Re: [PATCH 3/3] policycoreutils: setfiles - Modify to use selinux_restorecon

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Richard Haines <richard_c_haines@btinternet.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Subject: Re: [PATCH 3/3] policycoreutils: setfiles - Modify to use selinux_restorecon
Date: Tue, 31 May 2016 13:01:32 +0000 (UTC)	[thread overview]
Message-ID: <648764394.3667642.1464699692622.JavaMail.yahoo@mail.yahoo.com> (raw)
In-Reply-To: <2687adaa-046c-9ff3-d5f5-b039aa2253c6@tycho.nsa.gov>






> On Thursday, 19 May 2016, 19:24, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On 05/10/2016 11:24 AM, Richard Haines wrote:
>>  Modify setfiles and restorecon to make use of the libselinux
>>  selinux_restorecon* set of functions.
>> 
>>  The output from these commands should be much the same as before
>>  with some minor wording changes, the only exceptions being:
>>  1) The -p option does not output the percentage, just * for every
>>  1000 files (but does state approx file count if mass relabel
>>  and verbose).
> 
> Seems like it might be a regression for usability on e.g. an autorelabel
> at boot.

The main reason I did not implement this is that I would either need to
pass over the approx amount of files to selinux_restorecon() or implement
the exclude_non_seclabel_mounts() function in selinux_restorecon().
I guess if this is required then adding exclude_non_seclabel_mounts(),
add_exclude() and remove_exclude() to selinux_restorecon may be the best
option as that resolves one of your queries on [PATCH 2/3]. Any views on
the best way forward.

next prev parent reply	other threads:[~2016-05-31 13:04 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-10 15:24 [PATCH 3/3] policycoreutils: setfiles - Modify to use selinux_restorecon Richard Haines
2016-05-19 18:25 ` Stephen Smalley
2016-05-31 13:01   ` Richard Haines [this message]
2016-05-31 15:06     ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=648764394.3667642.1464699692622.JavaMail.yahoo@mail.yahoo.com \
    --to=richard_c_haines@btinternet.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.