diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles index ae519fc..d694e3c 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -21,6 +21,17 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# Get all mounted rw file systems that support seclabel +# +get_labeled_mounts() { +# /dev is not listed in the mountab +FS="`mount | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/\(rw/{print $3}';` /dev" +for i in $FS; do + grep --silent "$i ".*seclabel /proc/self/mounts && echo $i +done +} + +# # Set global Variables # fullFlag=0 @@ -35,9 +46,7 @@ SYSLOGFLAG="-l" LOGGER=/usr/sbin/logger SETFILES=/sbin/setfiles RESTORECON=/sbin/restorecon -FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';` -FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';` -FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO" +FILESYSTEMS=`get_labeled_mounts` SELINUXTYPE="targeted" if [ -e /etc/selinux/config ]; then . /etc/selinux/config @@ -87,23 +96,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then esac; \ fi; \ done | \ - while read pattern ; do sh -c "find $pattern \ - ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o \ - \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \ - done 2> /dev/null | \ - ${RESTORECON} $* -0 -f - + ${RESTORECON} -f - -R -p -e /home -e /tmp -r /dev; \ rm -f ${TEMPFILE} ${PREFCTEMPFILE} fi } -# -# Log all Read Only file systems -# -LogReadOnly() { -if [ ! -z "$FILESYSTEMSRO" ]; then - logit "Warning: Skipping the following R/O filesystems:" - logit "$FILESYSTEMSRO" -fi -} rpmlist() { rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' @@ -126,18 +122,11 @@ if [ ! -z "$RPMFILES" ]; then exit $? fi if [ ! -z "$FILEPATH" ]; then - if [ -x /usr/bin/find ]; then - /usr/bin/find "$FILEPATH" \ - ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \ - ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE - else - ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE - fi + ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE return fi [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon -LogReadOnly -${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE +${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 >> $LOGFILE rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; @@ -146,8 +135,7 @@ exit $? fullrelabel() { logit "Cleaning out /tmp" - find /tmp/ -mindepth 1 -print0 | xargs -0 /bin/rm -f - LogReadOnly + find /tmp/ -mindepth 1 -delete restore }