-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5D5+IACgkQrlYvE4MpobPLwgCeLwITOOsMsqqjJWduH5Ds95Op 6kIAn1BuWClLSloaZPv88DCU3qrDSdb7 =xkEv -----END PGP SIGNATURE-----
>From 7e0ba1b691aae4cbc1179093d082bbf66910461c Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Sun, 10 Jul 2011 14:19:47 +0200
Subject: [PATCH 21/96] policycoreutils: fixfiles: pipe everything to cat
before sending to LOGFILE
We do this so we can eliminate foolish avcs about restorecon trying to
write to a random directory. We allow apps to communicate with fds
globably. So this allows the access no AVC's I am happy
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/scripts/fixfiles | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 205c51f..ba59d87 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -146,7 +146,7 @@ if [ ! -z "$PREFC" ]; then
fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
+ rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 | cat >> $LOGFILE
done
exit $?
fi
@@ -154,9 +154,9 @@ if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
/usr/bin/find "$FILEPATH" \
! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
- ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+ ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 | cat >> $LOGFILE
else
- ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+ ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE
fi
return
fi
@@ -179,7 +179,7 @@ then
done
FC=$TEMPFCFILE
fi
-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete
--
1.7.6
Attachment:
0021-policycoreutils-fixfiles-pipe-everything-to-cat-befo.patch.sig
Description: PGP signature
