From: Daniel J Walsh <dwalsh@redhat.com>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: Stephen Smalley <sds@epoch.ncsc.mil>, SELinux <selinux@tycho.nsa.gov>
Subject: Re: New patch for fixfiles sed script
Date: Wed, 02 Feb 2005 12:46:43 -0500 [thread overview]
Message-ID: <42011203.3010005@redhat.com> (raw)
In-Reply-To: <4201012F.6040604@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 57 bytes --]
Ok how about this patch.
Added -e flag for restorecon
[-- Attachment #2: policycoreutils-rhat.patch --]
[-- Type: text/x-patch, Size: 8485 bytes --]
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.21.10/restorecon/restorecon.8
--- nsapolicycoreutils/restorecon/restorecon.8 2005-01-20 15:59:21.000000000 -0500
+++ policycoreutils-1.21.10/restorecon/restorecon.8 2005-02-02 12:16:06.000000000 -0500
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
.B restorecon
-.I [\-o outfilename ] [\-R] [\-n] [\-v] pathname...
+.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
.P
.B restorecon
-.I \-f infilename [\-o outfilename ] [\-R] [\-n] [\-v] [\-F]
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
.SH "DESCRIPTION"
This manual page describes the
@@ -26,6 +26,9 @@
.B \-f infilename
infilename contains a list of files to be processed by application. Use \- for stdin.
.TP
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP
.B \-R
change files and directories file labels recursively
.TP
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.10/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-31 09:49:15.000000000 -0500
+++ policycoreutils-1.21.10/restorecon/restorecon.c 2005-02-02 12:16:49.000000000 -0500
@@ -10,6 +10,7 @@
* USAGE:
* restorecon [-Rnv] pathname...
*
+ * -e Specify directory to exclude
* -n Do not change any file labels.
* -v Show changes in file labels.
* -o filename save list of files with incorrect context
@@ -45,6 +46,54 @@
static int recurse=0;
static int force=0;
+#define MAX_EXCLUDES 100
+static int excludeCtr=0;
+struct edir {
+ char *directory;
+ int size;
+};
+static struct edir excludeArray[MAX_EXCLUDES];
+static int add_exclude(const char *directory) {
+ struct stat sb;
+ if(directory == NULL || directory[0] != '/') {
+ fprintf(stderr, "Full path required for exclude: %s.\n",
+ directory);
+ return 1;
+ }
+ if(lstat(directory, &sb)) {
+ fprintf(stderr, "Directory \"%s\" not found.\n", directory);
+ return 1;
+ }
+ if ((sb.st_mode & S_IFDIR) == 0 ) {
+ fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", directory,sb.st_mode);
+ return 1;
+ }
+ excludeArray[excludeCtr].directory = strdup(directory);
+ if (!excludeArray[excludeCtr].directory) {
+ fprintf(stderr, "Out of memory.\n");
+ return 1;
+ }
+ excludeArray[excludeCtr++].size = strlen(directory);
+
+ if (excludeCtr > MAX_EXCLUDES) {
+ fprintf(stderr, "Maximum excludes %d exceeded.\n", MAX_EXCLUDES);
+ return 1;
+ }
+ return 0;
+}
+static int exclude(const char *file) {
+ int i=0;
+ for(i=0; i < excludeCtr; i++) {
+ if (strncmp(file,excludeArray[i].directory,excludeArray[i].size)==0) {
+ if (file[excludeArray[i].size]==0 ||
+ file[excludeArray[i].size]=='/') {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
/* Compare two contexts to see if their differences are "significant",
* or whether the only difference is in the user. */
static int only_changed_user(const char *a, const char *b)
@@ -61,7 +110,7 @@
void usage(const char * const name)
{
fprintf(stderr,
- "usage: %s [-Rnv] [-f filename | pathname... ]\n", name);
+ "usage: %s [-Rnv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n", name);
exit(1);
}
int restore(char *filename) {
@@ -79,6 +128,9 @@
if (len > 0 && filename[len-1]=='/' && (strcmp(filename,"/") != 0)) {
filename[len-1]=0;
}
+ if (excludeCtr > 0 && exclude(filename)) {
+ return 1;
+ }
if (lstat(filename, &st)!=0) {
fprintf(stderr,"lstat(%s) failed: %s\n", filename,strerror(errno));
return 1;
@@ -184,7 +236,7 @@
void process(char *buf) {
if (recurse) {
if (nftw
- (buf, apply_spec, 1024, FTW_PHYS | FTW_MOUNT)) {
+ (buf, apply_spec, 1024, FTW_PHYS)) {
fprintf(stderr,
"%s: error while labeling files under %s\n",
progname, buf);
@@ -202,13 +254,15 @@
int opt;
char buf[PATH_MAX];
+ memset(excludeArray,0, sizeof(excludeArray));
+
progname=argv[0];
if (is_selinux_enabled() <= 0 )
exit(0);
memset(buf,0, sizeof(buf));
- while ((opt = getopt(argc, argv, "FRnvf:o:")) > 0) {
+ while ((opt = getopt(argc, argv, "FRnvf:o:e:")) > 0) {
switch (opt) {
case 'n':
change = 0;
@@ -219,6 +273,9 @@
case 'F':
force = 1;
break;
+ case 'e':
+ if ( add_exclude(optarg) ) exit(1);
+ break;
case 'o':
