Folks, this patch adds and documents a "-x" option for restorecon
to prevent it from crossing file system boundaries, as requested
in github issue #208.
P
Signed-off-by: Peter Whittaker <pww@xxxxxxxxxxxx>
---
policycoreutils/setfiles/restorecon.8 | 7 +++++++
policycoreutils/setfiles/setfiles.c | 11 +++++++++--
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index bbfc83fe..0d1930de 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -13,6 +13,7 @@ restorecon \- restore file(s) default SELinux security contexts.
.RB [ \-F ]
.RB [ \-W ]
.RB [ \-I | \-D ]
+.RB [ \-x ]
.RB [ \-e
.IR directory ]
.IR pathname \ ...
@@ -31,6 +32,7 @@ restorecon \- restore file(s) default SELinux security contexts.
.RB [ \-F ]
.RB [ \-W ]
.RB [ \-I | \-D ]
+.RB [ \-x ]
.SH "DESCRIPTION"
This manual page describes the
@@ -153,6 +155,11 @@ option of GNU
.B find
produces input suitable for this mode.
.TP
+.B \-x
+prevent
+.B restorecon
+from crossing file system boundaries.
+.TP
.SH "ARGUMENTS"
.IR pathname \ ...
The pathname for the file(s) to be relabeled.
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
index 16bd592c..afd579e3 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
@@ -43,8 +43,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name)
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iIDFmnprRv0] [-e excludedir] pathname...\n"
- "usage: %s [-iIDFmnprRv0] [-e excludedir] -f filename\n",
+ "usage: %s [-iIDFmnprRv0x] [-e excludedir] pathname...\n"
+ "usage: %s [-iIDFmnprRv0x] [-e excludedir] -f filename\n",
name, name);
} else {
fprintf(stderr,
@@ -386,6 +386,13 @@ int main(int argc, char **argv)
case '0':
null_terminated = 1;
break;
+ case 'x':
+ if (iamrestorecon) {
+ r_opts.xdev = SELINUX_RESTORECON_XDEV;
+ } else {
+ usage(argv[0]);
+ }
+ break;
case 'h':
case '?':
usage(argv[0]);
--
2.20.1
