Author: Daniel J Walsh

Email: dwalsh@redhat.com
Subject: Add glob support for restorecond
Date: Mon, 08 Sep 2008 15:03:51 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have added supported for GLOB expressions in restorecond.  In order to
get nsplugin to work well, you need all of the contents of the homedir
labeled correctly.  Unfortunately gnome creates directories at a fairly
random pace.  FCFS.  So it is very difficult to get transitions to
happen properly.  As a tradeoff, we can use restorecond to watch the
homedir and relabel the directory when it is created.  I know this is a
potential race condition. where some of the files created in the
directory will still have the wrong context, but I don't know of a
better solution.

Telling everyone they need to restorcon -R -v ~ is not a great solution.
 If you are worried about information flow you should never rely on
restorecond.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjFdxcACgkQrlYvE4MpobPtjACg3uyqaHD78FRxdaG5mfitnoB/
lh0AnjvfDC2vmCWisxzWq2qFsZMMu3XK
=JiG7
-----END PGP SIGNATURE-----

Signed-off-by: Joshua Brindle <method@manicmethod.com>

policycoreutils/restorecond/restorecond.conf

@@ -1,7 +1,8 @@
+/etc/services
 /etc/resolv.conf
 /etc/samba/secrets.tdb
 /etc/mtab
 /var/run/utmp
 /var/log/wtmp
-~/public_html
+~/*
 ~/.mozilla/plugins/libflashplayer.so

policycoreutils/restorecond/stringslist.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006 Red Hat 
+ * Copyright (C) 2006, 2008 Red Hat 
  * see file 'COPYING' for use and warranty information
  *
  * This program is free software; you can redistribute it and/or
@@ -27,6 +27,7 @@
 #include <stdlib.h>
 #include "stringslist.h"
 #include "restorecond.h"
+#include <fnmatch.h>
 
 /* Sorted lists */
 void strings_list_add(struct stringsList **list, const char *string)
@@ -57,11 +58,9 @@ void strings_list_add(struct stringsList **list, const char *string)
 int strings_list_find(struct stringsList *ptr, const char *string)
 {
 	while (ptr) {
-		int cmp = strcmp(string, ptr->string);
+		int cmp = fnmatch(ptr->string, string, 0);
-		if (cmp < 0)
+		if (cmp == 0) 
-			return -1;	/* Not on list break out to add */
+			return 0;	/* Match found */
-		if (cmp == 0)
-			return 0;	/* Already on list */
 		ptr = ptr->next;
 	}
 	return -1;
@@ -120,6 +119,7 @@ int main(int argc, char **argv)
 	if (strings_list_diff(list, list1) == 0)
 		printf("strings_list_diff test2 bug\n");
 	strings_list_add(&list1, "/etc/walsh");
+	strings_list_add(&list1, "/etc/walsh/*");
 	strings_list_add(&list1, "/etc/resolv.conf");
 	strings_list_add(&list1, "/etc/mtab1");
 	if (strings_list_diff(list, list1) == 0)
@@ -127,6 +127,7 @@ int main(int argc, char **argv)
 	printf("strings list\n");
 	strings_list_print(list);
 	printf("strings list1\n");
+	strings_list_find(list1, "/etc/walsh/dan");
 	strings_list_print(list1);
 	strings_list_free(list);
 	strings_list_free(list1);