Signed-off-by: Chris PeBenito <chpebeni@xxxxxxxxxxxxxxxxxxx>
---
policycoreutils/setfiles/restore.c | 2 +-
policycoreutils/setfiles/restore.h | 1 +
policycoreutils/setfiles/setfiles.8 | 5 +++++
policycoreutils/setfiles/setfiles.c | 10 +++++++---
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index d3335d1a..9d688c60 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -41,7 +41,7 @@ void restore_init(struct restore_opts *opts)
opts->xdev | opts->abort_on_error |
opts->syslog_changes | opts->log_matches |
opts->ignore_noent | opts->ignore_mounts |
- opts->mass_relabel;
+ opts->mass_relabel | opts->conflict_error;
/* Use setfiles, restorecon and restorecond own handles */
selinux_restorecon_set_sehandle(opts->hnd);
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
index b64042a6..ac6ad680 100644
--- a/policycoreutils/setfiles/restore.h
+++ b/policycoreutils/setfiles/restore.h
@@ -34,6 +34,7 @@ struct restore_opts {
unsigned int log_matches;
unsigned int ignore_noent;
unsigned int ignore_mounts;
+ unsigned int conflict_error;
/* restorecon_flags holds | of above for restore_init() */
unsigned int restorecon_flags;
char *rootpath;
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index c9f8be06..0188a75a 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -12,6 +12,7 @@ setfiles \- set SELinux file security contexts.
.RB [ \-n ]
.RB [ \-e
.IR directory ]
+.RB [ \-E ]
.RB [ \-p ]
.RB [ \-s ]
.RB [ \-v ]
@@ -62,6 +63,10 @@ after ABORT_ON_ERRORS errors).
.BI \-e \ directory
directory to exclude (repeat option for more than one directory).
.TP
+.BI \-E
+treat conflicting specifications as errors, such as where two hardlinks for
+the same inode have different contexts.
+.TP
.BI \-f \ infilename
.I infilename
contains a list of files to be processed. Use
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
index bc83c27b..16bd592c 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
@@ -48,8 +48,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name)
name, name);
} else {
fprintf(stderr,
- "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n"
- "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n"
+ "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n"
+ "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n"
"usage: %s -s [-diIDlmnpqvFW] spec_file\n"
"usage: %s -c policyfile spec_file\n",
name, name, name, name);
@@ -169,7 +169,7 @@ int main(int argc, char **argv)
const char *base;
int errors = 0;
const char *ropts = "e:f:hiIDlmno:pqrsvFRW0";
- const char *sopts = "c:de:f:hiIDlmno:pqr:svFR:W0";
+ const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0";
const char *opts;
union selinux_callback cb;
@@ -313,6 +313,10 @@ int main(int argc, char **argv)
r_opts.syslog_changes =
SELINUX_RESTORECON_SYSLOG_CHANGES;
break;
+ case 'E':
+ r_opts.conflict_error =
+ SELINUX_RESTORECON_CONFLICT_ERROR;
+ break;
case 'F':
r_opts.set_specctx =
SELINUX_RESTORECON_SET_SPECFILE_CTX;
--
2.21.1
