* [PATCH] python/restorecon: add force option
@ 2019-01-30 13:33 Viktor Ashirov
2019-02-03 10:08 ` Nicolas Iooss
0 siblings, 1 reply; 3+ messages in thread
From: Viktor Ashirov @ 2019-01-30 13:33 UTC (permalink / raw)
To: selinux
This adds 'force' keyword argument to selinux.restorecon() function
using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.
Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
---
libselinux/src/selinuxswig_python.i | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
index 2af7c7e0..4c73bf92 100644
--- a/libselinux/src/selinuxswig_python.i
+++ b/libselinux/src/selinuxswig_python.i
@@ -20,7 +20,7 @@ DISABLED = -1
PERMISSIVE = 0
ENFORCING = 1
-def restorecon(path, recursive=False, verbose=False):
+def restorecon(path, recursive=False, verbose=False, force=False):
""" Restore SELinux context on a given path
Arguments:
@@ -29,6 +29,9 @@ def restorecon(path, recursive=False, verbose=False):
Keyword arguments:
recursive -- Change files and directories file labels recursively (default False)
verbose -- Show changes in file labels (default False)
+ force -- Force reset of context to match file_context for customizable files,
+ and the default file context, changing the user, role, range portion as well
+ as the type (default False)
"""
restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
@@ -36,6 +39,8 @@ def restorecon(path, recursive=False, verbose=False):
restorecon_flags |= SELINUX_RESTORECON_RECURSE
if verbose:
restorecon_flags |= SELINUX_RESTORECON_VERBOSE
+ if force:
+ restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX
selinux_restorecon(os.path.expanduser(path), restorecon_flags)
def chcon(path, context, recursive=False):
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] python/restorecon: add force option
2019-01-30 13:33 [PATCH] python/restorecon: add force option Viktor Ashirov
@ 2019-02-03 10:08 ` Nicolas Iooss
2019-02-05 7:17 ` Nicolas Iooss
0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Iooss @ 2019-02-03 10:08 UTC (permalink / raw)
To: Viktor Ashirov; +Cc: selinux
On Wed, Jan 30, 2019 at 2:33 PM Viktor Ashirov <vashirov@redhat.com> wrote:
>
> This adds 'force' keyword argument to selinux.restorecon() function
> using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.
>
> Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
> libselinux/src/selinuxswig_python.i | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
> index 2af7c7e0..4c73bf92 100644
> --- a/libselinux/src/selinuxswig_python.i
> +++ b/libselinux/src/selinuxswig_python.i
> @@ -20,7 +20,7 @@ DISABLED = -1
> PERMISSIVE = 0
> ENFORCING = 1
>
> -def restorecon(path, recursive=False, verbose=False):
> +def restorecon(path, recursive=False, verbose=False, force=False):
> """ Restore SELinux context on a given path
>
> Arguments:
> @@ -29,6 +29,9 @@ def restorecon(path, recursive=False, verbose=False):
> Keyword arguments:
> recursive -- Change files and directories file labels recursively (default False)
> verbose -- Show changes in file labels (default False)
> + force -- Force reset of context to match file_context for customizable files,
> + and the default file context, changing the user, role, range portion as well
> + as the type (default False)
> """
>
> restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
> @@ -36,6 +39,8 @@ def restorecon(path, recursive=False, verbose=False):
> restorecon_flags |= SELINUX_RESTORECON_RECURSE
> if verbose:
> restorecon_flags |= SELINUX_RESTORECON_VERBOSE
> + if force:
> + restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX
> selinux_restorecon(os.path.expanduser(path), restorecon_flags)
>
> def chcon(path, context, recursive=False):
> --
> 2.20.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] python/restorecon: add force option
2019-02-03 10:08 ` Nicolas Iooss
@ 2019-02-05 7:17 ` Nicolas Iooss
0 siblings, 0 replies; 3+ messages in thread
From: Nicolas Iooss @ 2019-02-05 7:17 UTC (permalink / raw)
To: Viktor Ashirov; +Cc: selinux
On Sun, Feb 3, 2019 at 11:08 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Wed, Jan 30, 2019 at 2:33 PM Viktor Ashirov <vashirov@redhat.com> wrote:
> >
> > This adds 'force' keyword argument to selinux.restorecon() function
> > using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.
> >
> > Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
>
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Merged. Thanks!
Nicolas
> > ---
> > libselinux/src/selinuxswig_python.i | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
> > index 2af7c7e0..4c73bf92 100644
> > --- a/libselinux/src/selinuxswig_python.i
> > +++ b/libselinux/src/selinuxswig_python.i
> > @@ -20,7 +20,7 @@ DISABLED = -1
> > PERMISSIVE = 0
> > ENFORCING = 1
> >
> > -def restorecon(path, recursive=False, verbose=False):
> > +def restorecon(path, recursive=False, verbose=False, force=False):
> > """ Restore SELinux context on a given path
> >
> > Arguments:
> > @@ -29,6 +29,9 @@ def restorecon(path, recursive=False, verbose=False):
> > Keyword arguments:
> > recursive -- Change files and directories file labels recursively (default False)
> > verbose -- Show changes in file labels (default False)
> > + force -- Force reset of context to match file_context for customizable files,
> > + and the default file context, changing the user, role, range portion as well
> > + as the type (default False)
> > """
> >
> > restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
> > @@ -36,6 +39,8 @@ def restorecon(path, recursive=False, verbose=False):
> > restorecon_flags |= SELINUX_RESTORECON_RECURSE
> > if verbose:
> > restorecon_flags |= SELINUX_RESTORECON_VERBOSE
> > + if force:
> > + restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX
> > selinux_restorecon(os.path.expanduser(path), restorecon_flags)
> >
> > def chcon(path, context, recursive=False):
> > --
> > 2.20.1
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-02-05 7:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-30 13:33 [PATCH] python/restorecon: add force option Viktor Ashirov
2019-02-03 10:08 ` Nicolas Iooss
2019-02-05 7:17 ` Nicolas Iooss
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).