2008-08-19 19:30:36 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
# fixfiles
|
|
|
|
|
#
|
|
|
|
|
# Script to restore labels on a SELinux box
|
|
|
|
|
#
|
2013-10-09 21:43:52 +00:00
|
|
|
# Copyright (C) 2004-2013 Red Hat, Inc.
|
2008-08-19 19:30:36 +00:00
|
|
|
# Authors: Dan Walsh <dwalsh@redhat.com>
|
|
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
2017-05-07 11:05:52 +00:00
|
|
|
set -o nounset
|
|
|
|
|
|
2011-07-10 14:09:11 +00:00
|
|
|
#
|
|
|
|
|
# seclabel support was added in 2.6.30. This function will return a positive
|
|
|
|
|
# number if the current kernel version is greater than 2.6.30, a negative
|
|
|
|
|
# number if the current is less than 2.6.30 and 0 if they are the same.
|
|
|
|
|
#
|
|
|
|
|
function useseclabel {
|
2013-10-09 21:43:52 +00:00
|
|
|
VER=`uname -r`
|
|
|
|
|
SUP=2.6.30
|
|
|
|
|
expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \
|
|
|
|
|
'(' "$VER.0" : '[^.]*[.]\([^.]*\)' ')' '-' '(' "$SUP.0" : '[^.]*[.]\([^.]*\)' ')' '|' \
|
|
|
|
|
'(' "$VER.0.0" : '[^.]*[.][^.]*[.]\([^.]*\)' ')' '-' '(' "$SUP.0.0" : '[^.]*[.][^.]*[.]\([^.]*\)' ')'
|
2011-07-10 14:09:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Get all mount points that support labeling. Use the 'seclabel' field if it
|
|
|
|
|
# is available. Else fall back to known fs types which likely support xattrs
|
|
|
|
|
# and we know were not context mounted.
|
|
|
|
|
#
|
|
|
|
|
get_all_labeled_mounts() {
|
|
|
|
|
FS="`cat /proc/self/mounts | sort | uniq | awk '{print $2}'`"
|
|
|
|
|
for i in $FS; do
|
|
|
|
|
if [ `useseclabel` -ge 0 ]
|
|
|
|
|
then
|
|
|
|
|
grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)seclabel(,|$)' && echo $i
|
|
|
|
|
else
|
|
|
|
|
grep " $i " /proc/self/mounts | grep -v "context=" | egrep --silent '(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs )' && echo $i
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
get_rw_labeled_mounts() {
|
|
|
|
|
FS=`get_all_labeled_mounts | sort | uniq`
|
|
|
|
|
for i in $FS; do
|
|
|
|
|
grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)rw(,|$)' && echo $i
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
get_ro_labeled_mounts() {
|
|
|
|
|
FS=`get_all_labeled_mounts | sort | uniq`
|
|
|
|
|
for i in $FS; do
|
|
|
|
|
grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)ro(,|$)' && echo $i
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-10 18:32:47 +00:00
|
|
|
#
|
2019-08-05 20:11:20 +00:00
|
|
|
# Get the default label returned from the kernel for a file with a label the
|
2011-08-10 18:32:47 +00:00
|
|
|
# kernel does not understand
|
|
|
|
|
#
|
|
|
|
|
get_undefined_type() {
|
|
|
|
|
SELINUXMNT=`grep selinuxfs /proc/self/mountinfo | head -1 | awk '{ print $5 }'`
|
|
|
|
|
cat ${SELINUXMNT}/initial_contexts/unlabeled | secon -t
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Get the default label for a file without a label
|
|
|
|
|
#
|
|
|
|
|
get_unlabeled_type() {
|
|
|
|
|
SELINUXMNT=`grep selinuxfs /proc/self/mountinfo | head -1 | awk '{ print $5 }'`
