* [PATCH 1/2] libselinux/getconlist: report failures
@ 2021-02-03 17:16 Christian Göttsche
2021-02-03 17:16 ` [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify Christian Göttsche
2021-02-17 17:00 ` [PATCH 1/2] libselinux/getconlist: report failures Petr Lautrbach
0 siblings, 2 replies; 5+ messages in thread
From: Christian Göttsche @ 2021-02-03 17:16 UTC (permalink / raw)
To: selinux
Check the given context a priori, to print a more user friendly message,
opposed to a generic following get_ordered_context_list/_with_level
failure.
Notify the user about failures of get_ordered_context_list/_with_level,
so no-context-found and a failure results are distinguishable.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/getconlist.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
index 29c16640..76654b75 100644
--- a/libselinux/utils/getconlist.c
+++ b/libselinux/utils/getconlist.c
@@ -58,8 +58,14 @@ int main(int argc, char **argv)
free(level);
return 2;
}
- } else
+ } else {
cur_context = argv[optind + 1];
+ if (security_check_context(cur_context) != 0) {
+ fprintf(stderr, "Given context '%s' is invalid.\n", cur_context);
+ free(level);
+ return 3;
+ }
+ }
/* Get the list and print it */
if (level)
@@ -72,6 +78,11 @@ int main(int argc, char **argv)
for (i = 0; list[i]; i++)
puts(list[i]);
freeconary(list);
+ } else {
+ fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n",
+ level ? "_with_level" : "", errno, strerror(errno));
+ free(level);
+ return 4;
}
free(level);
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify
2021-02-03 17:16 [PATCH 1/2] libselinux/getconlist: report failures Christian Göttsche
@ 2021-02-03 17:16 ` Christian Göttsche
2021-02-17 17:15 ` Petr Lautrbach
2021-02-17 17:00 ` [PATCH 1/2] libselinux/getconlist: report failures Petr Lautrbach
1 sibling, 1 reply; 5+ messages in thread
From: Christian Göttsche @ 2021-02-03 17:16 UTC (permalink / raw)
To: selinux
Mention the supported file systems ext4, gfs2 and btrfs.
The options check and verify are interchangeable, merge their
description.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/scripts/fixfiles.8 | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
index 12342530..c4e894e5 100644
--- a/policycoreutils/scripts/fixfiles.8
+++ b/policycoreutils/scripts/fixfiles.8
@@ -35,8 +35,8 @@ database (extended attributes) on filesystems.
.P
It can also be run at any time to relabel when adding support for
new policy, or just check whether the file contexts are all
-as you expect. By default it will relabel all mounted ext2, ext3, xfs and
-jfs file systems as long as they do not have a security context mount
+as you expect. By default it will relabel all mounted ext2, ext3, ext4, gfs2, xfs,
+jfs and btrfs file systems as long as they do not have a security context mount
option. You can use the \-R flag to use rpmpackages as an alternative.
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
excluded from relabeling.
@@ -79,7 +79,7 @@ Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \
.SH "ARGUMENTS"
One of:
.TP
-.B check
+.B check | verify
print any incorrect file context labels, showing old and new context, but do not change them.
.TP
.B restore
@@ -88,9 +88,6 @@ change any incorrect file context labels.
.B relabel
Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
.TP
-.B verify
-List out files with incorrect file context labels, but do not change them.
-.TP
.B [[dir/file] ... ]
List of files or directories trees that you wish to check file context on.
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] libselinux/getconlist: report failures
2021-02-03 17:16 [PATCH 1/2] libselinux/getconlist: report failures Christian Göttsche
2021-02-03 17:16 ` [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify Christian Göttsche
@ 2021-02-17 17:00 ` Petr Lautrbach
1 sibling, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2021-02-17 17:00 UTC (permalink / raw)
To: Christian Göttsche, selinux
Christian Göttsche <cgzones@googlemail.com> writes:
> Check the given context a priori, to print a more user friendly message,
> opposed to a generic following get_ordered_context_list/_with_level
> failure.
>
> Notify the user about failures of get_ordered_context_list/_with_level,
> so no-context-found and a failure results are distinguishable.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> libselinux/utils/getconlist.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
> index 29c16640..76654b75 100644
> --- a/libselinux/utils/getconlist.c
> +++ b/libselinux/utils/getconlist.c
> @@ -58,8 +58,14 @@ int main(int argc, char **argv)
> free(level);
> return 2;
> }
> - } else
> + } else {
> cur_context = argv[optind + 1];
> + if (security_check_context(cur_context) != 0) {
> + fprintf(stderr, "Given context '%s' is invalid.\n", cur_context);
> + free(level);
> + return 3;
3 is already used for "memory allocation failure: %d(%s)\n" error
But I'm not sure if it's important
> + }
> + }
>
> /* Get the list and print it */
> if (level)
> @@ -72,6 +78,11 @@ int main(int argc, char **argv)
> for (i = 0; list[i]; i++)
> puts(list[i]);
> freeconary(list);
> + } else {
> + fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n",
> + level ? "_with_level" : "", errno, strerror(errno));
> + free(level);
> + return 4;
> }
>
> free(level);
> --
> 2.30.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify
2021-02-03 17:16 ` [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify Christian Göttsche
@ 2021-02-17 17:15 ` Petr Lautrbach
2021-02-19 15:15 ` Petr Lautrbach
0 siblings, 1 reply; 5+ messages in thread
From: Petr Lautrbach @ 2021-02-17 17:15 UTC (permalink / raw)
To: Christian Göttsche, selinux
Christian Göttsche <cgzones@googlemail.com> writes:
> Mention the supported file systems ext4, gfs2 and btrfs.