outfile = fopen(optarg,"w");
if (!outfile) {
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.10/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2005-01-31 09:49:15.000000000 -0500
+++ policycoreutils-1.21.10/scripts/fixfiles 2005-02-02 12:16:06.000000000 -0500
@@ -60,12 +60,26 @@
if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
test -z "$TEMPFILE" && exit
- /usr/bin/diff $PREFC $FC | egrep '^[<>]'|cut -c3-| grep ^/ | \
- sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \
- -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \
- while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done | \
+ /usr/bin/diff $PREFC $FC | grep '^[<>]'|cut -c3-| grep ^/ | \
+ sed -r -e 's,[[:blank:]].*,,g' \
+ -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
+ -e 's|([/[:alnum:]])\?|{\1,}|g' \
+ -e 's|\?.*|*|g' \
+ -e 's|\(.*|*|g' \
+ -e 's|\[.*|*|g' \
+ -e 's|\.\*|*|g' \
+ -e 's|\.\+|*|g' | \
+ sort -u | \
+ while read pattern ; \
+ do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
+ echo "$pattern"; \
+ case "$pattern" in *"*") \
+ echo "$pattern" | sed 's,\*$,,g' >> ${TEMPFILE};;
+ esac; \
+ fi; \
+ done | \
while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \
- ${RESTORECON} $2 -v -f -R -
+ ${RESTORECON} -R $2 -v -e /root -e /home -e /tmp -e /var/tmp -f -
rm -f ${TEMPFILE}
fi
}
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.21.10/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2005-01-31 09:49:15.000000000 -0500
+++ policycoreutils-1.21.10/setfiles/setfiles.c 2005-02-02 12:16:16.000000000 -0500
@@ -116,6 +116,35 @@
va_end(ap);
}
+static int add_exclude(const char *directory) {
+ struct stat sb;
+ if(directory == NULL || directory[0] != '/') {
+ fprintf(stderr, "Full path required for exclude: %s.\n",
+ directory);
+ return 1;
+ }
+ if(lstat(directory, &sb)) {
+ fprintf(stderr, "Directory \"%s\" not found.\n", directory);
+ return 1;
+ }
+ if ((sb.st_mode & S_IFDIR) == 0 ) {
+ fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", directory,sb.st_mode);
+ return 1;
+ }
+ excludeArray[excludeCtr].directory = strdup(directory);
+ if (!excludeArray[excludeCtr].directory) {
+ fprintf(stderr, "Out of memory.\n");
+ return 1;
+ }
+ excludeArray[excludeCtr++].size = strlen(directory);
+
+ if (excludeCtr > MAX_EXCLUDES) {
+ fprintf(stderr, "Maximum excludes %d exceeded.\n", MAX_EXCLUDES);
+ return 1;
+ }
+ return 0;
+}
+
static int exclude(const char *file) {
int i=0;
for(i=0; i < excludeCtr; i++) {
@@ -402,36 +431,8 @@
break;
}
case 'e':
- {
- int len;
- struct stat sb;
- if(optarg[0] != '/') {
- fprintf(stderr, "Full path required for exclude: %s.\n",
- optarg);
- exit(1);
- }
- if(lstat(optarg, &sb)) {
- fprintf(stderr, "Directory \"%s\" not found.\n", optarg);
- exit(1);
- }
- if ((sb.st_mode & S_IFDIR) == 0 ) {
- fprintf(stderr, "\"%s\" is not a Directory: mode %o\n", optarg,sb.st_mode);
- exit(1);
- }
- len=strlen(optarg);
- excludeArray[excludeCtr].directory = strdup(optarg);
- if (!excludeArray[excludeCtr].directory) {
- fprintf(stderr, "Out of memory.\n");
- exit(1);
- }
- excludeArray[excludeCtr++].size = len;
- if (excludeCtr > MAX_EXCLUDES) {
- fprintf(stderr, "Maximum excludes %d exceeded.\n",
- MAX_EXCLUDES);
- exit(1);
- }
+ if ( add_exclude(optarg) ) exit(1);
break;
- }
case 'd':
debug = 1;
next prev parent reply other threads:[~2005-02-02 17:46 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1106940328.32737.120.camel@moss-spartans.epoch.ncsc.mil>
2005-01-28 19:48 ` Latest diffs Daniel J Walsh
2005-02-01 18:45 ` James Carter
2005-02-01 19:48 ` Stephen Smalley
2005-02-01 21:41 ` Ivan Gyurdiev
2005-02-02 12:57 ` Stephen Smalley
2005-02-02 13:08 ` Stephen Smalley
2005-02-02 13:17 ` Stephen Smalley
2005-02-02 13:32 ` Daniel J Walsh
2005-02-04 0:58 ` Ivan Gyurdiev
2005-02-04 12:23 ` Stephen Smalley
2005-02-04 12:42 ` Ivan Gyurdiev
2005-02-04 12:50 ` Stephen Smalley
2005-02-04 13:59 ` Daniel J Walsh
2005-02-04 14:10 ` Stephen Smalley
2005-02-04 15:28 ` Ivan Gyurdiev
2005-02-07 7:53 ` Ivan Gyurdiev
2005-02-07 19:33 ` Richard Hally
2005-02-07 19:34 ` Stephen Smalley
2005-02-10 15:16 ` James Carter
2005-02-02 13:58 ` New patch for fixfiles sed script Daniel J Walsh
2005-02-02 16:12 ` Stephen Smalley
2005-02-02 16:34 ` Daniel J Walsh
2005-02-02 16:42 ` Stephen Smalley
2005-02-02 17:46 ` Daniel J Walsh [this message]
2005-02-02 18:28 ` Stephen Smalley
2005-02-02 18:43 ` Stephen Smalley
2005-02-02 18:46 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42011203.3010005@redhat.com \
--to=dwalsh@redhat.com \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.