Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
This commit is contained in:
parent
42466e2b7e
commit
04b2851781
@ -2855,7 +2855,7 @@ index 0000000..e2befdb
|
||||
+ packages=["policycoreutils"],
|
||||
+)
|
||||
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
|
||||
index 0140cd2..656a028 100644
|
||||
index 0140cd2..2c0cfdd 100644
|
||||
--- a/policycoreutils/semanage/semanage
|
||||
+++ b/policycoreutils/semanage/semanage
|
||||
@@ -20,6 +20,7 @@
|
||||
@ -2984,6 +2984,12 @@ index 0140cd2..656a028 100644
|
||||
except ValueError, error:
|
||||
errorExit(error.args[0])
|
||||
except KeyError, error:
|
||||
@@ -564,3 +575,5 @@ Object-specific Options (see above):
|
||||
errorExit(error.args[1])
|
||||
except OSError, error:
|
||||
errorExit(error.args[1])
|
||||
+ except RuntimeError, error:
|
||||
+ errorExit(error.args[0])
|
||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||
index 6842b07..7f11c4e 100644
|
||||
--- a/policycoreutils/semanage/seobject.py
|
||||
@ -3681,26 +3687,116 @@ index ac27222..fb8eaf9 100644
|
||||
};
|
||||
|
||||
void restore_init(struct restore_opts *opts);
|
||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||
index c8ea4bb..6cb7d3d 100644
|
||||
--- a/policycoreutils/setfiles/restorecon.8
|
||||
+++ b/policycoreutils/setfiles/restorecon.8
|
||||
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
.B restorecon
|
||||
-.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname...
|
||||
+.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] [\-L labelprefix ] pathname...
|
||||
.P
|
||||
.B restorecon
|
||||
-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F]
|
||||
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-L labelprefix ] [\-R] [\-n] [\-p] [\-v] [\-F]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
This manual page describes the
|
||||
@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s
|
||||
.B \-e directory
|
||||
directory to exclude (repeat option for more than one directory.)
|
||||
.TP
|
||||
+.B \-L labelprefix
|
||||
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
|
||||
+
|
||||
+# restorecon -R -v -L /dev /dev
|
||||
+
|
||||
+.TP
|
||||
.B \-R \-r
|
||||
change files and directories file labels recursively
|
||||
.TP
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index 7f700ca..c77431a 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
.B setfiles
|
||||
-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
||||
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
||||
.SH "DESCRIPTION"
|
||||
This manual page describes the
|
||||
.BR setfiles
|
||||
@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.)
|
||||
.B \-F
|
||||
Force reset of context to match file_context for customizable files
|
||||
.TP
|
||||
+.B \-L labelprefix
|
||||
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
|
||||
+.TP
|
||||
.B \-o filename
|
||||
save list of files with incorrect context in filename.
|
||||
.TP
|
||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
||||
index fa0cd6a..81c6c13 100644
|
||||
index fa0cd6a..eb8a7aa 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.c
|
||||
+++ b/policycoreutils/setfiles/setfiles.c
|
||||
@@ -39,7 +39,7 @@ void usage(const char *const name)
|
||||
{
|
||||
if (iamrestorecon) {
|
||||
fprintf(stderr,
|
||||
- "usage: %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
||||
+ "usage: %s [-iFnprRv0] [ -L labelprefix ] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
|
||||
name);
|
||||
} else {
|
||||
fprintf(stderr,
|
||||
@@ -217,7 +217,7 @@ int main(int argc, char **argv)
|
||||
exclude_non_seclabel_mounts();
|
||||
|
||||
/* Process any options. */
|
||||
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
|
||||
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) {
|
||||
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FL:RW0")) > 0) {
|
||||
switch (opt) {
|
||||
case 'c':
|
||||
{
|
||||
@@ -280,6 +280,9 @@ int main(int argc, char **argv)
|
||||
@@ -280,6 +280,23 @@ int main(int argc, char **argv)
|
||||
case 'n':
|
||||
r_opts.change = 0;
|
||||
break;
|
||||
+ case 'S':
|
||||
+ r_opts.selabel_opt_subset = optarg;
|
||||
+ case 'L':
|
||||
+ if (r_opts.selabel_opt_subset) {
|
||||
+ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
|
||||
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
|
||||
+ optarg, strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+ else {
|
||||
+ r_opts.selabel_opt_subset = strdup(optarg);
|
||||
+ if (! r_opts.selabel_opt_subset) {
|
||||
+ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
|
||||
+ optarg, strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+ break;
|
||||
case 'o':
|
||||
if (strcmp(optarg, "-") == 0) {
|
||||
r_opts.outfile = stdout;
|
||||
@@ -433,7 +450,11 @@ int main(int argc, char **argv)
|
||||
if (r_opts.outfile)
|
||||
fclose(r_opts.outfile);
|
||||
|
||||
- if (r_opts.progress && r_opts.count >= STAR_COUNT)
|
||||
- printf("\n");
|
||||
+ if (r_opts.progress && r_opts.count >= STAR_COUNT)
|
||||
+ printf("\n");
|
||||
+
|
||||
+ free(r_opts.progname);
|
||||
+ free(r_opts.selabel_opt_subset);
|
||||
+ free(r_opts.rootpath);
|
||||
exit(errors);
|
||||
}
|
||||
|
@ -1,13 +1,13 @@
|
||||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.1.2-1
|
||||
%define libsemanagever 2.1.2-1
|
||||
%define libselinuxver 2.1.5-1
|
||||
%define libselinuxver 2.1.5-2
|
||||
%define sepolgenver 1.1.1
|
||||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.5
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -221,7 +221,7 @@ or level of a logged in user.
|
||||
Summary: SELinux configuration GUI
|
||||
Group: System Environment/Base
|
||||
Requires: policycoreutils-python = %{version}-%{release}
|
||||
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
||||
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas, gtkhtml2
|
||||
Requires: usermode-gtk
|
||||
Requires: setools-console
|
||||
Requires: selinux-policy
|
||||
@ -352,6 +352,10 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
|
||||
- Allow setfiles and restorecon to use labeledprefix to speed up processing
|
||||
and limit memory.
|
||||
|
||||
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
|
||||
-Update to upstream
|
||||
* policycoreutils
|
||||
|
Loading…
Reference in New Issue
Block a user