Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
This commit is contained in:
parent
42466e2b7e
commit
04b2851781
@ -2855,7 +2855,7 @@ index 0000000..e2befdb
|
|||||||
+ packages=["policycoreutils"],
|
+ packages=["policycoreutils"],
|
||||||
+)
|
+)
|
||||||
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
|
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
|
||||||
index 0140cd2..656a028 100644
|
index 0140cd2..2c0cfdd 100644
|
||||||
--- a/policycoreutils/semanage/semanage
|
--- a/policycoreutils/semanage/semanage
|
||||||
+++ b/policycoreutils/semanage/semanage
|
+++ b/policycoreutils/semanage/semanage
|
||||||
@@ -20,6 +20,7 @@
|
@@ -20,6 +20,7 @@
|
||||||
@ -2984,6 +2984,12 @@ index 0140cd2..656a028 100644
|
|||||||
except ValueError, error:
|
except ValueError, error:
|
||||||
errorExit(error.args[0])
|
errorExit(error.args[0])
|
||||||
except KeyError, error:
|
except KeyError, error:
|
||||||
|
@@ -564,3 +575,5 @@ Object-specific Options (see above):
|
||||||
|
errorExit(error.args[1])
|
||||||
|
except OSError, error:
|
||||||
|
errorExit(error.args[1])
|
||||||
|
+ except RuntimeError, error:
|
||||||
|
+ errorExit(error.args[0])
|
||||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||||
index 6842b07..7f11c4e 100644
|
index 6842b07..7f11c4e 100644
|
||||||
--- a/policycoreutils/semanage/seobject.py
|
--- a/policycoreutils/semanage/seobject.py
|
||||||
@ -3681,26 +3687,116 @@ index ac27222..fb8eaf9 100644
|
|||||||
};
|
};
|
||||||
|
|
||||||
void restore_init(struct restore_opts *opts);
|
void restore_init(struct restore_opts *opts);
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||||
|
index c8ea4bb..6cb7d3d 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon.8
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon.8
|
||||||
|
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
|
||||||
|
|
||||||
|
.SH "SYNOPSIS"
|
||||||
|
.B restorecon
|
||||||
|
-.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname...
|
||||||
|
+.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] [\-L labelprefix ] pathname...
|
||||||
|
.P
|
||||||
|
.B restorecon
|
||||||
|
-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F]
|
||||||
|
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-L labelprefix ] [\-R] [\-n] [\-p] [\-v] [\-F]
|
||||||
|
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
This manual page describes the
|
||||||
|
@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s
|
||||||
|
.B \-e directory
|
||||||
|
directory to exclude (repeat option for more than one directory.)
|
||||||
|
.TP
|
||||||
|
+.B \-L labelprefix
|
||||||
|
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
|
||||||
|
+
|
||||||
|
+# restorecon -R -v -L /dev /dev
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
.B \-R \-r
|
||||||
|
change files and directories file labels recursively
|
||||||
|
.TP
|
||||||
|
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||||
|
index 7f700ca..c77431a 100644
|
||||||
|
--- a/policycoreutils/setfiles/setfiles.8
|
||||||
|
+++ b/policycoreutils/setfiles/setfiles.8
|
||||||
|
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
|
||||||
|
|
||||||
|
.SH "SYNOPSIS"
|
||||||
|
.B setfiles
|
||||||
|
-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
||||||
|
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
This manual page describes the
|
||||||
|
.BR setfiles
|
||||||
|
@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.)
|
||||||
|
.B \-F
|
||||||
|
Force reset of context to match file_context for customizable files
|
||||||
|
.TP
|
||||||
|
+.B \-L labelprefix
|
||||||
|
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
|
||||||
|
+.TP
|
||||||
|
.B \-o filename
|
||||||
|
save list of files with incorrect context in filename.