>
> The options check and verify are interchangeable, merge their
> description.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
> ---
> policycoreutils/scripts/fixfiles.8 | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
> index 12342530..c4e894e5 100644
> --- a/policycoreutils/scripts/fixfiles.8
> +++ b/policycoreutils/scripts/fixfiles.8
> @@ -35,8 +35,8 @@ database (extended attributes) on filesystems.
> .P
> It can also be run at any time to relabel when adding support for
> new policy, or just check whether the file contexts are all
> -as you expect. By default it will relabel all mounted ext2, ext3, xfs and
> -jfs file systems as long as they do not have a security context mount
> +as you expect. By default it will relabel all mounted ext2, ext3, ext4, gfs2, xfs,
> +jfs and btrfs file systems as long as they do not have a security context mount
> option. You can use the \-R flag to use rpmpackages as an alternative.
> The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
> excluded from relabeling.
> @@ -79,7 +79,7 @@ Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \
> .SH "ARGUMENTS"
> One of:
> .TP
> -.B check
> +.B check | verify
> print any incorrect file context labels, showing old and new context, but do not change them.
> .TP
> .B restore
> @@ -88,9 +88,6 @@ change any incorrect file context labels.
> .B relabel
> Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
> .TP
> -.B verify
> -List out files with incorrect file context labels, but do not change them.
> -.TP
> .B [[dir/file] ... ]
> List of files or directories trees that you wish to check file context on.
>
> --
> 2.30.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify
2021-02-17 17:15 ` Petr Lautrbach
@ 2021-02-19 15:15 ` Petr Lautrbach
0 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2021-02-19 15:15 UTC (permalink / raw)
To: Christian Göttsche, selinux
Petr Lautrbach <plautrba@redhat.com> writes:
> Christian Göttsche <cgzones@googlemail.com> writes:
>
>> Mention the supported file systems ext4, gfs2 and btrfs.
>>
>> The options check and verify are interchangeable, merge their
>> description.
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: Petr Lautrbach <plautrba@redhat.com>
Merged, thanks!
>> ---
>> policycoreutils/scripts/fixfiles.8 | 9 +++------
>> 1 file changed, 3 insertions(+), 6 deletions(-)
>>
>> diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
>> index 12342530..c4e894e5 100644
>> --- a/policycoreutils/scripts/fixfiles.8
>> +++ b/policycoreutils/scripts/fixfiles.8
>> @@ -35,8 +35,8 @@ database (extended attributes) on filesystems.
>> .P
>> It can also be run at any time to relabel when adding support for
>> new policy, or just check whether the file contexts are all
>> -as you expect. By default it will relabel all mounted ext2, ext3, xfs and
>> -jfs file systems as long as they do not have a security context mount
>> +as you expect. By default it will relabel all mounted ext2, ext3, ext4, gfs2, xfs,
>> +jfs and btrfs file systems as long as they do not have a security context mount
>> option. You can use the \-R flag to use rpmpackages as an alternative.
>> The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
>> excluded from relabeling.
>> @@ -79,7 +79,7 @@ Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \
>> .SH "ARGUMENTS"
>> One of:
>> .TP
>> -.B check
>> +.B check | verify
>> print any incorrect file context labels, showing old and new context, but do not change them.
>> .TP
>> .B restore
>> @@ -88,9 +88,6 @@ change any incorrect file context labels.
>> .B relabel
>> Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
>> .TP
>> -.B verify
>> -List out files with incorrect file context labels, but do not change them.
>> -.TP
>> .B [[dir/file] ... ]
>> List of files or directories trees that you wish to check file context on.
>>
>> --
>> 2.30.0
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-02-19 15:17 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-03 17:16 [PATCH 1/2] libselinux/getconlist: report failures Christian Göttsche
2021-02-03 17:16 ` [PATCH 2/2] policycoreutils/fixfiles.8: add missing file systems and merge check and verify Christian Göttsche
2021-02-17 17:15 ` Petr Lautrbach
2021-02-19 15:15 ` Petr Lautrbach
2021-02-17 17:00 ` [PATCH 1/2] libselinux/getconlist: report failures Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.