-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5WrFYACgkQrlYvE4MpobNZcQCfT3qFR3yhW7MYLQCPc2wQr4Yt
+MUAn1rE3D7G8wQSWG6IslwpVDZZJzM3
=uYD/
-----END PGP SIGNATURE-----
>From 13adc3498c39ca39a7d06f6ca213303bcde4eee4 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Sun, 10 Jul 2011 16:46:38 +0200
Subject: [PATCH 22/77] policycoreutils: setfiles: move
exclude_non_seclabel_mounts to a generic location
move exclude_non_seclabel_mounts from setfiles.c to restore.c so it can
be used by other functions later.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/setfiles/restore.c | 62 +++++++++++++++++++++++++++++++++
policycoreutils/setfiles/restore.h | 1 +
policycoreutils/setfiles/setfiles.c | 64 -----------------------------------
3 files changed, 63 insertions(+), 64 deletions(-)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index e05761a..3a697f9 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -631,5 +631,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
return -1;
}
+#include <sys/utsname.h>
+/*
+ Search /proc/mounts for all file systems that do not support extended
+ attributes and add them to the exclude directory table. File systems
+ that support security labels have the seclabel option.
+*/
+void exclude_non_seclabel_mounts()
+{
+ struct utsname uts;
+ FILE *fp;
+ size_t len;
+ ssize_t num;
+ int index = 0, found = 0;
+ char *mount_info[4];
+ char *buf = NULL, *item;
+
+ /* Check to see if the kernel supports seclabel */
+ if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
+ return;
+ if (is_selinux_enabled() <= 0)
+ return;
+
+ fp = fopen("/proc/mounts", "r");
+ if (!fp)
+ return;
+
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ found = 0;
+ index = 0;
+ item = strtok(buf, " ");
+ while (item != NULL) {
+ mount_info[index] = item;
+ if (index == 3)
+ break;
+ index++;
+ item = strtok(NULL, " ");
+ }
+ if (index < 3) {
+ fprintf(stderr,
+ "/proc/mounts record \"%s\" has incorrect format.\n",
+ buf);
+ continue;
+ }
+
+ /* remove pre-existing entry */
+ remove_exclude(mount_info[1]);
+ item = strtok(mount_info[3], ",");
+ while (item != NULL) {
+ if (strcmp(item, "seclabel") == 0) {
+ found = 1;
+ break;
+ }
+ item = strtok(NULL, ",");
+ }
+
+ /* exclude mount points without the seclabel option */
+ if (!found)
+ add_exclude(mount_info[1]);
+ }
+
+ free(buf);
+}
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
index 7e988d5..ac27222 100644
--- a/policycoreutils/setfiles/restore.h
+++ b/policycoreutils/setfiles/restore.h
@@ -49,5 +49,6 @@ int exclude(const char *path);
void remove_exclude(const char *directory);
int process_one_realpath(char *name, int recurse);
int process_glob(char *name, int recurse);
+void exclude_non_seclabel_mounts();
#endif
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
index d320e9f..e4f87bc 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>
#include <sys/vfs.h>
-#include <sys/utsname.h>
#define __USE_XOPEN_EXTENDED 1 /* nftw */
#include <libgen.h>
#ifdef USE_AUDIT
@@ -137,69 +136,6 @@ static void maybe_audit_mass_relabel(void)
#endif
}
-/*
- Search /proc/mounts for all file systems that do not support extended
- attributes and add them to the exclude directory table. File systems
- that support security labels have the seclabel option.
-*/
-static void exclude_non_seclabel_mounts()
-{
- struct utsname uts;
- FILE *fp;
- size_t len;
- ssize_t num;
- int index = 0, found = 0;
- char *mount_info[4];
- char *buf = NULL, *item;
-
- /* Check to see if the kernel supports seclabel */
- if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
- return;
- if (is_selinux_enabled() <= 0)
- return;
-
- fp = fopen("/proc/mounts", "r");
- if (!fp)
- return;
-
- while ((num = getline(&buf, &len, fp)) != -1) {
- found = 0;
- index = 0;
- item = strtok(buf, " ");
- while (item != NULL) {
- mount_info[index] = item;
- if (index == 3)
- break;
- index++;
- item = strtok(NULL, " ");
- }
- if (index < 3) {
- fprintf(stderr,
- "/proc/mounts record \"%s\" has incorrect format.\n",
- buf);
- continue;
- }
-
- /* remove pre-existing entry */
- remove_exclude(mount_info[1]);
-
- item = strtok(mount_info[3], ",");
- while (item != NULL) {
- if (strcmp(item, "seclabel") == 0) {
- found = 1;
- break;
- }
- item = strtok(NULL, ",");
- }
-
- /* exclude mount points without the seclabel option */
- if (!found)
- add_exclude(mount_info[1]);
- }
-
- free(buf);
-}
-
int main(int argc, char **argv)
{
struct stat sb;
--
1.7.6
