From 24b37e0f9f2d97f04567f42dae0ab5dce18c3121 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 14 Feb 2022 11:50:16 +0100 Subject: [PATCH] policycoreutils-3.3-3 - fixfiles: Use parallel relabeling Resolves: rhbz#2050554 --- 0023-fixfiles-Use-parallel-relabeling.patch | 178 ++++++++++++++++++++ policycoreutils.spec | 6 +- 2 files changed, 183 insertions(+), 1 deletion(-) create mode 100644 0023-fixfiles-Use-parallel-relabeling.patch diff --git a/0023-fixfiles-Use-parallel-relabeling.patch b/0023-fixfiles-Use-parallel-relabeling.patch new file mode 100644 index 0000000..4c129fa --- /dev/null +++ b/0023-fixfiles-Use-parallel-relabeling.patch @@ -0,0 +1,178 @@ +From 6e6df5717ca72aba7a0d7ba5eaebcf429d2f4cb4 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 14 Feb 2022 14:03:37 +0100 +Subject: [PATCH] fixfiles: Use parallel relabeling + +Commit 93902fc8340f ("setfiles/restorecon: support parallel relabeling") +implemented support for parallel relabeling in setfiles. This is +available for fixfiles now. + +Signed-off-by: Petr Lautrbach +--- + policycoreutils/scripts/fixfiles | 33 +++++++++++++++++------------- + policycoreutils/scripts/fixfiles.8 | 17 +++++++++------ + 2 files changed, 30 insertions(+), 20 deletions(-) + +diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles +index cb20002ab613..72e027ed98c8 100755 +--- a/policycoreutils/scripts/fixfiles ++++ b/policycoreutils/scripts/fixfiles +@@ -110,6 +110,7 @@ BOOTTIME="" + VERBOSE="-p" + [ -t 1 ] || VERBOSE="" + FORCEFLAG="" ++THREADS="" + RPMFILES="" + PREFC="" + RESTORE_MODE="" +@@ -153,7 +154,7 @@ newer() { + shift + LogReadOnly + for m in `echo $FILESYSTEMSRW`; do +- find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} $* -i -0 -f - ++ find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} ${THREADS} $* -i -0 -f - + done; + } + +@@ -197,7 +198,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then + esac; \ + fi; \ + done | \ +- ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f -; \ ++ ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f -; \ + rm -f ${TEMPFILE} ${PREFCTEMPFILE} + fi + } +@@ -235,11 +236,11 @@ LogExcluded + case "$RESTORE_MODE" in + RPMFILES) + for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do +- rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f - ++ rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f - + done + ;; + FILEPATH) +- ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH" ++ ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -R -- "$FILEPATH" + ;; + *) + if [ -n "${FILESYSTEMSRW}" ]; then +@@ -247,7 +248,7 @@ case "$RESTORE_MODE" in + echo "${OPTION}ing `echo ${FILESYSTEMSRW}`" + + if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then +- ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW} ++ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${THREADS} ${FC} ${FILESYSTEMSRW} + else + # we bind mount so we can fix the labels of files that have already been + # mounted over +@@ -257,7 +258,7 @@ case "$RESTORE_MODE" in + + mkdir -p "${TMP_MOUNT}${m}" || exit 1 + mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1 +- ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}" ++ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}" + umount "${TMP_MOUNT}${m}" || exit 1 + rm -rf "${TMP_MOUNT}" || echo "Error cleaning up." + done; +@@ -331,7 +332,8 @@ case "$1" in + > /.autorelabel || exit $? + [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel + [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel +- [ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel ++ [ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M " >> /.autorelabel ++ [ -z "$THREADS" ] || echo -n "$THREADS " >> /.autorelabel + # Force full relabel if SELinux is not enabled + selinuxenabled || echo -F > /.autorelabel + echo "System will relabel on next boot" +@@ -343,17 +345,17 @@ esac + } + usage() { + echo $""" +-Usage: $0 [-v] [-F] [-M] [-f] relabel ++Usage: $0 [-v] [-F] [-M] [-f] [-T nthreads] relabel + or +-Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify } ++Usage: $0 [-v] [-F] [-B | -N time ] [-T nthreads] { check | restore | verify } + or +-Usage: $0 [-v] [-F] { check | restore | verify } dir/file ... ++Usage: $0 [-v] [-F] [-T nthreads] { check | restore | verify } dir/file ... + or +-Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify } ++Usage: $0 [-v] [-F] [-T nthreads] -R rpmpackage[,rpmpackage...] { check | restore | verify } + or +-Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify } ++Usage: $0 [-v] [-F] [-T nthreads] -C PREVIOUS_FILECONTEXT { check | restore | verify } + or +-Usage: $0 [-F] [-M] [-B] onboot ++Usage: $0 [-F] [-M] [-B] [-T nthreads] onboot + """ + } + +@@ -372,7 +374,7 @@ set_restore_mode() { + } + + # See how we were called. +-while getopts "N:BC:FfR:l:vM" i; do ++while getopts "N:BC:FfR:l:vMT:" i; do + case "$i" in + B) + BOOTTIME=`/bin/who -b | awk '{print $3}'` +@@ -407,6 +409,9 @@ while getopts "N:BC:FfR:l:vM" i; do + f) + fullFlag=1 + ;; ++ T) ++ THREADS="-T $OPTARG" ++ ;; + *) + usage + exit 1 +diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8 +index c4e894e56e8f..9a317d9181e2 100644 +--- a/policycoreutils/scripts/fixfiles.8 ++++ b/policycoreutils/scripts/fixfiles.8 +@@ -6,22 +6,22 @@ fixfiles \- fix file SELinux security contexts. + .na + + .B fixfiles +-.I [\-v] [\-F] [-M] [\-f] relabel ++.I [\-v] [\-F] [-M] [\-f] [\-T nthreads] relabel + + .B fixfiles +-.I [\-v] [\-F] { check | restore | verify } dir/file ... ++.I [\-v] [\-F] [\-T nthreads] { check | restore | verify } dir/file ... + + .B fixfiles +-.I [\-v] [\-F] [\-B | \-N time ] { check | restore | verify } ++.I [\-v] [\-F] [\-B | \-N time ] [\-T nthreads] { check | restore | verify } + + .B fixfiles +-.I [\-v] [\-F] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify } ++.I [\-v] [\-F] [\-T nthreads] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify } + + .B fixfiles +-.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT { check | restore | verify } ++.I [\-v] [\-F] [\-T nthreads] \-C PREVIOUS_FILECONTEXT { check | restore | verify } + + .B fixfiles +-.I [-F] [-M] [-B] onboot ++.I [-F] [-M] [-B] [\-T nthreads] onboot + + .ad + +@@ -76,6 +76,11 @@ Bind mount filesystems before relabeling them, this allows fixing the context of + .B -v + Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p) + ++.TP ++.B \-T nthreads ++Use parallel relabeling, see ++.B setfiles(8) ++ + .SH "ARGUMENTS" + One of: + .TP +-- +2.34.1 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 814d310..9e5a1af 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -11,7 +11,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 3.3 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/selinux-3.3.tar.gz @@ -53,6 +53,7 @@ Patch0019: 0019-setfiles-restorecon-support-parallel-relabeling.patch Patch0020: 0020-semodule-add-m-checksum-option.patch Patch0021: 0021-semodule-Fix-lang_ext-column-index.patch Patch0022: 0022-semodule-Don-t-forget-to-munmap-data.patch +Patch0023: 0023-fixfiles-Use-parallel-relabeling.patch # Patch list end Obsoletes: policycoreutils < 2.0.61-2 @@ -479,6 +480,9 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Mon Feb 14 2022 Petr Lautrbach - 3.3-3 +- fixfiles: Use parallel relabeling + * Mon Nov 29 2021 Petr Lautrbach - 3.3-2 - setfiles/restorecon: support parallel relabeling with -T option - semodule: add -m | --checksum option