* [PATCH V2 0/3] Update setfiles/restorecon to support selinux_restorecon
@ 2016-06-19 19:36 Richard Haines
2016-06-30 14:43 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Richard Haines @ 2016-06-19 19:36 UTC (permalink / raw)
To: selinux
These patches:
1) Add additional services to selinux_restorecon(3) so that setfiles(8)
functionality can be supported.
2) Modify setfiles(8) and restorecon(8) to make use of the new libselinux
functions.
I've supported all options except -q of the current restorecon(8) and
setfiles(8) in selinux_restorecon_* services.
There is a new option of -I to ignore the digest as explained in the updated
man pages.
The output from these commands should be much the same as before (some minor
wording changes).
Changes for V2
1) All requested changes have been completed as per [1], [2] and [3].
2) As selinux_restorecon_set_alt_rootpath(3) and
selinux_restorecon_set_exclude_list(3) now allocate memory etc. they return
errors (they were void).
[1] http://marc.info/?l=selinux&m=146470027405908&w=2
[2] http://marc.info/?l=selinux&m=146470835908849&w=2
[3] http://marc.info/?l=selinux&m=146470720008392&w=2
Richard Haines (3):
libselinux: Evaluate inodes in selinux_restorecon(3)
libselinux: Add setfiles support to selinux_restorecon(3)
policycoreutils: setfiles - Modify to use selinux_restorecon
libselinux/include/selinux/restorecon.h | 109 +++-
libselinux/man/man3/selinux_restorecon.3 | 80 ++-
.../man/man3/selinux_restorecon_set_alt_rootpath.3 | 35 +
.../man/man3/selinux_restorecon_set_exclude_list.3 | 16 +-
.../man/man3/selinux_restorecon_set_sehandle.3 | 4 +-
libselinux/src/selinux_restorecon.c | 710 ++++++++++++++++++--
libselinux/utils/selinux_restorecon.c | 52 +-
policycoreutils/setfiles/restore.c | 718 ++-------------------
policycoreutils/setfiles/restore.h | 51 +-
policycoreutils/setfiles/restorecon.8 | 74 ++-
policycoreutils/setfiles/setfiles.8 | 75 ++-
policycoreutils/setfiles/setfiles.c | 198 +++---
12 files changed, 1201 insertions(+), 921 deletions(-)
create mode 100644 libselinux/man/man3/selinux_restorecon_set_alt_rootpath.3
--
2.5.5
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH V2 0/3] Update setfiles/restorecon to support selinux_restorecon
2016-06-19 19:36 [PATCH V2 0/3] Update setfiles/restorecon to support selinux_restorecon Richard Haines
@ 2016-06-30 14:43 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2016-06-30 14:43 UTC (permalink / raw)
To: Richard Haines, selinux
On 06/19/2016 03:36 PM, Richard Haines wrote:
> These patches:
> 1) Add additional services to selinux_restorecon(3) so that setfiles(8)
> functionality can be supported.
> 2) Modify setfiles(8) and restorecon(8) to make use of the new libselinux
> functions.
>
> I've supported all options except -q of the current restorecon(8) and
> setfiles(8) in selinux_restorecon_* services.
>
> There is a new option of -I to ignore the digest as explained in the updated
> man pages.
>
> The output from these commands should be much the same as before (some minor
> wording changes).
>
> Changes for V2
> 1) All requested changes have been completed as per [1], [2] and [3].
> 2) As selinux_restorecon_set_alt_rootpath(3) and
> selinux_restorecon_set_exclude_list(3) now allocate memory etc. they return
> errors (they were void).
Unfortunately, we can't do that if they were included in a prior release
(e.g. 2.5). That would be an ABI incompatibility. Options:
1) Use symbol versioning. This would require adding a linker version
script / map file to libselinux like we already have for libsepol and
libsemanage, and defining an old and new version of the symbol so that
existing binaries can keep using the void interface and programs
compiled against the new library can use the int interface.
2) Just leave it void and abort or something on memory allocation failure.
3) Leave the functions unchanged, i.e. don't allocate memory (but I
think this will be problematic in the future).
>
> [1] http://marc.info/?l=selinux&m=146470027405908&w=2
> [2] http://marc.info/?l=selinux&m=146470835908849&w=2
> [3] http://marc.info/?l=selinux&m=146470720008392&w=2
>
> Richard Haines (3):
> libselinux: Evaluate inodes in selinux_restorecon(3)
> libselinux: Add setfiles support to selinux_restorecon(3)
> policycoreutils: setfiles - Modify to use selinux_restorecon
>
> libselinux/include/selinux/restorecon.h | 109 +++-
> libselinux/man/man3/selinux_restorecon.3 | 80 ++-
> .../man/man3/selinux_restorecon_set_alt_rootpath.3 | 35 +
> .../man/man3/selinux_restorecon_set_exclude_list.3 | 16 +-
> .../man/man3/selinux_restorecon_set_sehandle.3 | 4 +-
> libselinux/src/selinux_restorecon.c | 710 ++++++++++++++++++--
> libselinux/utils/selinux_restorecon.c | 52 +-
> policycoreutils/setfiles/restore.c | 718 ++-------------------
> policycoreutils/setfiles/restore.h | 51 +-
> policycoreutils/setfiles/restorecon.8 | 74 ++-
> policycoreutils/setfiles/setfiles.8 | 75 ++-
> policycoreutils/setfiles/setfiles.c | 198 +++---
> 12 files changed, 1201 insertions(+), 921 deletions(-)
> create mode 100644 libselinux/man/man3/selinux_restorecon_set_alt_rootpath.3
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-30 14:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-19 19:36 [PATCH V2 0/3] Update setfiles/restorecon to support selinux_restorecon Richard Haines
2016-06-30 14:43 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.