-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk45tn8ACgkQrlYvE4MpobMCxgCfXH6HOZTQkP4COSovye5EM2H2 7zUAoN2kgLGrJ9Ust2zHvLNT7OHsP9fd =iKy+ -----END PGP SIGNATURE-----
>From 9fbf71c86af22da8dd37991058bd6bc54bbc3576 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Sun, 10 Jul 2011 16:09:11 +0200
Subject: [PATCH 032/155] policycoreutils: fixfiles use new kernel seclabel
option
The kernel now outputs a mount option called 'seclabel' which indicates
if the filesystem supposed security labeling. Use that instead of
having to update some hard coded list of acceptable filesystems (that
may or may not be acceptable depending on if they were compiled with
security xattrs)
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/scripts/fixfiles | 28 ++++++++++++++++++++++++++--
1 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 2aea888..bb2f445 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -20,6 +20,30 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Get all mount points that support seclabel
+#
+get_all_labeled_mounts() {
+FS="`cat /proc/self/mounts | sort | uniq | awk '{print $2}'`"
+for i in $FS; do
+ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)seclabel(,|$)' && echo $i
+done
+}
+
+get_rw_labeled_mounts() {
+FS=`get_all_labeled_mounts`
+for i in $FS; do
+ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)rw(,|$)' && echo $i
+done
+}
+
+get_ro_labeled_mounts() {
+FS=`get_all_labeled_mounts`
+for i in $FS; do
+ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)ro(,|$)' && echo $i
+done
+}
+
exclude_dirs_from_relabelling() {
exclude_from_relabelling=
if [ -e /etc/selinux/fixfiles_exclude_dirs ]
@@ -64,8 +88,8 @@ SYSLOGFLAG="-l"
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`get_rw_labeled_mounts`
+FILESYSTEMSRO=`get_ro_labeled_mounts`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
--
1.7.6
Attachment:
0032-policycoreutils-fixfiles-use-new-kernel-seclabel-opt.patch.sig
Description: PGP signature
