Re: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/4/2011 1:33 PM, Eric Paris wrote:

Is there a reasonable way for a script to determine
SECINITSID_UNLABELED?  You're right though, it does sound like a good
todo.


cat /selinux/initial_contexts/unlabeled


On Thu, Aug 4, 2011 at 10:56 AM, Stephen Smalley<sds@xxxxxxxxxxxxx>  wrote:

On Wed, 2011-08-03 at 16:56 -0400, Daniel J Walsh wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.


> From dff45c3977973dfbdbc7261b6fef05215d3515d8 Mon Sep 17 00:00:00 2001
From: Eric Paris<eparis@xxxxxxxxxx>
Date: Sun, 10 Jul 2011 13:35:32 +0200
Subject: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and
  /var/lib/debug

clean up /var/run and /var/lib/debug just like we do for /tmp and
/var/tmp since they can easily get unlabeled files.

Signed-off-by: Eric Paris<eparis@xxxxxxxxxx>
---
  policycoreutils/scripts/fixfiles |    2 ++
  1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 1da3fb2..c5c92bf 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -142,6 +142,8 @@ rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
  find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete
  find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
  find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
+find /var/run \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \;
+[ -e /var/lib/debug ]&&  find /var/lib/debug \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \;
  exit $?
  }


Does it bother anyone else that you are hardcoding policy types into
your scripts here?  What happens when someone wants to use a different
policy that doesn't define those types?


--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux