From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4E3B085D.1050400@redhat.com> Date: Thu, 04 Aug 2011 17:00:13 -0400 From: Eric Paris MIME-Version: 1.0 To: Daniel J Walsh CC: Stephen Smalley , Eric Paris , selinux@tycho.nsa.gov Subject: Re: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and References: <4E39B5E6.8000100@redhat.com> <1312469767.20973.53.camel@moss-pluto> <1312486409.20973.66.camel@moss-pluto> <4E3B007B.1020502@redhat.com> In-Reply-To: <4E3B007B.1020502@redhat.com> Content-Type: text/plain; charset=UTF-8 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On 08/04/2011 04:26 PM, Daniel J Walsh wrote: > On 08/04/2011 03:33 PM, Stephen Smalley wrote: >> On Thu, 2011-08-04 at 13:59 -0400, Eric Paris wrote: >>> well I guess [selinuxfs]/initial_contexts/unlabeled works for the >>> first part, but how to come up with the lib_t/var_t I don't >>> know.... more initial sids :) >> >> chcon --reference=/lib ... chcon --reference=/var ... >> >> Or: chcon `matchpathcon /lib` ... >> >> > > > How about this patch... If you don't have /selinux mounted in one of those two places secon -t will return your process type, which might delete the wrong files. Not that it makes a huge difference, but we don't really need to pare it down to just the type with secon -t and then search using *$TYPE*. I also question the use of /sys/fs/selinux/ but I'm not sure we have a good way to find that in a script..... Do we have one? -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.