[V4,2/2] setfiles: Update utilities for the new digest scheme

Commit Message

Richard Haines July 6, 2019, 3:21 p.m. UTC

Update restorecon_xattr and man pages for new digest scheme
managed by selinux_restorecon(3).

Note that the Russian man pages require updating.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
V2 Change
Keep restorecon(8) and setfiles(8) as they were for compatibility

 policycoreutils/setfiles/restorecon.8       | 10 +++++-----
 policycoreutils/setfiles/restorecon_xattr.8 | 20 +++++++++-----------
 policycoreutils/setfiles/restorecon_xattr.c |  2 +-
 policycoreutils/setfiles/setfiles.8         | 10 +++++-----
 4 files changed, 20 insertions(+), 22 deletions(-)

Patch

diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 0f81db4..bbfc83f 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -100,7 +100,7 @@  section for further details.
 .B \-D
 Set or update any directory SHA1 digests. Use this option to
 enable usage of the
-.IR security.restorecon_last
+.IR security.sehash
 extended attribute.
 .TP
 .B \-m
@@ -184,10 +184,10 @@  option to
 .B restorecon
 will cause it to store a SHA1 digest of the default specfiles set in an extended
 attribute named
-.IR security.restorecon_last
-on the directory specified in each
+.IR security.sehash
+on each directory specified in
 .IR pathname \ ...
-once the relabeling has been completed successfully. This digest will be
+once the relabeling has been completed successfully. These digests will be
 checked should
 .B restorecon
 .B \-D
@@ -204,7 +204,7 @@  option will ignore the SHA1 digest from each directory specified in
 and provided the
 .B \-n
 option is NOT set and recursive mode is set, files will be relabeled as
-required with the digest then being updated provided there are no errors.
+required with the digests then being updated provided there are no errors.
 
 .SH "AUTHOR"
 This man page was written by Dan Walsh <dwalsh@redhat.com>.
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
index 65b28ea..e04528e 100644
--- a/policycoreutils/setfiles/restorecon_xattr.8
+++ b/policycoreutils/setfiles/restorecon_xattr.8
@@ -1,7 +1,7 @@ 
 .TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command"
 .SH "NAME"
 restorecon_xattr \- manage
-.I security.restorecon_last
+.I security.sehash
 extended attribute entries added by
 .BR setfiles (8)
 or
@@ -24,7 +24,7 @@  or
 .SH "DESCRIPTION"
 .B restorecon_xattr
 will display the SHA1 digests added to extended attributes
-.I security.restorecon_last
+.I security.sehash
 or delete the attribute completely. These attributes are set by
 .BR restorecon (8)
 or
@@ -43,7 +43,7 @@  from.
 and
 .B TMPFS
 filesystems do not support the
-.I security.restorecon_last
+.I security.sehash
 extended attribute and are automatically excluded from searches.
 .sp
 By default
@@ -62,12 +62,12 @@  option.
 .TP
 .B \-d
 delete all non-matching
-.I security.restorecon_last
+.I security.sehash
 directory digest entries.
 .TP
 .B \-D
 delete all
-.I security.restorecon_last
+.I security.sehash
 directory digest entries.
 .TP
 .B \-m
@@ -87,7 +87,10 @@  Do not append "Match" or "No Match" to displayed digests.
 recursively descend directories.
 .TP
 .B \-v
-display SHA1 digest generated by specfile set.
+display SHA1 digest generated by specfile set (Note that this digest is not
+used to match the
+.I security.sehash
+directory digest entries, and is shown for reference only).
 .TP
 .B \-e
 .I directory
@@ -101,11 +104,6 @@  an optional
 .I specfile
 containing file context entries as described in
 .BR file_contexts (5).
-This will be used by
-.BR selabel_open (3)
-to retrieve the set of labeling entries, with the SHA1 digest being
-retrieved by
-.BR selabel_digest (3).
 If the option is not specified, then the default file_contexts will be used.
 
 .SH "ARGUMENTS"
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
index 91c087f..59b1f74 100644
--- a/policycoreutils/setfiles/restorecon_xattr.c
+++ b/policycoreutils/setfiles/restorecon_xattr.c
@@ -27,7 +27,7 @@  static __attribute__((__noreturn__)) void usage(const char *progname)
 		"-D  Delete all digest entries.\n\t"
 		"-e  Directory to exclude (repeat option for more than one directory).\n\t"
 		"-f  Optional specfile for calculating the digest.\n\t"
-		"pathname  Path to search for xattr \"security.restorecon_last\" entries.\n\n",
+		"pathname  Path to search for xattr \"security.sehash\" entries.\n\n",
 		progname);
 	exit(-1);
 }
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index ccaaf4d..c9f8be0 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -90,7 +90,7 @@  section for further details.
 .B \-D
 Set or update any directory SHA1 digests. Use this option to
 enable usage of the
-.IR security.restorecon_last
+.IR security.sehash
 extended attribute.
 .TP
 .B \-l
@@ -228,10 +228,10 @@  option to
 will cause it to store a SHA1 digest of the
 .B spec_file
 set in an extended attribute named
-.IR security.restorecon_last
-on the directory specified in each
+.IR security.sehash
+on each directory specified in
 .IR pathname \ ...
-once the relabeling has been completed successfully. This digest will be
+once the relabeling has been completed successfully. These digests will be
 checked should
 .B setfiles
 .B \-D
@@ -250,7 +250,7 @@  option will ignore the SHA1 digest from each directory specified in
 .IR pathname \ ...
 and provided the
 .B \-n
-option is NOT set, files will be relabeled as required with the digest then
+option is NOT set, files will be relabeled as required with the digests then
 being updated provided there are no errors.
 
 .SH "AUTHOR"