From: Richard Haines <richard_c_haines@btinternet.com>
To: selinux@vger.kernel.org, sds@tycho.nsa.gov
Cc: xunchang@google.com, nicolas.iooss@m4x.org,
Richard Haines <richard_c_haines@btinternet.com>
Subject: [PATCH V4 2/2] setfiles: Update utilities for the new digest scheme
Date: Sat, 6 Jul 2019 16:21:15 +0100 [thread overview]
Message-ID: <20190706152115.8490-3-richard_c_haines@btinternet.com> (raw)
In-Reply-To: <20190706152115.8490-1-richard_c_haines@btinternet.com>
Update restorecon_xattr and man pages for new digest scheme
managed by selinux_restorecon(3).
Note that the Russian man pages require updating.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
V2 Change
Keep restorecon(8) and setfiles(8) as they were for compatibility
policycoreutils/setfiles/restorecon.8 | 10 +++++-----
policycoreutils/setfiles/restorecon_xattr.8 | 20 +++++++++-----------
policycoreutils/setfiles/restorecon_xattr.c | 2 +-
policycoreutils/setfiles/setfiles.8 | 10 +++++-----
4 files changed, 20 insertions(+), 22 deletions(-)
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 0f81db4..bbfc83f 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -100,7 +100,7 @@ section for further details.
.B \-D
Set or update any directory SHA1 digests. Use this option to
enable usage of the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute.
.TP
.B \-m
@@ -184,10 +184,10 @@ option to
.B restorecon
will cause it to store a SHA1 digest of the default specfiles set in an extended
attribute named
-.IR security.restorecon_last
-on the directory specified in each
+.IR security.sehash
+on each directory specified in
.IR pathname \ ...
-once the relabeling has been completed successfully. This digest will be
+once the relabeling has been completed successfully. These digests will be
checked should
.B restorecon
.B \-D
@@ -204,7 +204,7 @@ option will ignore the SHA1 digest from each directory specified in
and provided the
.B \-n
option is NOT set and recursive mode is set, files will be relabeled as
-required with the digest then being updated provided there are no errors.
+required with the digests then being updated provided there are no errors.
.SH "AUTHOR"
This man page was written by Dan Walsh <dwalsh@redhat.com>.
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
index 65b28ea..e04528e 100644
--- a/policycoreutils/setfiles/restorecon_xattr.8
+++ b/policycoreutils/setfiles/restorecon_xattr.8
@@ -1,7 +1,7 @@
.TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command"
.SH "NAME"
restorecon_xattr \- manage
-.I security.restorecon_last
+.I security.sehash
extended attribute entries added by
.BR setfiles (8)
or
@@ -24,7 +24,7 @@ or
.SH "DESCRIPTION"
.B restorecon_xattr
will display the SHA1 digests added to extended attributes
-.I security.restorecon_last
+.I security.sehash
or delete the attribute completely. These attributes are set by
.BR restorecon (8)
or
@@ -43,7 +43,7 @@ from.
and
.B TMPFS
filesystems do not support the
-.I security.restorecon_last
+.I security.sehash
extended attribute and are automatically excluded from searches.
.sp
By default
@@ -62,12 +62,12 @@ option.
.TP
.B \-d
delete all non-matching
-.I security.restorecon_last
+.I security.sehash
directory digest entries.
.TP
.B \-D
delete all
-.I security.restorecon_last
+.I security.sehash
directory digest entries.
.TP
.B \-m
@@ -87,7 +87,10 @@ Do not append "Match" or "No Match" to displayed digests.
recursively descend directories.
.TP
.B \-v
-display SHA1 digest generated by specfile set.
+display SHA1 digest generated by specfile set (Note that this digest is not
+used to match the
+.I security.sehash
+directory digest entries, and is shown for reference only).
.TP
.B \-e
.I directory
@@ -101,11 +104,6 @@ an optional
.I specfile
containing file context entries as described in
.BR file_contexts (5).
-This will be used by
-.BR selabel_open (3)
-to retrieve the set of labeling entries, with the SHA1 digest being
-retrieved by
-.BR selabel_digest (3).
If the option is not specified, then the default file_contexts will be used.
.SH "ARGUMENTS"
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
index 91c087f..59b1f74 100644
--- a/policycoreutils/setfiles/restorecon_xattr.c
+++ b/policycoreutils/setfiles/restorecon_xattr.c
@@ -27,7 +27,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
"-D Delete all digest entries.\n\t"
"-e Directory to exclude (repeat option for more than one directory).\n\t"
"-f Optional specfile for calculating the digest.\n\t"
- "pathname Path to search for xattr \"security.restorecon_last\" entries.\n\n",
+ "pathname Path to search for xattr \"security.sehash\" entries.\n\n",
progname);
exit(-1);
}
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index ccaaf4d..c9f8be0 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -90,7 +90,7 @@ section for further details.
.B \-D
Set or update any directory SHA1 digests. Use this option to
enable usage of the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute.
.TP
.B \-l
@@ -228,10 +228,10 @@ option to
will cause it to store a SHA1 digest of the
.B spec_file
set in an extended attribute named
-.IR security.restorecon_last
-on the directory specified in each
+.IR security.sehash
+on each directory specified in
.IR pathname \ ...
-once the relabeling has been completed successfully. This digest will be
+once the relabeling has been completed successfully. These digests will be
checked should
.B setfiles
.B \-D
@@ -250,7 +250,7 @@ option will ignore the SHA1 digest from each directory specified in
.IR pathname \ ...
and provided the
.B \-n
-option is NOT set, files will be relabeled as required with the digest then
+option is NOT set, files will be relabeled as required with the digests then
being updated provided there are no errors.
.SH "AUTHOR"
--
2.21.0
prev parent reply other threads:[~2019-07-06 15:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-06 15:21 [PATCH V4 0/2] Update restorecon to support new digest scheme Richard Haines
2019-07-06 15:21 ` [PATCH 1/2] libselinux: Save digest of all partial matches for directory Richard Haines
2019-07-06 15:21 ` Richard Haines [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190706152115.8490-3-richard_c_haines@btinternet.com \
--to=richard_c_haines@btinternet.com \
--cc=nicolas.iooss@m4x.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
--cc=xunchang@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).