Re: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and

Eric Paris <eparis@xxxxxxxxxxxxxx> · Thu, 4 Aug 2011 13:33:19 -0400

Is there a reasonable way for a script to determine
SECINITSID_UNLABELED?  You're right though, it does sound like a good
todo.

-Eric

On Thu, Aug 4, 2011 at 10:56 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Wed, 2011-08-03 at 16:56 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> This patch looks good to me. acked.
>
> >From dff45c3977973dfbdbc7261b6fef05215d3515d8 Mon Sep 17 00:00:00 2001
> From: Eric Paris <eparis@xxxxxxxxxx>
> Date: Sun, 10 Jul 2011 13:35:32 +0200
> Subject: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and
>  /var/lib/debug
>
> clean up /var/run and /var/lib/debug just like we do for /tmp and
> /var/tmp since they can easily get unlabeled files.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
> ---
>  policycoreutils/scripts/fixfiles |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
> index 1da3fb2..c5c92bf 100755
> --- a/policycoreutils/scripts/fixfiles
> +++ b/policycoreutils/scripts/fixfiles
> @@ -142,6 +142,8 @@ rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
>  find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete
>  find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
>  find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
> +find /var/run \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \;
> +[ -e /var/lib/debug ] && find /var/lib/debug \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \;
>  exit $?
>  }
>
>
> Does it bother anyone else that you are hardcoding policy types into
> your scripts here?  What happens when someone wants to use a different
> policy that doesn't define those types?
>
> --
> Stephen Smalley
> National Security Agency
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.