This patch adds a function onboot
which creates the /.autorelabel file
It also removes tmp files that map directly to a user. This fixes the
problem where a user login gets created with the wrong context in /tmp
and then can not login, even after a relabel.
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/scripts/fixfiles 2008-06-30 11:49:38.000000000 -0400
@@ -138,6 +138,9 @@
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
exit $?
}
@@ -180,6 +183,10 @@
check) restore -n -v;;
verify) restore -n -o -;;
relabel) relabel;;
+ onboot)
+ touch /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
*)
usage
exit 1
@@ -189,6 +196,7 @@
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+ echo $"Usage: $0 onboot"
}
if [ $# = 0 ]; then
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-06-30 11:49:38.000000000 -0400
@@ -7,6 +7,8 @@
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+.B fixfiles onboot
+
.SH "DESCRIPTION"
This manual page describes the
.BR fixfiles
@@ -20,6 +22,9 @@
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot
+will setup the machine to relabel on the next reboot.
.SH "OPTIONS"
.TP
