SELinux Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] policycoreutils/fixfiles: Fix "verify" option
@ 2019-09-23 14:43 Vit Mojzis
  2019-09-23 15:08 ` Stephen Smalley
  0 siblings, 1 reply; 5+ messages in thread
From: Vit Mojzis @ 2019-09-23 14:43 UTC (permalink / raw)
  To: selinux

"restorecon -n" (used in the "restore" function) has to be used with
"-v" to display the files whose labels would be changed.

Fixes:
   Fixfiles verify does not report misslabelled files unless "-v" option is
   used.
---
 policycoreutils/scripts/fixfiles | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 5be9ba6e..1a31e061 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -302,7 +302,7 @@ process() {
 case "$1" in
     restore) restore Relabel;;
     check) VERBOSE="-v"; restore Check -n;;
-    verify) restore Verify -n;;
+    verify) VERBOSE="-v"; restore Verify -n;;
     relabel) relabel;;
     onboot)
 	if [ "$RESTORE_MODE" != DEFAULT ]; then
-- 
2.21.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] policycoreutils/fixfiles: Fix "verify" option
  2019-09-23 14:43 [PATCH] policycoreutils/fixfiles: Fix "verify" option Vit Mojzis
@ 2019-09-23 15:08 ` Stephen Smalley
  2019-09-24  6:41   ` Vit Mojzis
  2019-09-24  6:51   ` Vit Mojzis
  0 siblings, 2 replies; 5+ messages in thread
From: Stephen Smalley @ 2019-09-23 15:08 UTC (permalink / raw)
  To: Vit Mojzis, selinux

On 9/23/19 10:43 AM, Vit Mojzis wrote:
> "restorecon -n" (used in the "restore" function) has to be used with
> "-v" to display the files whose labels would be changed.
> 
> Fixes:
>     Fixfiles verify does not report misslabelled files unless "-v" option is
>     used.

Please add a Signed-off-by line.  With this change, aside from display 
"Verifying" vs. "Checking" there seems to be no difference between 
fixfiles verify and fixfiles check?  Wondering if there was some 
difference originally?

> ---
>   policycoreutils/scripts/fixfiles | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
> index 5be9ba6e..1a31e061 100755
> --- a/policycoreutils/scripts/fixfiles
> +++ b/policycoreutils/scripts/fixfiles
> @@ -302,7 +302,7 @@ process() {
>   case "$1" in
>       restore) restore Relabel;;
>       check) VERBOSE="-v"; restore Check -n;;
> -    verify) restore Verify -n;;
> +    verify) VERBOSE="-v"; restore Verify -n;;
>       relabel) relabel;;
>       onboot)
>   	if [ "$RESTORE_MODE" != DEFAULT ]; then
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] policycoreutils/fixfiles: Fix "verify" option
  2019-09-23 15:08 ` Stephen Smalley
@ 2019-09-24  6:41   ` Vit Mojzis
  2019-09-26 12:24     ` Stephen Smalley
  2019-09-24  6:51   ` Vit Mojzis
  1 sibling, 1 reply; 5+ messages in thread
From: Vit Mojzis @ 2019-09-24  6:41 UTC (permalink / raw)
  To: selinux

"restorecon -n" (used in the "restore" function) has to be used with
"-v" to display the files whose labels would be changed.

Fixes:
   Fixfiles verify does not report misslabelled files unless "-v" option is
   used.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 policycoreutils/scripts/fixfiles | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 5be9ba6e..1a31e061 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -302,7 +302,7 @@ process() {
 case "$1" in
     restore) restore Relabel;;
     check) VERBOSE="-v"; restore Check -n;;
-    verify) restore Verify -n;;
+    verify) VERBOSE="-v"; restore Verify -n;;
     relabel) relabel;;
     onboot)
 	if [ "$RESTORE_MODE" != DEFAULT ]; then
-- 
2.21.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] policycoreutils/fixfiles: Fix "verify" option
  2019-09-23 15:08 ` Stephen Smalley
  2019-09-24  6:41   ` Vit Mojzis
@ 2019-09-24  6:51   ` Vit Mojzis
  1 sibling, 0 replies; 5+ messages in thread
From: Vit Mojzis @ 2019-09-24  6:51 UTC (permalink / raw)
  To: Stephen Smalley, selinux


On 9/23/19 5:08 PM, Stephen Smalley wrote:
> On 9/23/19 10:43 AM, Vit Mojzis wrote:
>> "restorecon -n" (used in the "restore" function) has to be used with
>> "-v" to display the files whose labels would be changed.
>>
>> Fixes:
>>     Fixfiles verify does not report misslabelled files unless "-v" 
>> option is
>>     used.
>
> Please add a Signed-off-by line.  With this change, aside from display 
> "Verifying" vs. "Checking" there seems to be no difference between 
> fixfiles verify and fixfiles check?  Wondering if there was some 
> difference originally?
>

Apparently "Verify" used to call "restorecon -n -o -", but "-o" is now 
obsolete. You are right, "Verify" and "Check" do the same thing now.


>> ---
>>   policycoreutils/scripts/fixfiles | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/policycoreutils/scripts/fixfiles 
>> b/policycoreutils/scripts/fixfiles
>> index 5be9ba6e..1a31e061 100755
>> --- a/policycoreutils/scripts/fixfiles
>> +++ b/policycoreutils/scripts/fixfiles
>> @@ -302,7 +302,7 @@ process() {
>>   case "$1" in
>>       restore) restore Relabel;;
>>       check) VERBOSE="-v"; restore Check -n;;
>> -    verify) restore Verify -n;;
>> +    verify) VERBOSE="-v"; restore Verify -n;;
>>       relabel) relabel;;
>>       onboot)
>>       if [ "$RESTORE_MODE" != DEFAULT ]; then
>>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] policycoreutils/fixfiles: Fix "verify" option
  2019-09-24  6:41   ` Vit Mojzis
@ 2019-09-26 12:24     ` Stephen Smalley
  0 siblings, 0 replies; 5+ messages in thread
From: Stephen Smalley @ 2019-09-26 12:24 UTC (permalink / raw)
  To: Vit Mojzis, selinux

On 9/24/19 2:41 AM, Vit Mojzis wrote:
> "restorecon -n" (used in the "restore" function) has to be used with
> "-v" to display the files whose labels would be changed.
> 
> Fixes:
>     Fixfiles verify does not report misslabelled files unless "-v" option is
>     used.
> 
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Thanks, applied.

> ---
>   policycoreutils/scripts/fixfiles | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
> index 5be9ba6e..1a31e061 100755
> --- a/policycoreutils/scripts/fixfiles
> +++ b/policycoreutils/scripts/fixfiles
> @@ -302,7 +302,7 @@ process() {
>   case "$1" in
>       restore) restore Relabel;;
>       check) VERBOSE="-v"; restore Check -n;;
> -    verify) restore Verify -n;;
> +    verify) VERBOSE="-v"; restore Verify -n;;
>       relabel) relabel;;
>       onboot)
>   	if [ "$RESTORE_MODE" != DEFAULT ]; then
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-23 14:43 [PATCH] policycoreutils/fixfiles: Fix "verify" option Vit Mojzis
2019-09-23 15:08 ` Stephen Smalley
2019-09-24  6:41   ` Vit Mojzis
2019-09-26 12:24     ` Stephen Smalley
2019-09-24  6:51   ` Vit Mojzis

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org
	public-inbox-index selinux

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git