|
2013-10-09 21:43:52 +00:00
|
|
|
cat $SELINUXMNT/initial_contexts/file | secon -t
|
2011-08-10 18:32:47 +00:00
|
|
|
}
|
|
|
|
|
|
2011-07-10 12:14:14 +00:00
|
|
|
exclude_dirs_from_relabelling() {
|
|
|
|
|
exclude_from_relabelling=
|
|
|
|
|
if [ -e /etc/selinux/fixfiles_exclude_dirs ]
|
|
|
|
|
then
|
2013-10-09 21:43:52 +00:00
|
|
|
while read i
|
|
|
|
|
do
|
|
|
|
|
# skip blank line and comment
|
|
|
|
|
# skip not absolute path
|
|
|
|
|
# skip not directory
|
|
|
|
|
[ -z "${i}" ] && continue
|
2017-05-07 11:05:49 +00:00
|
|
|
[[ "${i}" =~ ^[[:blank:]]*# ]] && continue
|
2013-10-09 21:43:52 +00:00
|
|
|
[[ ! "${i}" =~ ^/.* ]] && continue
|
|
|
|
|
[[ ! -d "${i}" ]] && continue
|
|
|
|
|
exclude_from_relabelling="$exclude_from_relabelling -e $i"
|
|
|
|
|
done < /etc/selinux/fixfiles_exclude_dirs
|
2011-07-10 12:14:14 +00:00
|
|
|
fi
|
|
|
|
|
echo "$exclude_from_relabelling"
|
|
|
|
|
}
|
|
|
|
|
|
2008-08-19 19:30:36 +00:00
|
|
|
#
|
|
|
|
|
# Set global Variables
|
|
|
|
|
#
|
|
|
|
|
fullFlag=0
|
2013-01-25 22:30:06 +00:00
|
|
|
BOOTTIME=""
|
2012-02-03 16:56:39 +00:00
|
|
|
VERBOSE="-p"
|
2008-08-19 19:30:36 +00:00
|
|
|
FORCEFLAG=""
|
2017-05-07 11:05:52 +00:00
|
|
|
RPMFILES=""
|
|
|
|
|
PREFC=""
|
2019-09-24 19:08:53 +00:00
|
|
|
RESTORE_MODE=""
|
2008-08-19 19:30:36 +00:00
|
|
|
SETFILES=/sbin/setfiles
|
|
|
|
|
RESTORECON=/sbin/restorecon
|
2011-07-10 14:09:11 +00:00
|
|
|
FILESYSTEMSRW=`get_rw_labeled_mounts`
|
|
|
|
|
FILESYSTEMSRO=`get_ro_labeled_mounts`
|
2008-08-19 19:30:36 +00:00
|
|
|
SELINUXTYPE="targeted"
|
|
|
|
|
if [ -e /etc/selinux/config ]; then
|
|
|
|
|
. /etc/selinux/config
|
2013-10-09 21:43:52 +00:00
|
|
|
FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
|
2008-08-19 19:30:36 +00:00
|
|
|
else
|
|
|
|
|
FC=/etc/security/selinux/file_contexts
|
|
|
|
|
fi
|
|
|
|
|
|
2017-05-04 17:01:20 +00:00
|
|
|
#
|
|
|
|
|
# Log all Read Only file systems
|
|
|
|
|
#
|
|
|
|
|
LogReadOnly() {
|
|
|
|
|
if [ ! -z "$FILESYSTEMSRO" ]; then
|
policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.
Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.
https://bugzilla.redhat.com/show_bug.cgi?id=131707
In the current version, none of these original reasons for `-l` remain.
The logfile is not created by default. If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty. If
stdin is not a tty, the log defaults to /dev/null.
When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell. She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.
I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`. Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable). exclude_dirs_from_relabelling() was such a function.
I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.
There is a simple solution. We can write the log messages to standard
output. When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.
This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not. There were no comments to explain these distinctions.
