| Message ID | 1484339481-3260-1-git-send-email-sds@tycho.nsa.gov (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On 13/01/2017, Stephen Smalley <sds@tycho.nsa.gov> wrote: > $ touch /tmp/foo > $ chcon -t etc_t /tmp/foo > $ restorecon /tmp/foo > Warning no default label for /tmp/foo > $ restorecon -R /tmp/foo > Warning no default label for /tmp/foo > $ restorecon -R /tmp Thanks again! restorecon works as advertised. I notice there are some other spurious messages from fixfiles on master, which I didn't see before. I suspect in passing, you in particular might know where they came from :-P. Extract from `fixfiles check`: filespec hash table stats: 89 elements, 89/65536 buckets used, longest chain length 1 /dev/tty3 not reset as customized by admin to unconfined_u:object_r:user_tty_device_t:s0 /dev/tty2 not reset as customized by admin to unconfined_u:object_r:user_tty_device_t:s0 filespec hash table stats: 558 elements, 558/65536 buckets used, longest chain length 1 Messages about /dev/tty* are informative; statistics about hash tables are not. Testing method: * install selinux to ~/obj, according to README * backup /sbin/restorecon and /sbin/setfiles * overwrite them * run LD_LIBRARY_PATH=~/obj/lib fixfiles check (I believe fixfiles is running "/sbin/restorecon" or "/sbin/setfiles", regardless of the install location or current PATH). (I had some great undefined behaviour, before I realized I needed to set LD_LIBRARY_PATH. I've been spoilt by other projects, providing scripts that magically set LD_LIBRARY_PATH when you try to run something like restorecon from the build directory).
On Tue, 2017-01-17 at 15:30 +0000, Alan Jenkins wrote: > On 13/01/2017, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > > > $ touch /tmp/foo > > $ chcon -t etc_t /tmp/foo > > $ restorecon /tmp/foo > > Warning no default label for /tmp/foo > > $ restorecon -R /tmp/foo > > Warning no default label for /tmp/foo > > $ restorecon -R /tmp > > Thanks again! > > restorecon works as advertised. I notice there are some other > spurious messages from fixfiles on master, which I didn't see before. > I suspect in passing, you in particular might know where they came > from :-P. Extract from `fixfiles check`: > > filespec hash table stats: 89 elements, 89/65536 buckets used, > longest > chain length 1 Yes, I'll reduce that to debug level or drop it altogether. Also, should probably add a logging callback to setfiles/restorecon so that it can prepend any messages from libselinux with argv[0] so these don't show up with no indication of the program. > /dev/tty3 not reset as customized by admin to > unconfined_u:object_r:user_tty_device_t:s0 > /dev/tty2 not reset as customized by admin to > unconfined_u:object_r:user_tty_device_t:s0 > filespec hash table stats: 558 elements, 558/65536 buckets used, > longest chain length 1 > > Messages about /dev/tty* are informative; statistics about hash > tables are not. > > Testing method: > > * install selinux to ~/obj, according to README > * backup /sbin/restorecon and /sbin/setfiles > * overwrite them > * run LD_LIBRARY_PATH=~/obj/lib fixfiles check > > (I believe fixfiles is running "/sbin/restorecon" or > "/sbin/setfiles", > regardless of the install location or current PATH). > > (I had some great undefined behaviour, before I realized I needed to > set LD_LIBRARY_PATH. I've been spoilt by other projects, providing > scripts that magically set LD_LIBRARY_PATH when you try to run > something like restorecon from the build directory).
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index f5fa8f5..7020669 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -90,6 +90,7 @@ struct rest_flags { bool syslog_changes; bool log_matches; bool ignore_noent; + bool warnonnomatch; }; static void restorecon_init(void) @@ -613,7 +614,7 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, sb->st_mode); if (rc < 0) { - if (errno == ENOENT && flags->verbose && !flags->recurse) + if (errno == ENOENT && flags->warnonnomatch) selinux_log(SELINUX_INFO, "Warning no default label for %s\n", lookup_path); @@ -761,6 +762,7 @@ int selinux_restorecon(const char *pathname_orig, SELINUX_RESTORECON_LOG_MATCHES) ? true : false; flags.ignore_noent = (restorecon_flags & SELINUX_RESTORECON_IGNORE_NOENTRY) ? true : false; + flags.warnonnomatch = true; ignore_mounts = (restorecon_flags & SELINUX_RESTORECON_IGNORE_MOUNTS) ? true : false; @@ -983,7 +985,8 @@ int selinux_restorecon(const char *pathname_orig, default: error |= restorecon_sb(ftsent->fts_path, ftsent->fts_statp, &flags); - + if (flags.warnonnomatch) + flags.warnonnomatch = false; if (error && flags.abort_on_error) goto out; break;
$ touch /tmp/foo $ chcon -t etc_t /tmp/foo $ restorecon /tmp/foo Warning no default label for /tmp/foo $ restorecon -R /tmp/foo Warning no default label for /tmp/foo $ restorecon -R /tmp Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> --- libselinux/src/selinux_restorecon.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)