policycoreutils fixes

All of lore.kernel.org
 help / color / mirror / Atom feed

* policycoreutils fixes
@ 2005-02-23 14:46 Daniel J Walsh
  2005-02-24 14:14 ` Stephen Smalley
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2005-02-23 14:46 UTC (permalink / raw)
  To: Stephen Smalley, SELinux

[-- Attachment #1: Type: text/plain, Size: 274 bytes --]

Fix genhomedircon:
     always add "\n"
    Strip extra spaces off of config files (SELINUXPOLICYTYPE)

Fix fixfiles:
    Use find recursion instead of restorecon to walk directory tree so 
that it will
not go into file systems that do not support extended attributes.

Dan

[-- Attachment #2: policycoreutils-rhat.patch --]
[-- Type: text/plain, Size: 2516 bytes --]

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.19/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2005-02-08 13:27:03.000000000 -0500
+++ policycoreutils-1.21.19/scripts/fixfiles	2005-02-23 09:31:45.000000000 -0500
@@ -78,8 +78,8 @@
                   esac; \
                fi; \
             done | \
-	while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \
-	 ${RESTORECON} -R $2 -v -e /root -e /home -e /tmp -e /var/tmp -e /dev -f - 
+	while read pattern ; do find $pattern -fstype ext2 -fstype ext3 -fstype reiserfs -fstype xfs -print; done 2> /dev/null | \
+	 ${RESTORECON} $2 -v -e /root -e /home -e /tmp -e /var/tmp -e /dev -f - 
 	rm -f ${TEMPFILE}
 fi
 }
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.21.19/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon	2005-02-17 14:28:23.000000000 -0500
+++ policycoreutils-1.21.19/scripts/genhomedircon	2005-02-23 09:33:26.000000000 -0500
@@ -154,13 +154,13 @@
 def getDefaultHomeDir():
     rc=commands.getstatusoutput("grep ^HOME= /etc/default/useradd | tail -1")
     if rc[0]==0:
-        return rc[1].split("=")[-1]
+        return rc[1].split("=")[-1].strip()
     return "/home"
 
 def getSELinuxType(directory):
     rc=commands.getstatusoutput("grep ^SELINUXTYPE= %s/config | tail -1" % directory)
     if rc[0]==0:
-        return rc[1].split("=")[-1]
+        return rc[1].split("=")[-1].strip()
     return "targeted"
 
 def usage(error = ""):
@@ -203,7 +203,7 @@
     def getHomeRootContext(self, homedir):
 	    rc=commands.getstatusoutput("grep HOME_ROOT  %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir))
 	    if rc[0] == 0:
-		    return rc[1]
+		    return rc[1]+"\n"
 	    else:
 		    errorExit(string.join("sed error ", rc[1]))
 
@@ -254,7 +254,7 @@
 	# Fill in HOME and ROLE for users that are defined
 	for u in users.keys():
 		ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"])
-	return ret
+	return ret+"\n"
 
     def checkExists(self, home):
         return commands.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0]
@@ -285,7 +285,6 @@
 	ret= self.heading()
         for h in self.getHomeDirs():
             ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user")
-            ret += "\n"
             ret += self.getHomeRootContext(h)
         ret += self.genHomeDirContext()
         return ret

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: policycoreutils fixes
  2005-02-23 14:46 policycoreutils fixes Daniel J Walsh
@ 2005-02-24 14:14 ` Stephen Smalley
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2005-02-24 14:14 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: SELinux

On Wed, 2005-02-23 at 09:46 -0500, Daniel J Walsh wrote:
> +	while read pattern ; do find $pattern -fstype ext2 -fstype ext3 -fstype reiserfs -fstype xfs -print; done 2> /dev/null | \
> +	 ${RESTORECON} $2 -v -e /root -e /home -e /tmp -e /var/tmp -e /dev -f - 
>  	rm -f ${TEMPFILE}
>  fi
>  }

Per the find(1) man page, expr1 expr2 is an implied AND, i.e. both
expressions must be true, so -fstype ext2 -fstype ext3 will always be
false and you'll never print anything.

Shouldn't this be:
find $pattern \( -fstype ext2 -o -fstype ext3 -o -fstype xfs -o -fstype
reiserfs \) -print

Also, I'm not sure why you include reiserfs, as reiserfs xattr support
is still broken for SELinux in the mainline kernel and policy fs_use
doesn't use xattrs for reiserfs as a result.

As of 2.6.11, jfs will have xattr security support, so we should be able
to add it to policy/fs_use and start including it in fixfiles in the
future.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-02-24 14:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-23 14:46 policycoreutils fixes Daniel J Walsh
2005-02-24 14:14 ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.