2017-05-04 17:01:22 +00:00
|
|
|
echo "Warning: Skipping the following R/O filesystems:"
|
|
|
|
|
echo "$FILESYSTEMSRO"
|
2017-05-04 17:01:20 +00:00
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-04 17:01:21 +00:00
|
|
|
#
|
|
|
|
|
# Log directories excluded from relabelling by configuration file
|
|
|
|
|
#
|
|
|
|
|
LogExcluded() {
|
|
|
|
|
for i in ${EXCLUDEDIRS//-e / }; do
|
policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.
Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.
https://bugzilla.redhat.com/show_bug.cgi?id=131707
In the current version, none of these original reasons for `-l` remain.
The logfile is not created by default. If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty. If
stdin is not a tty, the log defaults to /dev/null.
When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell. She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.
I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`. Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable). exclude_dirs_from_relabelling() was such a function.
I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.
There is a simple solution. We can write the log messages to standard
output. When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.
This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not. There were no comments to explain these distinctions.
2017-05-04 17:01:22 +00:00
|
|
|
echo "skipping the directory $i"
|
2017-05-04 17:01:21 +00:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-25 22:30:06 +00:00
|
|
|
#
|
|
|
|
|
# Find files newer then the passed in date and fix the label
|
|
|
|
|
#
|
|
|
|
|
newer() {
|
|
|
|
|
DATE=$1
|
2016-08-09 13:24:15 +00:00
|
|
|
shift
|
2017-05-04 17:01:20 +00:00
|
|
|
LogReadOnly
|
2013-01-25 22:30:06 +00:00
|
|
|
for m in `echo $FILESYSTEMSRW`; do
|
2016-08-09 13:24:15 +00:00
|
|
|
find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} $* -i -0 -f -
|
2013-01-25 22:30:06 +00:00
|
|
|
done;
|
|
|
|
|
}
|
|
|
|
|
|
2008-08-19 19:30:36 +00:00
|
|
|
#
|
2013-10-09 21:43:52 +00:00
|
|
|
# Compare PREVious File Context to currently installed File Context and
|
2008-08-19 19:30:36 +00:00
|
|
|
# run restorecon on all files affected by the differences.
|
|
|
|
|
#
|
|
|
|
|
diff_filecontext() {
|
2017-05-04 17:01:21 +00:00
|
|
|
EXCLUDEDIRS="`exclude_dirs_from_relabelling`"
|
2017-05-04 17:01:19 +00:00
|
|
|
for i in /sys /proc /dev /run /mnt /var/tmp /var/lib/BackupPC /home /tmp /dev; do
|
2017-05-04 17:01:21 +00:00
|
|
|
[ -e $i ] && EXCLUDEDIRS="${EXCLUDEDIRS} -e $i";
|
2017-05-04 17:01:19 +00:00
|
|
|
done
|
2017-05-04 17:01:21 +00:00
|
|
|
LogExcluded
|
2017-05-04 17:01:19 +00:00
|
|
|
|
2008-08-19 19:30:36 +00:00
|
|
|
if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
|
|
|
|
TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
|
|
|
|
|
test -z "$TEMPFILE" && exit
|
|
|
|
|
PREFCTEMPFILE=`mktemp ${PREFC}.XXXXXXXXXX`
|
|
|
|
|
sed -r -e 's,:s0, ,g' $PREFC | sort -u > ${PREFCTEMPFILE}
|
|
|
|
|
sed -r -e 's,:s0, ,g' $FC | sort -u | \
|
|
|
|
|
/usr/bin/diff -b ${PREFCTEMPFILE} - | \
|
|
|
|
|
grep '^[<>]'|cut -c3-| grep ^/ | \
|
|
|
|
|
egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
|
|
|
|
|
sed -r -e 's,[[:blank:]].*,,g' \
