policycoreutils-3.3-3

- fixfiles: Use parallel relabeling Resolves: rhbz#2050554
2022-02-14 11:50:16 +01:00 · 2022-02-14 11:50:16 +01:00 · 24b37e0f9f
commit 24b37e0f9f
parent 8201bb8181
2 changed files with 183 additions and 1 deletions
--- a/0023-fixfiles-Use-parallel-relabeling.patch
+++ b/0023-fixfiles-Use-parallel-relabeling.patch
@ -0,0 +1,178 @@
+From 6e6df5717ca72aba7a0d7ba5eaebcf429d2f4cb4 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 14 Feb 2022 14:03:37 +0100
+Subject: [PATCH] fixfiles: Use parallel relabeling
+
+Commit 93902fc8340f ("setfiles/restorecon: support parallel relabeling")
+implemented support for parallel relabeling in setfiles. This is
+available for fixfiles now.
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ policycoreutils/scripts/fixfiles   | 33 +++++++++++++++++-------------
+ policycoreutils/scripts/fixfiles.8 | 17 +++++++++------
+ 2 files changed, 30 insertions(+), 20 deletions(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index cb20002ab613..72e027ed98c8 100755
+--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
+@@ -110,6 +110,7 @@ BOOTTIME=""
+ VERBOSE="-p"
+ [ -t 1 ] || VERBOSE=""
+ FORCEFLAG=""
+THREADS=""
+ RPMFILES=""
+ PREFC=""
+ RESTORE_MODE=""
+@@ -153,7 +154,7 @@ newer() {
+     shift
+     LogReadOnly
+     for m in `echo $FILESYSTEMSRW`; do
+-	find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} $* -i -0 -f -
+	find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} ${THREADS} $* -i -0 -f -
+     done;
+ }
+ 
+@@ -197,7 +198,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+ 		  esac; \
+ 	       fi; \
+ 	    done | \
+-	${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f -; \
+	${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f -; \
+ 	rm -f ${TEMPFILE} ${PREFCTEMPFILE}
+ fi
+ }
+@@ -235,11 +236,11 @@ LogExcluded
+ case "$RESTORE_MODE" in
+     RPMFILES)
+ 	for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
+-	    rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f -
+	    rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f -
+ 	done
+     ;;
+     FILEPATH)
+-	${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
+	${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -R -- "$FILEPATH"
+     ;;
+     *)
+ 	if [ -n "${FILESYSTEMSRW}" ]; then
+@@ -247,7 +248,7 @@ case "$RESTORE_MODE" in
+ 	    echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
+ 
+ 	    if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then
+-	        ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
+	        ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${THREADS} ${FC} ${FILESYSTEMSRW}
+ 	    else
+ 	        # we bind mount so we can fix the labels of files that have already been
+ 	        # mounted over
+@@ -257,7 +258,7 @@ case "$RESTORE_MODE" in
+ 
+ 	            mkdir -p "${TMP_MOUNT}${m}" || exit 1
+ 	            mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1
+-	            ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
+	            ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
+ 	            umount "${TMP_MOUNT}${m}" || exit 1
+ 	            rm -rf "${TMP_MOUNT}" || echo "Error cleaning up."
+ 	        done;
+@@ -331,7 +332,8 @@ case "$1" in
+ 	> /.autorelabel || exit $?
+ 	[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
+ 	[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
+-	[ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel
+	[ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M " >> /.autorelabel
+	[ -z "$THREADS" ] || echo -n "$THREADS " >> /.autorelabel
+ 	# Force full relabel if SELinux is not enabled
