Author: Daniel J Walsh

Email: dwalsh@redhat.com Subject: Several fixes to restorecond Date: Tue, 17 Feb 2009 11:40:54 -0500 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Init script should be 755 libflashplayer.so has moved in the homedir and is now correct so no longer needs to have labeling checked. restorecond supports glob matching and should not complain on multiple hard links if they match a glob. So if a file has > 1 link and is an exact match complain, otherwise do not. Also fix a couple of error messages. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkma6JYACgkQrlYvE4MpobOoIACfUgUfpCuhvVTWyHgsq7/8hY0z 9WcAmgPK2KktAlY84HhtRmdu/Hy+9eE/ =zcCj -----END PGP SIGNATURE----- Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-02-17 11:42:15 -05:00 · 2009-02-17 11:42:15 -05:00 · be583ce332
parent f7917ea9cf
commit be583ce332
5 changed files with 16 additions and 13 deletions
--- a/policycoreutils/restorecond/Makefile
+++ b/policycoreutils/restorecond/Makefile
@ -20,7 +20,7 @@ install: all
 	install -m 755 restorecond $(SBINDIR)
 	install -m 644 restorecond.8 $(MANDIR)/man8
 	-mkdir -p $(INITDIR)
-	install -m 644 restorecond.init $(INITDIR)/restorecond
+	install -m 755 restorecond.init $(INITDIR)/restorecond
 	-mkdir -p $(SELINUXDIR)
 	install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf

--- a/policycoreutils/restorecond/restorecond.c
+++ b/policycoreutils/restorecond/restorecond.c
@ -1,7 +1,7 @@
 /*
 * restorecond
 *
- * Copyright (C) 2006 Red Hat 
+ * Copyright (C) 2006-2009 Red Hat 
 * see file 'COPYING' for use and warranty information
 *
 * This program is free software; you can redistribute it and/or
@ -75,7 +75,7 @@ static int terminate = 0;
 static int debug_mode = 0;
 static int verbose_mode = 0;

-static void restore(const char *filename);
+static void restore(const char *filename, int exact);

 struct watchList {
 	struct watchList *next;
@ -113,12 +113,13 @@ static int watch_list_find(int wd, const char *file)
 		printf("%d: File=%s\n", wd, file);
 	while (ptr != NULL) {
 		if (ptr->wd == wd) {
-			if (strings_list_find(ptr->files, file) == 0) {
+			int exact=0;
+			if (strings_list_find(ptr->files, file, &exact) == 0) {
 				char *path = NULL;
 				if (asprintf(&path, "%s/%s", ptr->dir, file) <
 				    0)
 					exitApp("Error allocating memory.");
-				restore(path);
+				restore(path, exact);
 				free(path);
 				return 0;
 			}
@ -155,7 +156,7 @@ static void watch_list_free(int fd)
   Set the file context to the default file context for this system.
   Same as restorecon.
 */
-static void restore(const char *filename)
+static void restore(const char *filename, int exact)
 {
 	int retcontext = 0;
 	security_context_t scontext = NULL;
@ -181,9 +182,11 @@ static void restore(const char *filename)
 	}

 	if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
-		syslog(LOG_ERR,
-		       "Will not restore a file with more than one hard link (%s) %s\n",
-		       filename, strerror(errno));
+		if (exact) { 
+			syslog(LOG_ERR,
+			       "Will not restore a file with more than one hard link (%s) %s\n",
+			       filename, strerror(errno));
+		}
 		close(fd);
 		return;
 	}
@ -398,7 +401,7 @@ void watch_list_add(int fd, const char *path)
 	char *file = basename(path);
 	ptr = firstDir;

-	restore(path);
+	restore(path, 1);

 	while (ptr != NULL) {
 		if (strcmp(dir, ptr->dir) == 0) {
--- a/policycoreutils/restorecond/restorecond.conf
+++ b/policycoreutils/restorecond/restorecond.conf
@ -5,4 +5,3 @@
 /var/run/utmp
 /var/log/wtmp
 ~/*
-~/.mozilla/plugins/libflashplayer.so
--- a/policycoreutils/restorecond/stringslist.c
+++ b/policycoreutils/restorecond/stringslist.c
@ -55,9 +55,10 @@ void strings_list_add(struct stringsList **list, const char *string)
 		*list = newptr;
 }

-int strings_list_find(struct stringsList *ptr, const char *string)
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
 {
 	while (ptr) {
+		*exact = strcmp(ptr->string, string) == 0;
 		int cmp = fnmatch(ptr->string, string, 0);
 		if (cmp == 0) 
 			return 0;	/* Match found */
--- a/policycoreutils/restorecond/stringslist.h
+++ b/policycoreutils/restorecond/stringslist.h
@ -31,7 +31,7 @@ struct stringsList {
 void strings_list_free(struct stringsList *list);
 void strings_list_add(struct stringsList **list, const char *string);
 void strings_list_print(struct stringsList *list);
-int strings_list_find(struct stringsList *list, const char *string);
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
 int strings_list_diff(struct stringsList *from, struct stringsList *to);

 #endif