|
2013-10-09 21:43:52 +00:00
|
|
|
-e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
|
2008-08-19 19:30:36 +00:00
|
|
|
-e 's|([/[:alnum:]])\?|{\1,}|g' \
|
2013-10-09 21:43:52 +00:00
|
|
|
-e 's|\?.*|*|g' \
|
|
|
|
|
-e 's|\{.*|*|g' \
|
2008-08-19 19:30:36 +00:00
|
|
|
-e 's|\(.*|*|g' \
|
|
|
|
|
-e 's|\[.*|*|g' \
|
2013-10-09 21:43:52 +00:00
|
|
|
-e 's|\.\*.*|*|g' \
|
|
|
|
|
-e 's|\.\+.*|*|g' | \
|
2008-08-19 19:30:36 +00:00
|
|
|
# These two sorts need to be separate commands \
|
|
|
|
|
sort -u | \
|
|
|
|
|
sort -d | \
|
2013-10-09 21:43:52 +00:00
|
|
|
while read pattern ; \
|
2008-08-19 19:30:36 +00:00
|
|
|
do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
|
2013-10-09 21:43:52 +00:00
|
|
|
echo "$pattern"; \
|
|
|
|
|
case "$pattern" in *"*") \
|
|
|
|
|
echo "$pattern" | sed -e 's,^,^,' -e 's,\*$,,g' >> ${TEMPFILE};;
|
|
|
|
|
esac; \
|
|
|
|
|
fi; \
|
|
|
|
|
done | \
|
2017-05-07 11:05:56 +00:00
|
|
|
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f -; \
|
2008-08-19 19:30:36 +00:00
|
|
|
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rpmlist() {
|
|
|
|
|
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
|
|
|
|
|
[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-09 21:43:52 +00:00
|
|
|
#
|
2008-08-19 19:30:36 +00:00
|
|
|
# restore
|
|
|
|
|
# if called with -n will only check file context
|
|
|
|
|
#
|
|
|
|
|
restore () {
|
2013-10-09 21:43:52 +00:00
|
|
|
OPTION=$1
|
|
|
|
|
shift
|
|
|
|
|
|
2019-09-24 19:08:53 +00:00
|
|
|
# [-B | -N time ]
|
|
|
|
|
if [ -n "$BOOTTIME" ]; then
|
2017-05-07 11:05:52 +00:00
|
|
|
newer $BOOTTIME $*
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
return
|
2019-09-24 19:08:53 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# -C PREVIOUS_FILECONTEXT
|
|
|
|
|
if [ "$RESTORE_MODE" == PREFC ]; then
|
|
|
|
|
diff_filecontext $*
|
|
|
|
|
return
|
|
|
|
|
fi
|
2017-05-07 11:05:52 +00:00
|
|
|
|
2009-11-03 15:37:13 +00:00
|
|
|
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
2017-05-04 17:01:20 +00:00
|
|
|
|
2017-05-04 17:01:21 +00:00
|
|
|
EXCLUDEDIRS="`exclude_dirs_from_relabelling`"
|
|
|
|
|
LogExcluded
|
|
|
|
|
|
2017-05-07 11:05:52 +00:00
|
|
|
case "$RESTORE_MODE" in
|
|
|
|
|
RPMFILES)
|
|
|
|
|
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
2017-05-07 11:05:56 +00:00
|
|
|
rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f -
|
2017-05-07 11:05:52 +00:00
|
|
|
done
|
|
|
|
|
;;
|
|
|
|
|
FILEPATH)
|
2017-05-07 11:05:56 +00:00
|
|
|
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
|
2017-05-07 11:05:52 +00:00
|
|
|
;;
|
2019-09-24 19:08:53 +00:00
|
|
|
*)
|
2017-05-07 11:05:52 +00:00
|
|
|
if [ -n "${FILESYSTEMSRW}" ]; then
|
|
|
|
|
LogReadOnly
|
|
|
|
|
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
|
2017-05-07 11:05:56 +00:00
|
|
|
${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
|
2017-05-07 11:05:52 +00:00
|
|
|
else
|
|
|
|
|
echo >&2 "fixfiles: No suitable file systems found"
|
|
|
|
|
fi
|
|
|
|
|
if [ ${OPTION} != "Relabel" ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
echo "Cleaning up labels on /tmp"
|
|
|
|
|
rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
|
|
|
|
|
|
|
|
|
|
UNDEFINED=`get_undefined_type` || exit $?
