From 61f1bc20680c6bc4f8fcd73994b4a030b00e6447 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 18 Apr 2011 12:47:15 -0400 Subject: [PATCH] Change fixfiles restore to delete unlabeled sockets in /tmp --- policycoreutils-rhat.patch | 9 ++++++--- policycoreutils.spec | 5 ++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 357171f..b182a09 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -3194,7 +3194,7 @@ index 3f9efba..7c6d75a 100644 +/etc/selinux/{SELINUXTYPE}/seusers diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index ae519fc..7d21ea3 100755 +index ae519fc..706184d 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -21,6 +21,44 @@ @@ -3278,7 +3278,7 @@ index ae519fc..7d21ea3 100755 rpmlist() { rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' -@@ -121,24 +144,34 @@ if [ ! -z "$PREFC" ]; then +@@ -121,33 +144,45 @@ if [ ! -z "$PREFC" ]; then fi if [ ! -z "$RPMFILES" ]; then for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do @@ -3321,10 +3321,13 @@ index ae519fc..7d21ea3 100755 +fi +${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE +rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE ++find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; ++find /var/run \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \; ++find /var/lib/debug \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \; exit $? -@@ -146,8 +179,7 @@ exit $? + } fullrelabel() { logit "Cleaning out /tmp" diff --git a/policycoreutils.spec b/policycoreutils.spec index ea2692a..144abe2 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.86 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -331,6 +331,9 @@ fi exit 0 %changelog +* Mon Apr 18 2011 Dan Walsh 2.0.86-3 +- Change fixfiles restore to delete unlabeled sockets in /tmp + * Mon Apr 18 2011 Dan Walsh 2.0.86-2 - rebuild versus latest libsepol