Author: Daniel J Walsh

Email: dwalsh@redhat.com Subject: patch to policycoreutils Date: Wed, 01 Apr 2009 10:10:43 -0400 Multiple patches to policycoreutils. First added /root/.ssh and /root/.ssh/* to allow people to place keys in /root directory and have them labeled by restorcond <snipdue to previously ack'd patch> Clean up permissive domains creation in semanage so it does not leave crap in /var/lib/selinux --- Also have fixfiles operate recursively when in RPM mode, per: Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Re: patch to policycoreutils Date: Wed, 22 Apr 2009 21:50:48 -0400 If a package owned a directory like /var/lib/libvirt/images, when it is relabeling we would want it to relabel not only the directory but the contents of the directory Signed-off-by: Chad Sellers <csellers@tresys.com>
2009-04-10 19:17:47 -04:00 · 2009-04-10 19:17:47 -04:00 · b6a1a954f5
parent 7e3311a9a7
commit b6a1a954f5
3 changed files with 13 additions and 5 deletions
--- a/policycoreutils/restorecond/restorecond.conf
+++ b/policycoreutils/restorecond/restorecond.conf
@ -5,3 +5,7 @@
 /var/run/utmp
 /var/log/wtmp
 ~/*
+/root/.ssh
+/root/.ssh/*
+
+
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@ -122,7 +122,7 @@ if [ ! -z "$PREFC" ]; then
 fi
 if [ ! -z "$RPMFILES" ]; then
    for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
-	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
+	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
    done
    exit $?
 fi
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@ -339,6 +339,7 @@ class permissiveRecords(semanageRecords):


 	def add(self, type):
+               import glob
               name = "permissive_%s" % type
               dirname = "/var/lib/selinux"
               os.chdir(dirname)
@ -362,16 +363,19 @@ permissive %s;
               fd.close()

               rc = semanage_module_install(self.sh, data, len(data));
-               if rc < 0:
-			raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
-
-               self.commit()
+               if rc >= 0:
+                      self.commit()

               for root, dirs, files in os.walk("tmp", topdown=False):
                      for name in files:
                             os.remove(os.path.join(root, name))
                      for name in dirs:
                             os.rmdir(os.path.join(root, name))
+               os.removedirs("tmp")
+               for i in glob.glob("permissive_%s.*" % type):
+                      os.remove(i)
+               if rc < 0:
+			raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)

 	def delete(self, name):
               for n in name.split():