|
|
|
|
|
UNLABELED=`get_unlabeled_type` || exit $?
|
|
|
|
|
find /tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) \( -type s -o -type p \) -delete
|
2017-06-16 08:29:59 +00:00
|
|
|
find /tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --no-dereference --reference /tmp {} \;
|
|
|
|
|
find /var/tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --no-dereference --reference /var/tmp {} \;
|
|
|
|
|
find /var/run \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --no-dereference --reference /var/run {} \;
|
|
|
|
|
[ ! -e /var/lib/debug ] || find /var/lib/debug \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --no-dereference --reference /lib {} \;
|
2017-05-07 11:05:52 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
2008-08-19 19:30:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fullrelabel() {
|
policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.
Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.
https://bugzilla.redhat.com/show_bug.cgi?id=131707
In the current version, none of these original reasons for `-l` remain.
The logfile is not created by default. If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty. If
stdin is not a tty, the log defaults to /dev/null.
When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell. She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.
I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`. Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable). exclude_dirs_from_relabelling() was such a function.
I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.
There is a simple solution. We can write the log messages to standard
output. When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.
This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not. There were no comments to explain these distinctions.
2017-05-04 17:01:22 +00:00
|
|
|
echo "Cleaning out /tmp"
|
2011-07-10 11:27:11 +00:00
|
|
|
find /tmp/ -mindepth 1 -delete
|
2013-10-09 21:43:52 +00:00
|
|
|
restore Relabel
|
2008-08-19 19:30:36 +00:00
|
|
|
}
|
|
|
|
|
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
|
2008-08-19 19:30:36 +00:00
|
|
|
relabel() {
|
2019-09-24 19:08:53 +00:00
|
|
|
if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
usage
|
|
|
|
|
exit 1
|
2008-08-19 19:30:36 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ $fullFlag == 1 ]; then
|
|
|
|
|
fullrelabel
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
return
|
2008-08-19 19:30:36 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo -n "
|
2013-10-09 21:43:52 +00:00
|
|
|
Files in the /tmp directory may be labeled incorrectly, this command
|
|
|
|
|
can remove all files in /tmp. If you choose to remove files from /tmp,
|
2008-08-19 19:30:36 +00:00
|
|
|
a reboot will be required after completion.
|
2013-10-09 21:43:52 +00:00
|
|
|
|
2008-08-19 19:30:36 +00:00
|
|
|
Do you wish to clean out the /tmp directory [N]? "
|
|
|
|
|
read answer
|
2013-10-09 21:43:52 +00:00
|
|
|
if [ "$answer" = y -o "$answer" = Y ]; then
|
2008-08-19 19:30:36 +00:00
|
|
|
fullrelabel
|
|
|
|
|
else
|
2013-10-09 21:43:52 +00:00
|
|
|
restore Relabel
|
2008-08-19 19:30:36 +00:00
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
process() {
|
|
|
|
|
#
|
|
|
|
|
# Make sure they specified one of the three valid commands
|
|
|
|
|
#
|
|
|
|
|
case "$1" in
|
2013-10-09 21:43:52 +00:00
|
|
|
restore) restore Relabel;;
|
|
|
|
|
check) VERBOSE="-v"; restore Check -n;;
|
2019-09-24 06:41:30 +00:00
|
|
|
verify) VERBOSE="-v"; restore Verify -n;;
|
2008-08-19 19:30:36 +00:00
|
|
|
relabel) relabel;;
|
|
|
|
|
onboot)
|
2019-09-24 19:08:53 +00:00
|
|
|
if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
usage
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2018-05-12 12:43:09 +00:00
|
|
|
> /.autorelabel || exit $?
