My test infrastructure has been, uh, limited, so far (working with some, uh, restrictions). I'll take the time to build a complete test system, reapply, test, then resubmit. Thanks for the advice on including the URL, much cleaner. Thanks, P Peter Whittaker EdgeKeep Inc. www.edgekeep.com +1 613 864 5337 +1 613 864 KEEP On Fri, May 29, 2020 at 10:22 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Tue, May 26, 2020 at 1:04 PM Peter Whittaker <pww@xxxxxxxxxxxx> wrote: > > > > Folks, this patch adds and documents a "-x" option for restorecon > > to prevent it from crossing file system boundaries, as requested > > in github issue #208. > > > > P > > > > Signed-off-by: Peter Whittaker <pww@xxxxxxxxxxxx> > > You didn't update the actual ropts string so restorecon -x fails even > after this patch. > Did you test your change? > In your patch description, you can put the following line before your > Signed-off-by > and drop the separate references to github issue #208 in the subject > line and body: > Fixes: https://github.com/SELinuxProject/selinux/issues/208 > > > --- > > policycoreutils/setfiles/restorecon.8 | 7 +++++++ > > policycoreutils/setfiles/setfiles.c | 11 +++++++++-- > > 2 files changed, 16 insertions(+), 2 deletions(-) > > > > diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 > > index bbfc83fe..0d1930de 100644 > > --- a/policycoreutils/setfiles/restorecon.8 > > +++ b/policycoreutils/setfiles/restorecon.8 > > @@ -13,6 +13,7 @@ restorecon \- restore file(s) default SELinux security contexts. > > .RB [ \-F ] > > .RB [ \-W ] > > .RB [ \-I | \-D ] > > +.RB [ \-x ] > > .RB [ \-e > > .IR directory ] > > .IR pathname \ ... > > @@ -31,6 +32,7 @@ restorecon \- restore file(s) default SELinux security contexts. > > .RB [ \-F ] > > .RB [ \-W ] > > .RB [ \-I | \-D ] > > +.RB [ \-x ] > > > > .SH "DESCRIPTION" > > This manual page describes the > > @@ -153,6 +155,11 @@ option of GNU > > .B find > > produces input suitable for this mode. > > .TP > > +.B \-x > > +prevent > > +.B restorecon > > +from crossing file system boundaries. > > +.TP > > .SH "ARGUMENTS" > > .IR pathname \ ... > > The pathname for the file(s) to be relabeled. > > diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c > > index 16bd592c..afd579e3 100644 > > --- a/policycoreutils/setfiles/setfiles.c > > +++ b/policycoreutils/setfiles/setfiles.c > > @@ -43,8 +43,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name) > > { > > if (iamrestorecon) { > > fprintf(stderr, > > - "usage: %s [-iIDFmnprRv0] [-e excludedir] pathname...\n" > > - "usage: %s [-iIDFmnprRv0] [-e excludedir] -f filename\n", > > + "usage: %s [-iIDFmnprRv0x] [-e excludedir] pathname...\n" > > + "usage: %s [-iIDFmnprRv0x] [-e excludedir] -f filename\n", > > name, name); > > } else { > > fprintf(stderr, > > @@ -386,6 +386,13 @@ int main(int argc, char **argv) > > case '0': > > null_terminated = 1; > > break; > > + case 'x': > > + if (iamrestorecon) { > > + r_opts.xdev = SELINUX_RESTORECON_XDEV; > > + } else { > > + usage(argv[0]); > > + } > > + break; > > case 'h': > > case '?': > > usage(argv[0]); > > -- > > 2.20.1 > >
