Re: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 04 Aug 2011 12:42:37 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/04/2011 10:56 AM, Stephen Smalley wrote:
> On Wed, 2011-08-03 at 16:56 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> 
>> This patch looks good to me. acked.
> 
>> From dff45c3977973dfbdbc7261b6fef05215d3515d8 Mon Sep 17 00:00:00
>> 2001
> From: Eric Paris <eparis@xxxxxxxxxx> Date: Sun, 10 Jul 2011 13:35:32
> +0200 Subject: [PATCH 029/155] policycoreutils: fixfiles clean up
> /var/run and /var/lib/debug
> 
> clean up /var/run and /var/lib/debug just like we do for /tmp and 
> /var/tmp since they can easily get unlabeled files.
> 
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> --- 
> policycoreutils/scripts/fixfiles |    2 ++ 1 files changed, 2
> insertions(+), 0 deletions(-)
> 
> diff --git a/policycoreutils/scripts/fixfiles
> b/policycoreutils/scripts/fixfiles index 1da3fb2..c5c92bf 100755 ---
> a/policycoreutils/scripts/fixfiles +++
> b/policycoreutils/scripts/fixfiles @@ -142,6 +142,8 @@ rm -rf
> /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* find /tmp \( -context
> "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \)
> -delete find /tmp \( -context "*:file_t*" -o -context
> "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; find /var/tmp \(
> -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t
> tmp_t {} \; +find /var/run \( -context "*:file_t*" -o -context
> "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \; +[ -e
> /var/lib/debug ] && find /var/lib/debug \( -context "*:file_t*" -o
> -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \; exit $? }
> 
> 
> Does it bother anyone else that you are hardcoding policy types into 
> your scripts here?  What happens when someone wants to use a
> different policy that doesn't define those types?
> 

I guess we could add a file to identify the types of files with no
labels and files that the kernel does not understand.   Patches welcome...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk46y/0ACgkQrlYvE4MpobPIOQCg4HMijy8wQbb2A8N6Oq/YK9Cd
3jkAnilxruKeLvqm9Ca/tIU/I7959dL2
=C1vN
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.