|
2013-01-25 22:30:06 +00:00
|
|
|
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
|
|
|
|
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
2019-09-24 19:08:54 +00:00
|
|
|
# Force full relabel if SELinux is not enabled
|
|
|
|
|
selinuxenabled || echo -F > /.autorelabel
|
2008-08-19 19:30:36 +00:00
|
|
|
echo "System will relabel on next boot"
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
usage
|
|
|
|
|
exit 1
|
|
|
|
|
esac
|
|
|
|
|
}
|
|
|
|
|
usage() {
|
2013-10-09 21:43:52 +00:00
|
|
|
echo $"""
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
Usage: $0 [-v] [-F] [-f] relabel
|
|
|
|
|
or
|
|
|
|
|
Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify }
|
2017-05-07 11:05:52 +00:00
|
|
|
or
|
policycoreutils: fixfiles: remove bad modes of "relabel" command
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be intentional.
* `fixfiles relabel path1 path2` is the same, except it would only relabel
the first path.
* `fixfiles -R ... relabel` was equivalent to `fixfiles -R ... restore`,
again contradicting the man page.
Also `fixfiles onboot` would ignore paths, -C, or -R.
fixfiles is mostly for users, where it should be acceptable to remove these
non-sensical combinations.
`fixfiles -C` is used in selinux-policy rpm install scripts. However I
believe the rpms used `fixfiles -C previouscontext restore`, and did not
either require user interaction or blow away /tmp without prompting. So
they should still work fine.
With these combinations removed, we can remove the `exit` calls which were
seen in some of the (non-error) code paths in `restore()`.
Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-05-07 11:05:54 +00:00
|
|
|
Usage: $0 [-v] [-F] { check | restore | verify } dir/file ...
|
2009-11-03 15:37:13 +00:00
|
|
|
or
|
policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.
Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.
https://bugzilla.redhat.com/show_bug.cgi?id=131707
In the current version, none of these original reasons for `-l` remain.
The logfile is not created by default. If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty. If
stdin is not a tty, the log defaults to /dev/null.
When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell. She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.
I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`. Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable). exclude_dirs_from_relabelling() was such a function.
I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.
There is a simple solution. We can write the log messages to standard
output. When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.
This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not. There were no comments to explain these distinctions.
2017-05-04 17:01:22 +00:00
|
|
|
Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify }
|
2009-11-03 15:37:13 +00:00
|
|
|
or
|
2013-10-09 21:43:52 +00:00
|
|
|
Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
|
2009-11-03 15:37:13 +00:00
|
|
|
or
|
2013-10-09 21:43:52 +00:00
|
|
|
Usage: $0 [-F] [-B] onboot
|
2009-11-03 15:37:13 +00:00
|
|
|
"""
|
2008-08-19 19:30:36 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-07 11:05:52 +00:00
|
|
|
if [ $# -eq 0 ]; then
|
2008-08-19 19:30:36 +00:00
|
|
|
usage
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2017-05-07 11:05:52 +00:00
|
|
|
set_restore_mode() {
|
2019-09-24 19:08:53 +00:00
|
|
|
if [ -n "$RESTORE_MODE" ]; then
|
2017-05-07 11:05:52 +00:00
|
|
|
# can't specify two different modes
|
|
|
|
|
usage
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
RESTORE_MODE="$1"
