All of lore.kernel.org
 help / color / mirror / Atom feed
* Add glob support for restorecond
@ 2008-09-08 19:03 Daniel J Walsh
  2008-09-12 13:59 ` Joshua Brindle
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2008-09-08 19:03 UTC (permalink / raw)
  To: SE Linux

[-- Attachment #1: Type: text/plain, Size: 1036 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have added supported for GLOB expressions in restorecond.  In order to
get nsplugin to work well, you need all of the contents of the homedir
labeled correctly.  Unfortunately gnome creates directories at a fairly
random pace.  FCFS.  So it is very difficult to get transitions to
happen properly.  As a tradeoff, we can use restorecond to watch the
homedir and relabel the directory when it is created.  I know this is a
potential race condition. where some of the files created in the
directory will still have the wrong context, but I don't know of a
better solution.

Telling everyone they need to restorcon -R -v ~ is not a great solution.
 If you are worried about information flow you should never rely on
restorecond.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjFdxcACgkQrlYvE4MpobPtjACg3uyqaHD78FRxdaG5mfitnoB/
lh0AnjvfDC2vmCWisxzWq2qFsZMMu3XK
=JiG7
-----END PGP SIGNATURE-----

[-- Attachment #2: policycoreutils-restorecond.patch --]
[-- Type: text/plain, Size: 1909 bytes --]

--- nsapolicycoreutils/restorecond/stringslist.c	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.55/restorecond/stringslist.c	2008-09-03 17:43:40.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006 Red Hat 
+ * Copyright (C) 2006, 2008 Red Hat 
  * see file 'COPYING' for use and warranty information
  *
  * This program is free software; you can redistribute it and/or
@@ -27,6 +27,7 @@
 #include <stdlib.h>
 #include "stringslist.h"
 #include "restorecond.h"
+#include <fnmatch.h>
 
 /* Sorted lists */
 void strings_list_add(struct stringsList **list, const char *string)
@@ -57,11 +58,9 @@
 int strings_list_find(struct stringsList *ptr, const char *string)
 {
 	while (ptr) {
-		int cmp = strcmp(string, ptr->string);
-		if (cmp < 0)
-			return -1;	/* Not on list break out to add */
-		if (cmp == 0)
-			return 0;	/* Already on list */
+		int cmp = fnmatch(ptr->string, string, 0);
+		if (cmp == 0) 
+			return 0;	/* Match found */
 		ptr = ptr->next;
 	}
 	return -1;
@@ -120,6 +119,7 @@
 	if (strings_list_diff(list, list1) == 0)
 		printf("strings_list_diff test2 bug\n");
 	strings_list_add(&list1, "/etc/walsh");
+	strings_list_add(&list1, "/etc/walsh/*");
 	strings_list_add(&list1, "/etc/resolv.conf");
 	strings_list_add(&list1, "/etc/mtab1");
 	if (strings_list_diff(list, list1) == 0)
@@ -127,6 +127,7 @@
 	printf("strings list\n");
 	strings_list_print(list);
 	printf("strings list1\n");
+	strings_list_find(list1, "/etc/walsh/dan");
 	strings_list_print(list1);
 	strings_list_free(list);
 	strings_list_free(list1);
--- nsapolicycoreutils/restorecond/restorecond.conf	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.55/restorecond/restorecond.conf	2008-09-03 17:38:35.000000000 -0400
@@ -1,7 +1,8 @@
+/etc/services
 /etc/resolv.conf
 /etc/samba/secrets.tdb
 /etc/mtab
 /var/run/utmp
 /var/log/wtmp
-~/public_html
+~/*
 ~/.mozilla/plugins/libflashplayer.so


[-- Attachment #3: policycoreutils-restorecond.patch.sig --]
[-- Type: application/octet-stream, Size: 72 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-09-12 13:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-09-08 19:03 Add glob support for restorecond Daniel J Walsh
2008-09-12 13:59 ` Joshua Brindle

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.