+ 	selinuxenabled || echo -F > /.autorelabel
+ 	echo "System will relabel on next boot"
+@@ -343,17 +345,17 @@ esac
+ }
+ usage() {
+ 	echo $"""
+-Usage: $0 [-v] [-F] [-M] [-f] relabel
+Usage: $0 [-v] [-F] [-M] [-f] [-T nthreads] relabel
+ or
+-Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify }
+Usage: $0 [-v] [-F] [-B | -N time ]  [-T nthreads] { check | restore | verify }
+ or
+-Usage: $0 [-v] [-F] { check | restore | verify } dir/file ...
+Usage: $0 [-v] [-F] [-T nthreads] { check | restore | verify } dir/file ...
+ or
+-Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify }
+Usage: $0 [-v] [-F] [-T nthreads] -R rpmpackage[,rpmpackage...] { check | restore | verify }
+ or
+-Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
+Usage: $0 [-v] [-F] [-T nthreads] -C PREVIOUS_FILECONTEXT { check | restore | verify }
+ or
+-Usage: $0 [-F] [-M] [-B] onboot
+Usage: $0 [-F] [-M] [-B] [-T nthreads] onboot
+ """
+ }
+ 
+@@ -372,7 +374,7 @@ set_restore_mode() {
+ }
+ 
+ # See how we were called.
+-while getopts "N:BC:FfR:l:vM" i; do
+while getopts "N:BC:FfR:l:vMT:" i; do
+     case "$i" in
+ 	B)
+ 		BOOTTIME=`/bin/who -b | awk '{print $3}'`
+@@ -407,6 +409,9 @@ while getopts "N:BC:FfR:l:vM" i; do
+ 	f)
+ 		fullFlag=1
+ 		;;
+	T)
+		THREADS="-T $OPTARG"
+		;;
+ 	*)
+ 	    usage
+ 	    exit 1
+diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
+index c4e894e56e8f..9a317d9181e2 100644
+--- a/policycoreutils/scripts/fixfiles.8
+++ b/policycoreutils/scripts/fixfiles.8
+@@ -6,22 +6,22 @@ fixfiles \- fix file SELinux security contexts.
+ .na
+ 
+ .B fixfiles
+-.I [\-v] [\-F] [-M] [\-f] relabel
+.I [\-v] [\-F] [-M] [\-f] [\-T nthreads] relabel
+ 
+ .B fixfiles
+-.I [\-v] [\-F] { check | restore | verify } dir/file ...
+.I [\-v] [\-F] [\-T nthreads] { check | restore | verify } dir/file ...
+ 
+ .B fixfiles
+-.I [\-v] [\-F] [\-B | \-N time ] { check | restore | verify }
+.I [\-v] [\-F] [\-B | \-N time ] [\-T nthreads] { check | restore | verify }
+ 
+ .B fixfiles 
+-.I [\-v] [\-F] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify }
+.I [\-v] [\-F] [\-T nthreads] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify }
+ 
+ .B fixfiles
+-.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT  { check | restore | verify }
+.I [\-v] [\-F] [\-T nthreads] \-C PREVIOUS_FILECONTEXT  { check | restore | verify }
+ 
+ .B fixfiles
+-.I [-F] [-M] [-B] onboot
+.I [-F] [-M] [-B] [\-T nthreads] onboot
+ 
+ .ad
+ 
+@@ -76,6 +76,11 @@ Bind mount filesystems before relabeling them, this allows fixing the context of
+ .B -v
+ Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
+ 
+.TP
+.B \-T nthreads
+Use parallel relabeling, see
+.B setfiles(8)
+
+ .SH "ARGUMENTS"
+ One of:
+ .TP 
+-- 
+2.34.1
+
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -11,7 +11,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/selinux-3.3.tar.gz
@ -53,6 +53,7 @@ Patch0019: 0019-setfiles-restorecon-support-parallel-relabeling.patch
 Patch0020: 0020-semodule-add-m-checksum-option.patch
 Patch0021: 0021-semodule-Fix-lang_ext-column-index.patch
 Patch0022: 0022-semodule-Don-t-forget-to-munmap-data.patch
+Patch0023: 0023-fixfiles-Use-parallel-relabeling.patch
 # Patch list end

 Obsoletes: policycoreutils < 2.0.61-2
@ -479,6 +480,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service

 %changelog
+* Mon Feb 14 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-3
+- fixfiles: Use parallel relabeling
+
 * Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
 - setfiles/restorecon: support parallel relabeling with -T <N> option
 - semodule: add -m | --checksum option