restorecon / matchpathcon

restorecon / matchpathcon

[LC Bruzenak]

I see no way to recursively/silently check path context.

The matchpathcon command has a silent but no recursive option. It does
return non-zero if something doesn't match.

The restorecon command has both recursive and don't change options but
no silent. It does not return non-zero if there is a change to be made,
so a redirect of stdout to /dev/null wouldn't suffice.

Is there another way/command?

Thx,
LCB.

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: restorecon / matchpathcon

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LC Bruzenak wrote:
> I see no way to recursively/silently check path context.
> 
> The matchpathcon command has a silent but no recursive option. It does
> return non-zero if something doesn't match.
> 
> The restorecon command has both recursive and don't change options but
> no silent. It does not return non-zero if there is a change to be made,
> so a redirect of stdout to /dev/null wouldn't suffice.
> 
> Is there another way/command?
> 
> Thx,
> LCB.
> 
find | xargs matchpathcon?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkTHNcACgkQrlYvE4MpobNdUACguPKVCvd8tG7bF8YIROetLbpT
GVcAoIEWXVxZW4yAdSWj4eEgsOzL4PpR
=jnXd
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: restorecon / matchpathcon

[LC Bruzenak]

On Thu, 2008-11-06 at 11:35 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> LC Bruzenak wrote:
> > I see no way to recursively/silently check path context.
> > 
> > The matchpathcon command has a silent but no recursive option. It does
> > return non-zero if something doesn't match.
> > 
> > The restorecon command has both recursive and don't change options but
> > no silent. It does not return non-zero if there is a change to be made,
> > so a redirect of stdout to /dev/null wouldn't suffice.
> > 
> > Is there another way/command?
> > 
> > Thx,
> > LCB.
> > 
> find | xargs matchpathcon?

I think in this case the $? return value would refer to the find not
matchpathcon right?

LCB.

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: restorecon / matchpathcon

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LC Bruzenak wrote:
> On Thu, 2008-11-06 at 11:35 -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> LC Bruzenak wrote:
>>> I see no way to recursively/silently check path context.
>>>
>>> The matchpathcon command has a silent but no recursive option. It does
>>> return non-zero if something doesn't match.
>>>
>>> The restorecon command has both recursive and don't change options but
>>> no silent. It does not return non-zero if there is a change to be made,
>>> so a redirect of stdout to /dev/null wouldn't suffice.
>>>
>>> Is there another way/command?
>>>
>>> Thx,
>>> LCB.
>>>
>> find | xargs matchpathcon?
> 
> I think in this case the $? return value would refer to the find not
> matchpathcon right?
> 
> LCB.
> 
matchpathcon -V PATH

Checks the context on disk versus the default, and sets the exit status
I believe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkTIlQACgkQrlYvE4MpobMqgQCfRK/l0bIFWcmCENRN5EAamm7K
TnoAoOvhSz4nTk6fLso9rGJypGs9g6mT
=4hGy
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: restorecon / matchpathcon

[LC Bruzenak]

Thanks Dan, I think that works:

[root@hugo ICM]# find `pwd`  | xargs  matchpathcon -Vq
[root@hugo ICM]#  echo $?
123
[root@hugo ICM]# restorecon -rv `pwd`
restorecon reset /var/opt/jcdx/ICM/Labeled context
system_u:object_r:jcdx_icm_var_t:s0->system_u:object_r:jcdx_icm_var_t:s15:c0.c1023
[root@hugo ICM]# find `pwd`  | xargs  matchpathcon -Vq
[root@hugo ICM]#  echo $?
0

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.