mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-23 13:53:26 +00:00
cce1729067
This is version 5 of the setfiles to fts patch. The code has been cleaned up to adhere to the CodingStyle guidelines. I have confirmed that the stat struct that fts returns for a symlink when using the FTS_PHYSICAL flag is in fact the stat struct for the symlink, not the file it points to (st_size is 8 bytes). Instead of using fts_path for getfilecon/setfilecon it now uses fts_accpath, which should be more efficient since fts walks the file hierarchy for us. FreeBSD setfsmac uses fts in a similar way to how this patch does and one thing that I took from it was to pass the FTSENT pointer around instead of the names, because although fts_accpath is more efficient for get/setfilecon, it is less helpful in verbose output (fts_path will give the entire path). Here is the output from running restorecon on / (nftw version) restorecon -Rv / 2>/dev/null restorecon reset /dev/pts/ptmx context system_u:object_r:devpts_t:s0->system_u:object_r:ptmx_t:s0 (new version) ./restorecon -Rv / 2>/dev/null ./restorecon reset /dev/pts/ptmx context system_u:object_r:devpts_t:s0->system_u:object_r:ptmx_t:s0 Here are some benchmarks each was run twice from a fresh boot in single user mode (shown are the second runs). (nftw version) restorecon -Rv /usr real 1m56.392s user 1m49.559s sys 0m6.012s (new version) ./restorecon -Rv /usr real 1m55.102s user 1m50.427s sys 0m4.656s So not much of a change, though some work has been pushed from kernel space to user space. It turns out setting the FTS_XDEV flag tells fts not to descend into directories with different device numbers, but fts will still give back the actual directory. I think nftw would completely avoid the directories as well as their contents. This patch fixed this issue by saving the device number of the directory that was passed to setfiles and then skipping all action on any directories with a different device number when the FTS_XDEV flag is set. Also removed some code that removed beginning and trailing slashes from paths, since fts seems to handle it. Signed-off-by: Thomas Liu <tliu@redhat.com> [sds: Moved local variable declarations to beginning of process_one.] Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
39 lines
866 B
Makefile
39 lines
866 B
Makefile
# Installation directories.
|
|
PREFIX ?= ${DESTDIR}/usr
|
|
SBINDIR ?= $(DESTDIR)/sbin
|
|
MANDIR = $(PREFIX)/share/man
|
|
LIBDIR ?= $(PREFIX)/lib
|
|
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
|
|
|
|
CFLAGS = -Werror -Wall -W
|
|
override CFLAGS += -I$(PREFIX)/include
|
|
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
|
|
|
|
ifeq (${AUDITH}, /usr/include/libaudit.h)
|
|
override CFLAGS += -DUSE_AUDIT
|
|
LDLIBS += -laudit
|
|
endif
|
|
|
|
all: setfiles restorecon
|
|
|
|
setfiles: setfiles.o
|
|
|
|
restorecon: setfiles
|
|
ln -sf setfiles restorecon
|
|
|
|
install: all
|
|
[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
|
|
-mkdir -p $(SBINDIR)
|
|
install -m 755 setfiles $(SBINDIR)
|
|
(cd $(SBINDIR) && ln -sf setfiles restorecon)
|
|
install -m 644 setfiles.8 restorecon.8 $(MANDIR)/man8
|
|
|
|
clean:
|
|
rm -f setfiles restorecon *.o
|
|
|
|
indent:
|
|
../../scripts/Lindent $(wildcard *.[ch])
|
|
|
|
relabel: install
|
|
/sbin/restorecon $(SBINDIR)/setfiles
|