|
||||||
|
.TP
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
||||||
index fa0cd6a..81c6c13 100644
|
index fa0cd6a..eb8a7aa 100644
|
||||||
--- a/policycoreutils/setfiles/setfiles.c
|
--- a/policycoreutils/setfiles/setfiles.c
|
||||||
+++ b/policycoreutils/setfiles/setfiles.c
|
+++ b/policycoreutils/setfiles/setfiles.c
|
||||||
|
@@ -39,7 +39,7 @@ void usage(const char *const name)
|
||||||
|
{
|
||||||
|
if (iamrestorecon) {
|
||||||
|
fprintf(stderr,
|
||||||
|
- "usage: %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
||||||
|
+ "usage: %s [-iFnprRv0] [ -L labelprefix ] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
||||||
|
name);
|
||||||
|
} else {
|
||||||
|
fprintf(stderr,
|
||||||
@@ -217,7 +217,7 @@ int main(int argc, char **argv)
|
@@ -217,7 +217,7 @@ int main(int argc, char **argv)
|
||||||
exclude_non_seclabel_mounts();
|
exclude_non_seclabel_mounts();
|
||||||
|
|
||||||
/* Process any options. */
|
/* Process any options. */
|
||||||
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
|
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
|
||||||
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) {
|
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FL:RW0")) > 0) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case 'c':
|
case 'c':
|
||||||
{
|
{
|
||||||
@@ -280,6 +280,9 @@ int main(int argc, char **argv)
|
@@ -280,6 +280,23 @@ int main(int argc, char **argv)
|
||||||
case 'n':
|
case 'n':
|
||||||
r_opts.change = 0;
|
r_opts.change = 0;
|
||||||
break;
|
break;
|
||||||
+ case 'S':
|
+ case 'L':
|
||||||
+ r_opts.selabel_opt_subset = optarg;
|
+ if (r_opts.selabel_opt_subset) {
|
||||||
|
+ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
|
||||||
|
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
|
||||||
|
+ optarg, strerror(errno));
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ r_opts.selabel_opt_subset = strdup(optarg);
|
||||||
|
+ if (! r_opts.selabel_opt_subset) {
|
||||||
|
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
|
||||||
|
+ optarg, strerror(errno));
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
+ break;
|
+ break;
|
||||||
case 'o':
|
case 'o':
|
||||||
if (strcmp(optarg, "-") == 0) {
|
if (strcmp(optarg, "-") == 0) {
|
||||||
r_opts.outfile = stdout;
|
r_opts.outfile = stdout;
|
||||||
|
@@ -433,7 +450,11 @@ int main(int argc, char **argv)
|
||||||
|
if (r_opts.outfile)
|
||||||
|
fclose(r_opts.outfile);
|
||||||
|
|
||||||
|
- if (r_opts.progress && r_opts.count >= STAR_COUNT)
|
||||||
|
- printf("\n");
|
||||||
|
+ if (r_opts.progress && r_opts.count >= STAR_COUNT)
|
||||||
|
+ printf("\n");
|
||||||
|
+
|
||||||
|
+ free(r_opts.progname);
|
||||||
|
+ free(r_opts.selabel_opt_subset);
|
||||||
|
+ free(r_opts.rootpath);
|
||||||
|
exit(errors);
|
||||||
|
}
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 1.4.2-1
|
||||||
%define libsepolver 2.1.2-1
|
%define libsepolver 2.1.2-1
|
||||||
%define libsemanagever 2.1.2-1
|
%define libsemanagever 2.1.2-1
|
||||||
%define libselinuxver 2.1.5-1
|
%define libselinuxver 2.1.5-2
|
||||||
%define sepolgenver 1.1.1
|
%define sepolgenver 1.1.1
|
||||||
|
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.5
|
Version: 2.1.5
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -221,7 +221,7 @@ or level of a logged in user.
|
|||||||
Summary: SELinux configuration GUI
|
Summary: SELinux configuration GUI
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Requires: policycoreutils-python = %{version}-%{release}
|
Requires: policycoreutils-python = %{version}-%{release}
|
||||||
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas, gtkhtml2
|
||||||
Requires: usermode-gtk
|
Requires: usermode-gtk
|
||||||
Requires: setools-console
|
Requires: setools-console
|
||||||
Requires: selinux-policy
|
Requires: selinux-policy
|
||||||
@ -352,6 +352,10 @@ fi
|
|||||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
|
||||||
|
- Allow setfiles and restorecon to use labeledprefix to speed up processing
|
||||||
|
and limit memory.
|
||||||
|
|
||||||
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
|
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
|
||||||
-Update to upstream
|
-Update to upstream
|
||||||
* policycoreutils
|
* policycoreutils
|
||||||
|
Loading…
Reference in New Issue
Block a user