|
|
|
|
|
}
|
|
|
|
|
|
2008-08-19 19:30:36 +00:00
|
|
|
# See how we were called.
|
2013-01-25 22:30:06 +00:00
|
|
|
while getopts "N:BC:FfR:l:v" i; do
|
2008-08-19 19:30:36 +00:00
|
|
|
case "$i" in
|
2013-01-25 22:30:06 +00:00
|
|
|
B)
|
|
|
|
|
BOOTTIME=`/bin/who -b | awk '{print $3}'`
|
2019-09-24 19:08:53 +00:00
|
|
|
set_restore_mode DEFAULT
|
2013-01-25 22:30:06 +00:00
|
|
|
;;
|
2017-05-07 11:05:52 +00:00
|
|
|
N)
|
|
|
|
|
BOOTTIME=$OPTARG
|
|
|
|
|
set_restore_mode BOOTTIME
|
2012-02-03 16:56:39 +00:00
|
|
|
;;
|
2013-10-09 21:43:52 +00:00
|
|
|
R)
|
2008-08-19 19:30:36 +00:00
|
|
|
RPMFILES=$OPTARG
|
2017-05-07 11:05:52 +00:00
|
|
|
set_restore_mode RPMFILES
|
|
|
|
|
;;
|
|
|
|
|
C)
|
|
|
|
|
PREFC=$OPTARG
|
|
|
|
|
set_restore_mode PREFC
|
|
|
|
|
;;
|
|
|
|
|
v)
|
|
|
|
|
VERBOSE="-v"
|
2008-08-19 19:30:36 +00:00
|
|
|
;;
|
2013-10-09 21:43:52 +00:00
|
|
|
l)
|
policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.
Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.
https://bugzilla.redhat.com/show_bug.cgi?id=131707
In the current version, none of these original reasons for `-l` remain.
The logfile is not created by default. If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty. If
stdin is not a tty, the log defaults to /dev/null.
When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell. She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.
I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`. Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable). exclude_dirs_from_relabelling() was such a function.
I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.
There is a simple solution. We can write the log messages to standard
output. When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.
This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not. There were no comments to explain these distinctions.
2017-05-04 17:01:22 +00:00
|
|
|
# Old scripts use obsolete option `-l logfile`
|
|
|
|
|
echo "Redirecting output to $OPTARG"
|
|
|
|
|
exec >>"$OPTARG" 2>&1
|
2008-08-19 19:30:36 +00:00
|
|
|
;;
|
|
|
|
|
F)
|
|
|
|
|
FORCEFLAG="-F"
|
|
|
|
|
;;
|
2017-05-07 11:05:52 +00:00
|
|
|
f)
|
|
|
|
|
fullFlag=1
|
2013-01-25 22:30:06 +00:00
|
|
|
;;
|
2008-08-19 19:30:36 +00:00
|
|
|
*)
|
|
|
|
|
usage
|
|
|
|
|
exit 1
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
# Move out processed options from arguments
|
|
|
|
|
shift $(( OPTIND - 1 ))
|
|
|
|
|
|
|
|
|
|
# Check for the command
|
2017-05-07 11:05:52 +00:00
|
|
|
if [ $# -eq 0 ]; then
|
2008-08-19 19:30:36 +00:00
|
|
|
usage
|
2017-05-07 11:05:50 +00:00
|
|
|
exit 1
|
2008-08-19 19:30:36 +00:00
|
|
|
fi
|
2017-05-07 11:05:52 +00:00
|
|
|
command="$1"
|
2008-08-19 19:30:36 +00:00
|
|
|
|
|
|
|
|
# Move out command from arguments
|
|
|
|
|
shift
|
|
|
|
|
|
2017-05-07 11:05:52 +00:00
|
|
|
if [ $# -gt 0 ]; then
|
|
|
|
|
set_restore_mode FILEPATH
|
|
|
|
|
while [ $# -gt 0 ]; do
|
|
|
|
|
FILEPATH="$1"
|
|
|
|
|
process "$command" || exit $?
|
|
|
|
|
shift
|
|
|
|
|
done
|
2008-08-19 19:30:36 +00:00
|
|
|
else
|
2017-05-07 11:05:52 +00:00
|
|
|
process "$command"
|
2008-08-19 19:30:36 +00:00
|
|
|
fi
|
2017-05-07 11:05:52 +00:00
|
|
|
|
