SELinux Archive on lore.kernel.org
 help / Atom feed
* [PATCH] python/restorecon: add force option
@ 2019-01-30 13:33 Viktor Ashirov
  2019-02-03 10:08 ` Nicolas Iooss
  0 siblings, 1 reply; 3+ messages in thread
From: Viktor Ashirov @ 2019-01-30 13:33 UTC (permalink / raw)
  To: selinux

This adds 'force' keyword argument to selinux.restorecon() function
using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.

Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
---
 libselinux/src/selinuxswig_python.i | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
index 2af7c7e0..4c73bf92 100644
--- a/libselinux/src/selinuxswig_python.i
+++ b/libselinux/src/selinuxswig_python.i
@@ -20,7 +20,7 @@ DISABLED = -1
 PERMISSIVE = 0
 ENFORCING = 1
 
-def restorecon(path, recursive=False, verbose=False):
+def restorecon(path, recursive=False, verbose=False, force=False):
     """ Restore SELinux context on a given path
 
     Arguments:
@@ -29,6 +29,9 @@ def restorecon(path, recursive=False, verbose=False):
     Keyword arguments:
     recursive -- Change files and directories file labels recursively (default False)
     verbose -- Show changes in file labels (default False)
+    force -- Force reset of context to match file_context for customizable files,
+    and the default file context, changing the user, role, range portion  as well
+    as the type (default False)
     """
 
     restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
@@ -36,6 +39,8 @@ def restorecon(path, recursive=False, verbose=False):
         restorecon_flags |= SELINUX_RESTORECON_RECURSE
     if verbose:
         restorecon_flags |= SELINUX_RESTORECON_VERBOSE
+    if force:
+        restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX
     selinux_restorecon(os.path.expanduser(path), restorecon_flags)
 
 def chcon(path, context, recursive=False):
-- 
2.20.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] python/restorecon: add force option
  2019-01-30 13:33 [PATCH] python/restorecon: add force option Viktor Ashirov
@ 2019-02-03 10:08 ` Nicolas Iooss
  2019-02-05  7:17   ` Nicolas Iooss
  0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Iooss @ 2019-02-03 10:08 UTC (permalink / raw)
  To: Viktor Ashirov; +Cc: selinux

On Wed, Jan 30, 2019 at 2:33 PM Viktor Ashirov <vashirov@redhat.com> wrote:
>
> This adds 'force' keyword argument to selinux.restorecon() function
> using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.
>
> Signed-off-by: Viktor Ashirov <vashirov@redhat.com>

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

> ---
>  libselinux/src/selinuxswig_python.i | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
> index 2af7c7e0..4c73bf92 100644
> --- a/libselinux/src/selinuxswig_python.i
> +++ b/libselinux/src/selinuxswig_python.i
> @@ -20,7 +20,7 @@ DISABLED = -1
>  PERMISSIVE = 0
>  ENFORCING = 1
>
> -def restorecon(path, recursive=False, verbose=False):
> +def restorecon(path, recursive=False, verbose=False, force=False):
>      """ Restore SELinux context on a given path
>
>      Arguments:
> @@ -29,6 +29,9 @@ def restorecon(path, recursive=False, verbose=False):
>      Keyword arguments:
>      recursive -- Change files and directories file labels recursively (default False)
>      verbose -- Show changes in file labels (default False)
> +    force -- Force reset of context to match file_context for customizable files,
> +    and the default file context, changing the user, role, range portion  as well
> +    as the type (default False)
>      """
>
>      restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
> @@ -36,6 +39,8 @@ def restorecon(path, recursive=False, verbose=False):
>          restorecon_flags |= SELINUX_RESTORECON_RECURSE
>      if verbose:
>          restorecon_flags |= SELINUX_RESTORECON_VERBOSE
> +    if force:
> +        restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX
>      selinux_restorecon(os.path.expanduser(path), restorecon_flags)
>
>  def chcon(path, context, recursive=False):
> --
> 2.20.1
>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] python/restorecon: add force option
  2019-02-03 10:08 ` Nicolas Iooss
@ 2019-02-05  7:17   ` Nicolas Iooss
  0 siblings, 0 replies; 3+ messages in thread
From: Nicolas Iooss @ 2019-02-05  7:17 UTC (permalink / raw)
  To: Viktor Ashirov; +Cc: selinux

On Sun, Feb 3, 2019 at 11:08 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Wed, Jan 30, 2019 at 2:33 PM Viktor Ashirov <vashirov@redhat.com> wrote:
> >
> > This adds 'force' keyword argument to selinux.restorecon() function
> > using SELINUX_RESTORECON_SET_SPECFILE_CTX flag.
> >
> > Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
>
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Merged. Thanks!
Nicolas

> > ---
> >  libselinux/src/selinuxswig_python.i | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
> > index 2af7c7e0..4c73bf92 100644
> > --- a/libselinux/src/selinuxswig_python.i
> > +++ b/libselinux/src/selinuxswig_python.i
> > @@ -20,7 +20,7 @@ DISABLED = -1
> >  PERMISSIVE = 0
> >  ENFORCING = 1
> >
> > -def restorecon(path, recursive=False, verbose=False):
> > +def restorecon(path, recursive=False, verbose=False, force=False):
> >      """ Restore SELinux context on a given path
> >
> >      Arguments:
> > @@ -29,6 +29,9 @@ def restorecon(path, recursive=False, verbose=False):
> >      Keyword arguments:
> >      recursive -- Change files and directories file labels recursively (default False)
> >      verbose -- Show changes in file labels (default False)
> > +    force -- Force reset of context to match file_context for customizable files,
> > +    and the default file context, changing the user, role, range portion  as well
> > +    as the type (default False)
> >      """
> >
> >      restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
> > @@ -36,6 +39,8 @@ def restorecon(path, recursive=False, verbose=False):
> >          restorecon_flags |= SELINUX_RESTORECON_RECURSE
> >      if verbose:
> >          restorecon_flags |= SELINUX_RESTORECON_VERBOSE
> > +    if force:
> > +        restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX
> >      selinux_restorecon(os.path.expanduser(path), restorecon_flags)
> >
> >  def chcon(path, context, recursive=False):
> > --
> > 2.20.1
> >


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-30 13:33 [PATCH] python/restorecon: add force option Viktor Ashirov
2019-02-03 10:08 ` Nicolas Iooss
2019-02-05  7:17   ` Nicolas Iooss

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox