| Message ID | 20200608162010.122077-1-pww@edgekeep.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] Add restorecon -x option to not cross FS boundaries | expand |
On Mon, Jun 8, 2020 at 12:21 PM Peter Whittaker <pww@edgekeep.com> wrote: > > Fixes: https://github.com/SELinuxProject/selinux/issues/208 > > Signed-off-by: Peter Whittaker <pww@edgekeep.com> Only question I had is about the order of options in the usage and man pages but that's a nit and doesn't seem terribly consistent currently. Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Yeah, I wondered about that, couldn't see a reasonable pattern, and put it in where it seemed, uh, least awkward? Thanks for your patience on getting this built, it was an education! P Peter Whittaker EdgeKeep Inc. www.edgekeep.com +1 613 864 5337 +1 613 864 KEEP On Tue, Jun 9, 2020 at 7:56 AM Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > > On Mon, Jun 8, 2020 at 12:21 PM Peter Whittaker <pww@edgekeep.com> wrote: > > > > Fixes: https://github.com/SELinuxProject/selinux/issues/208 > > > > Signed-off-by: Peter Whittaker <pww@edgekeep.com> > > Only question I had is about the order of options in the usage and man > pages but that's a nit and doesn't seem > terribly consistent currently. > > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
On Tue, Jun 09, 2020 at 10:29:30AM -0400, Peter Whittaker wrote: > Yeah, I wondered about that, couldn't see a reasonable pattern, and > put it in where it seemed, uh, least awkward? > > Thanks for your patience on getting this built, it was an education! > Applied, thanks! > > Peter Whittaker > EdgeKeep Inc. > www.edgekeep.com > +1 613 864 5337 > +1 613 864 KEEP > > > On Tue, Jun 9, 2020 at 7:56 AM Stephen Smalley > <stephen.smalley.work@gmail.com> wrote: > > > > On Mon, Jun 8, 2020 at 12:21 PM Peter Whittaker <pww@edgekeep.com> wrote: > > > > > > Fixes: https://github.com/SELinuxProject/selinux/issues/208 > > > > > > Signed-off-by: Peter Whittaker <pww@edgekeep.com> > > > > Only question I had is about the order of options in the usage and man > > pages but that's a nit and doesn't seem > > terribly consistent currently. > > > > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> >
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 index bbfc83fe..0d1930de 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 @@ -13,6 +13,7 @@ restorecon \- restore file(s) default SELinux security contexts. .RB [ \-F ] .RB [ \-W ] .RB [ \-I | \-D ] +.RB [ \-x ] .RB [ \-e .IR directory ] .IR pathname \ ... @@ -31,6 +32,7 @@ restorecon \- restore file(s) default SELinux security contexts. .RB [ \-F ] .RB [ \-W ] .RB [ \-I | \-D ] +.RB [ \-x ] .SH "DESCRIPTION" This manual page describes the @@ -153,6 +155,11 @@ option of GNU .B find produces input suitable for this mode. .TP +.B \-x +prevent +.B restorecon +from crossing file system boundaries. +.TP .SH "ARGUMENTS" .IR pathname \ ... The pathname for the file(s) to be relabeled. diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index 16bd592c..ed67b5f1 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -43,8 +43,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name) { if (iamrestorecon) { fprintf(stderr, - "usage: %s [-iIDFmnprRv0] [-e excludedir] pathname...\n" - "usage: %s [-iIDFmnprRv0] [-e excludedir] -f filename\n", + "usage: %s [-iIDFmnprRv0x] [-e excludedir] pathname...\n" + "usage: %s [-iIDFmnprRv0x] [-e excludedir] -f filename\n", name, name); } else { fprintf(stderr, @@ -168,7 +168,7 @@ int main(int argc, char **argv) size_t buf_len; const char *base; int errors = 0; - const char *ropts = "e:f:hiIDlmno:pqrsvFRW0"; + const char *ropts = "e:f:hiIDlmno:pqrsvFRW0x"; const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0"; const char *opts; union selinux_callback cb; @@ -386,6 +386,13 @@ int main(int argc, char **argv) case '0': null_terminated = 1; break; + case 'x': + if (iamrestorecon) { + r_opts.xdev = SELINUX_RESTORECON_XDEV; + } else { + usage(argv[0]); + } + break; case 'h': case '?': usage(argv[0]);
Fixes: https://github.com/SELinuxProject/selinux/issues/208 Signed-off-by: Peter Whittaker <pww@edgekeep.com> --- policycoreutils/setfiles/restorecon.8 | 7 +++++++ policycoreutils/setfiles/setfiles.c | 13 ++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-)