanagever 2.1.2-1 -%define libselinuxver 2.1.5-1 +%define libselinuxver 2.1.5-2 %define sepolgenver 1.1.1 Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.5 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -221,7 +221,7 @@ or level of a logged in user. Summary: SELinux configuration GUI Group: System Environment/Base Requires: policycoreutils-python = %{version}-%{release} -Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas +Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas, gtkhtml2 Requires: usermode-gtk Requires: setools-console Requires: selinux-policy @@ -352,6 +352,10 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Fri Sep 2 2011 Dan Walsh - 2.1.5-2 +- Allow setfiles and restorecon to use labeledprefix to speed up processing +and limit memory. + * Tue Aug 30 2011 Dan Walsh - 2.1.5-1 -Update to upstream * policycoreutils