* fixfiles patch
@ 2008-06-30 16:05 Daniel J Walsh
2008-06-30 18:03 ` Joshua Brindle
0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2008-06-30 16:05 UTC (permalink / raw)
To: SE Linux
[-- Attachment #1: Type: text/plain, Size: 261 bytes --]
This patch adds a function onboot
which creates the /.autorelabel file
It also removes tmp files that map directly to a user. This fixes the
problem where a user login gets created with the wrong context in /tmp
and then can not login, even after a relabel.
[-- Attachment #2: fixfiles.patch --]
[-- Type: text/plain, Size: 1735 bytes --]
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/scripts/fixfiles 2008-06-30 11:49:38.000000000 -0400
@@ -138,6 +138,9 @@
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
exit $?
}
@@ -180,6 +183,10 @@
check) restore -n -v;;
verify) restore -n -o -;;
relabel) relabel;;
+ onboot)
+ touch /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
*)
usage
exit 1
@@ -189,6 +196,7 @@
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+ echo $"Usage: $0 onboot"
}
if [ $# = 0 ]; then
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-06-30 11:49:38.000000000 -0400
@@ -7,6 +7,8 @@
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+.B fixfiles onboot
+
.SH "DESCRIPTION"
This manual page describes the
.BR fixfiles
@@ -20,6 +22,9 @@
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot
+will setup the machine to relabel on the next reboot.
.SH "OPTIONS"
.TP
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: fixfiles patch
2008-06-30 16:05 fixfiles patch Daniel J Walsh
@ 2008-06-30 18:03 ` Joshua Brindle
0 siblings, 0 replies; 2+ messages in thread
From: Joshua Brindle @ 2008-06-30 18:03 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
Daniel J Walsh wrote:
> This patch adds a function onboot
>
> which creates the /.autorelabel file
>
> It also removes tmp files that map directly to a user. This fixes the
> problem where a user login gets created with the wrong context in /tmp
> and then can not login, even after a relabel.
>
Acked-by: Joshua Brindle <method@manicmethod.com>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-06-30 18:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-30 16:05 fixfiles patch Daniel J Walsh
2008-06-30 18:03 ` Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.