Allow setfiles and restorecon to use labeledprefix to speed up processing

and limit memory.
This commit is contained in:
Dan Walsh 2011-09-02 09:24:40 -04:00
parent 42466e2b7e
commit 04b2851781
2 changed files with 109 additions and 9 deletions

View File

@ -2855,7 +2855,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"], + packages=["policycoreutils"],
+) +)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 0140cd2..656a028 100644 index 0140cd2..2c0cfdd 100644
--- a/policycoreutils/semanage/semanage --- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage +++ b/policycoreutils/semanage/semanage
@@ -20,6 +20,7 @@ @@ -20,6 +20,7 @@
@ -2984,6 +2984,12 @@ index 0140cd2..656a028 100644
except ValueError, error: except ValueError, error:
errorExit(error.args[0]) errorExit(error.args[0])
except KeyError, error: except KeyError, error:
@@ -564,3 +575,5 @@ Object-specific Options (see above):
errorExit(error.args[1])
except OSError, error:
errorExit(error.args[1])
+ except RuntimeError, error:
+ errorExit(error.args[0])
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 6842b07..7f11c4e 100644 index 6842b07..7f11c4e 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py
@ -3681,26 +3687,116 @@ index ac27222..fb8eaf9 100644
}; };
void restore_init(struct restore_opts *opts); void restore_init(struct restore_opts *opts);
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index c8ea4bb..6cb7d3d 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
.SH "SYNOPSIS"
.B restorecon
-.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname...
+.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] [\-L labelprefix ] pathname...
.P
.B restorecon
-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F]
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-L labelprefix ] [\-R] [\-n] [\-p] [\-v] [\-F]
.SH "DESCRIPTION"
This manual page describes the
@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s
.B \-e directory
directory to exclude (repeat option for more than one directory.)
.TP
+.B \-L labelprefix
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
+
+# restorecon -R -v -L /dev /dev
+
+.TP
.B \-R \-r
change files and directories file labels recursively
.TP
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index 7f700ca..c77431a 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
.SH "SYNOPSIS"
.B setfiles
-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
.SH "DESCRIPTION"
This manual page describes the
.BR setfiles
@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.)
.B \-F
Force reset of context to match file_context for customizable files
.TP
+.B \-L labelprefix
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
+.TP
.B \-o filename
save list of files with incorrect context in filename.
.TP
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
index fa0cd6a..81c6c13 100644 index fa0cd6a..eb8a7aa 100644
--- a/policycoreutils/setfiles/setfiles.c --- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c
@@ -39,7 +39,7 @@ void usage(const char *const name)
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ "usage: %s [-iFnprRv0] [ -L labelprefix ] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
name);
} else {
fprintf(stderr,
@@ -217,7 +217,7 @@ int main(int argc, char **argv) @@ -217,7 +217,7 @@ int main(int argc, char **argv)
exclude_non_seclabel_mounts(); exclude_non_seclabel_mounts();
/* Process any options. */ /* Process any options. */
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) { - while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) { + while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FL:RW0")) > 0) {
switch (opt) { switch (opt) {
case 'c': case 'c':
{ {
@@ -280,6 +280,9 @@ int main(int argc, char **argv) @@ -280,6 +280,23 @@ int main(int argc, char **argv)
case 'n': case 'n':
r_opts.change = 0; r_opts.change = 0;
break; break;
+ case 'S': + case 'L':
+ r_opts.selabel_opt_subset = optarg; + if (r_opts.selabel_opt_subset) {
+ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
+ optarg, strerror(errno));
+ exit(1);
+ }
+ }
+ else {
+ r_opts.selabel_opt_subset = strdup(optarg);
+ if (! r_opts.selabel_opt_subset) {
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
+ optarg, strerror(errno));
+ exit(1);
+ }
+ }
+ break; + break;
case 'o': case 'o':
if (strcmp(optarg, "-") == 0) { if (strcmp(optarg, "-") == 0) {
r_opts.outfile = stdout; r_opts.outfile = stdout;
@@ -433,7 +450,11 @@ int main(int argc, char **argv)
if (r_opts.outfile)
fclose(r_opts.outfile);
- if (r_opts.progress && r_opts.count >= STAR_COUNT)
- printf("\n");
+ if (r_opts.progress && r_opts.count >= STAR_COUNT)
+ printf("\n");
+
+ free(r_opts.progname);
+ free(r_opts.selabel_opt_subset);
+ free(r_opts.rootpath);
exit(errors);
}

View File

@ -1,13 +1,13 @@
%define libauditver 1.4.2-1 %define libauditver 1.4.2-1
%define libsepolver 2.1.2-1 %define libsepolver 2.1.2-1
%define libsemanagever 2.1.2-1 %define libsemanagever 2.1.2-1
%define libselinuxver 2.1.5-1 %define libselinuxver 2.1.5-2
%define sepolgenver 1.1.1 %define sepolgenver 1.1.1
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.5 Version: 2.1.5
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -221,7 +221,7 @@ or level of a logged in user.
Summary: SELinux configuration GUI Summary: SELinux configuration GUI
Group: System Environment/Base Group: System Environment/Base
Requires: policycoreutils-python = %{version}-%{release} Requires: policycoreutils-python = %{version}-%{release}
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas, gtkhtml2
Requires: usermode-gtk Requires: usermode-gtk
Requires: setools-console Requires: setools-console
Requires: selinux-policy Requires: selinux-policy
@ -352,6 +352,10 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
- Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1 * Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
-Update to upstream -Update to upstream
* policycoreutils * policycoreutils