In the old fixfiles we had to make sure we only attempted to relabel
files that were on file systems that supported extended attributes.
With the new restorecon, we no longer need this.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
clean up /var/run and /var/lib/debug just like we do for /tmp and
/var/tmp since they can easily get unlabeled files.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
We cannot reasonably relabel pipes and sockets in /tmp to tmp_t so just
delete them instead of trying to put and unuable label.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
fixfiles uses a find command then than pipes that to rm -f. Just use
the find delete predicate instead of causing all of those extra calls to
rm.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Fix the page to point to the the seusers file, not the seuser file.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
SELinux pythons applications should not allow the user to change the
sys.path
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Email: dwalsh@redhat.com
Subject: chcat fixes
Date: Thu, 21 May 2009 08:13:26 -0400
On 05/20/2009 04:05 PM, Chad Sellers wrote:
> On 5/20/09 3:00 PM, "Daniel J Walsh"<dwalsh@redhat.com> wrote:
>
>> Expansion of categores is still broken. Here is a patch to fix.
>>
> This message appears to be missing a patch.
>
> Thanks,
> Chad
>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
Email: dwalsh@redhat.com
Subject: Add btrfs to fixfiles.
Date: Wed, 20 May 2009 15:02:33 -0400
Hopefully the last time we will ever need to update. Once patch gets
out with kernel support to tell me which file systems support xattr, we
can remove this hack.
Signed-off-by: Joshua Brindle <method@manicmethod.com>
Email: dwalsh@redhat.com
Subject: patch to policycoreutils
Date: Wed, 01 Apr 2009 10:10:43 -0400
Multiple patches to policycoreutils.
First added /root/.ssh and /root/.ssh/* to allow people to place keys
in /root directory and have them labeled by restorcond
<snipdue to previously ack'd patch>
Clean up permissive domains creation in semanage so it does not leave
crap in /var/lib/selinux
---
Also have fixfiles operate recursively when in RPM mode, per:
Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Re: patch to policycoreutils
Date: Wed, 22 Apr 2009 21:50:48 -0400
If a package owned a directory like /var/lib/libvirt/images, when it is
relabeling we would want it to relabel not only the directory but the
contents of the directory
Signed-off-by: Chad Sellers <csellers@tresys.com>
