From 526534e304324beba7b0c8552c73949694b48406 Mon Sep 17 00:00:00 2001 From: Richard Haines Date: Sat, 6 Jul 2019 16:21:15 +0100 Subject: [PATCH] setfiles: Update utilities for the new digest scheme Update restorecon_xattr and man pages for new digest scheme managed by selinux_restorecon(3). Note that the Russian man pages require updating. Signed-off-by: Richard Haines --- policycoreutils/setfiles/restorecon.8 | 10 +++++----- policycoreutils/setfiles/restorecon_xattr.8 | 20 +++++++++----------- policycoreutils/setfiles/restorecon_xattr.c | 2 +- policycoreutils/setfiles/setfiles.8 | 10 +++++----- 4 files changed, 20 insertions(+), 22 deletions(-) diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 index 0f81db45..bbfc83fe 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 @@ -100,7 +100,7 @@ section for further details. .B \-D Set or update any directory SHA1 digests. Use this option to enable usage of the -.IR security.restorecon_last +.IR security.sehash extended attribute. .TP .B \-m @@ -184,10 +184,10 @@ option to .B restorecon will cause it to store a SHA1 digest of the default specfiles set in an extended attribute named -.IR security.restorecon_last -on the directory specified in each +.IR security.sehash +on each directory specified in .IR pathname \ ... -once the relabeling has been completed successfully. This digest will be +once the relabeling has been completed successfully. These digests will be checked should .B restorecon .B \-D @@ -204,7 +204,7 @@ option will ignore the SHA1 digest from each directory specified in and provided the .B \-n option is NOT set and recursive mode is set, files will be relabeled as -required with the digest then being updated provided there are no errors. +required with the digests then being updated provided there are no errors. .SH "AUTHOR" This man page was written by Dan Walsh . diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8 index 65b28ea6..e04528e6 100644 --- a/policycoreutils/setfiles/restorecon_xattr.8 +++ b/policycoreutils/setfiles/restorecon_xattr.8 @@ -1,7 +1,7 @@ .TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command" .SH "NAME" restorecon_xattr \- manage -.I security.restorecon_last +.I security.sehash extended attribute entries added by .BR setfiles (8) or @@ -24,7 +24,7 @@ or .SH "DESCRIPTION" .B restorecon_xattr will display the SHA1 digests added to extended attributes -.I security.restorecon_last +.I security.sehash or delete the attribute completely. These attributes are set by .BR restorecon (8) or @@ -43,7 +43,7 @@ from. and .B TMPFS filesystems do not support the -.I security.restorecon_last +.I security.sehash extended attribute and are automatically excluded from searches. .sp By default @@ -62,12 +62,12 @@ option. .TP .B \-d delete all non-matching -.I security.restorecon_last +.I security.sehash directory digest entries. .TP .B \-D delete all -.I security.restorecon_last +.I security.sehash directory digest entries. .TP .B \-m @@ -87,7 +87,10 @@ Do not append "Match" or "No Match" to displayed digests. recursively descend directories. .TP .B \-v -display SHA1 digest generated by specfile set. +display SHA1 digest generated by specfile set (Note that this digest is not +used to match the +.I security.sehash +directory digest entries, and is shown for reference only). .TP .B \-e .I directory @@ -101,11 +104,6 @@ an optional .I specfile containing file context entries as described in .BR file_contexts (5). -This will be used by -.BR selabel_open (3) -to retrieve the set of labeling entries, with the SHA1 digest being -retrieved by -.BR selabel_digest (3). If the option is not specified, then the default file_contexts will be used. .SH "ARGUMENTS" diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c index 91c087fa..59b1f748 100644 --- a/policycoreutils/setfiles/restorecon_xattr.c +++ b/policycoreutils/setfiles/restorecon_xattr.c @@ -27,7 +27,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) "-D Delete all digest entries.\n\t" "-e Directory to exclude (repeat option for more than one directory).\n\t" "-f Optional specfile for calculating the digest.\n\t" - "pathname Path to search for xattr \"security.restorecon_last\" entries.\n\n", + "pathname Path to search for xattr \"security.sehash\" entries.\n\n", progname); exit(-1); } diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 index ccaaf4de..c9f8be06 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 @@ -90,7 +90,7 @@ section for further details. .B \-D Set or update any directory SHA1 digests. Use this option to enable usage of the -.IR security.restorecon_last +.IR security.sehash extended attribute. .TP .B \-l @@ -228,10 +228,10 @@ option to will cause it to store a SHA1 digest of the .B spec_file set in an extended attribute named -.IR security.restorecon_last -on the directory specified in each +.IR security.sehash +on each directory specified in .IR pathname \ ... -once the relabeling has been completed successfully. This digest will be +once the relabeling has been completed successfully. These digests will be checked should .B setfiles .B \-D @@ -250,7 +250,7 @@ option will ignore the SHA1 digest from each directory specified in .IR pathname \ ... and provided the .B \-n -option is NOT set, files will be relabeled as required with the digest then +option is NOT set, files will be relabeled as required with the digests then being updated provided there are no errors. .SH "AUTHOR"