-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5D6BcACgkQrlYvE4MpobNg5ACfZkApZ/j36plUnJKqei/2pnMZ phoAnAqJTLarji8KN+cPzbXx+bNKdtBQ =jbhI -----END PGP SIGNATURE-----
>From ad64c11bc1b2946835baece0ef38742fb86cab4a Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Sun, 10 Jul 2011 16:09:11 +0200
Subject: [PATCH 22/96] policycoreutils: fixfiles: use new kernel seclabel
option
The kernel now outputs a mount option called 'seclabel' which indicates
if the filesystem supposed security labeling. Use that instead of
having to update some hard coded list of acceptable filesystems (that
may or may not be acceptable depending on if they were compiled with
security xattrs)
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Acked-by: Dan Walsh <dwalsh@xxxxxxxxxx>
---
policycoreutils/scripts/fixfiles | 28 ++++++++++++++++++++++++++--
1 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index ba59d87..43490f2 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -20,6 +20,30 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Get all mount points that support seclabel
+#
+get_all_labeled_mounts() {
+FS="`cat /proc/self/mounts | sort | uniq | awk '{print $2}'`"
+for i in $FS; do
+ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)seclabel(,|$)' && echo $i
+done
+}
+
+get_rw_labeled_mounts() {
+FS=`get_all_labeled_mounts`
+for i in $FS; do
+ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)rw(,|$)' && echo $i
+done
+}
+
+get_ro_labeled_mounts() {
+FS=`get_all_labeled_mounts`
+for i in $FS; do
+ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)ro(,|$)' && echo $i
+done
+}
+
exclude_dirs_from_relabelling() {
exclude_from_relabelling=
if [ -e /etc/selinux/fixfiles_exclude_dirs ]
@@ -64,8 +88,8 @@ SYSLOGFLAG="-l"
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`get_rw_labeled_mounts`
+FILESYSTEMSRO=`get_ro_labeled_mounts`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
--
1.7.6
Attachment:
0022-policycoreutils-fixfiles-use-new-kernel-seclabel-opt.patch.sig
Description: PGP signature
