[policycoreutils] Allow setfiles and restorecon to use labeledprefix to speed up processing and limit memory.

Daniel J Walsh dwalsh at fedoraproject.org
Fri Sep 2 13:24:54 UTC 2011 

commit 04b2851781cad3d913b55ce69f2846c9bb7a2c77
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Sep 2 09:24:40 2011 -0400

    Allow setfiles and restorecon to use labeledprefix to speed up processing
    and limit memory.

 policycoreutils-rhat.patch |  108 +++++++++++++++++++++++++++++++++++++++++---
 policycoreutils.spec       |   10 +++-
 2 files changed, 109 insertions(+), 9 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 4fbb0d2..0b2ed9f 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -2855,7 +2855,7 @@ index 0000000..e2befdb
 +      packages=["policycoreutils"],
 +)
 diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
-index 0140cd2..656a028 100644
+index 0140cd2..2c0cfdd 100644
 --- a/policycoreutils/semanage/semanage
 +++ b/policycoreutils/semanage/semanage
 @@ -20,6 +20,7 @@
@@ -2984,6 +2984,12 @@ index 0140cd2..656a028 100644
  	except ValueError, error:
  		errorExit(error.args[0])
  	except KeyError, error:
+@@ -564,3 +575,5 @@ Object-specific Options (see above):
+ 		errorExit(error.args[1])
+ 	except OSError, error:
+ 		errorExit(error.args[1])
++	except RuntimeError, error:
++		errorExit(error.args[0])
 diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
 index 6842b07..7f11c4e 100644
 --- a/policycoreutils/semanage/seobject.py
@@ -3681,26 +3687,116 @@ index ac27222..fb8eaf9 100644
  };
  
  void restore_init(struct restore_opts *opts);
+diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
+index c8ea4bb..6cb7d3d 100644
+--- a/policycoreutils/setfiles/restorecon.8
++++ b/policycoreutils/setfiles/restorecon.8
+@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
+ 
+ .SH "SYNOPSIS"
+ .B restorecon
+-.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname...
++.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] [\-L labelprefix ] pathname...
+ .P
+ .B restorecon
+-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F]
++.I \-f infilename [\-o outfilename ] [\-e directory ] [\-L labelprefix ] [\-R] [\-n] [\-p] [\-v] [\-F]
+ 
+ .SH "DESCRIPTION"
+ This manual page describes the
+@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s
+ .B \-e directory
+ directory to exclude (repeat option for more than one directory.)
+ .TP 
++.B \-L labelprefix
++Tells selinux to only use the file context that match this prefix for labeling,  -L can be called multiple times.  Can speed up labeling if you are only doing one directory.
++
++# restorecon -R -v -L /dev /dev
++
++.TP 
+ .B \-R \-r
+ change files and directories file labels recursively
+ .TP 
+diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
+index 7f700ca..c77431a 100644
+--- a/policycoreutils/setfiles/setfiles.8
++++ b/policycoreutils/setfiles/setfiles.8
+@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
+ 
+ .SH "SYNOPSIS"
+ .B setfiles
+-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
++.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
+ .SH "DESCRIPTION"
+ This manual page describes the
+ .BR setfiles
+@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.)
+ .B \-F
+ Force reset of context to match file_context for customizable files
+ .TP 
++.B \-L labelprefix
++Tells selinux to only use the file context that match this prefix for labeling,  -L can be called multiple times.  Can speed up labeling if you are only doing one directory.
++.TP 
+ .B \-o filename
+ save list of files with incorrect context in filename.
+ .TP 
 diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
-index fa0cd6a..81c6c13 100644
+index fa0cd6a..eb8a7aa 100644
 --- a/policycoreutils/setfiles/setfiles.c
 +++ b/policycoreutils/setfiles/setfiles.c
+@@ -39,7 +39,7 @@ void usage(const char *const name)
+ {
+ 	if (iamrestorecon) {
+ 		fprintf(stderr,
+-			"usage:  %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
++			"usage:  %s [-iFnprRv0] [ -L labelprefix ] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ 			name);
+ 	} else {
+ 		fprintf(stderr,
 @@ -217,7 +217,7 @@ int main(int argc, char **argv)
  	exclude_non_seclabel_mounts();
  
  	/* Process any options. */
 -	while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
-+	while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) {
++	while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FL:RW0")) > 0) {
  		switch (opt) {
  		case 'c':
  			{
-@@ -280,6 +280,9 @@ int main(int argc, char **argv)
+@@ -280,6 +280,23 @@ int main(int argc, char **argv)
  		case 'n':
  			r_opts.change = 0;
  			break;
-+		case 'S':
-+			r_opts.selabel_opt_subset = optarg;
++		case 'L':
++			if (r_opts.selabel_opt_subset) {
++				if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
++					fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
++					optarg, strerror(errno));
++					exit(1);
++				}
++			}
++			else {
++				r_opts.selabel_opt_subset = strdup(optarg);
++				if (! r_opts.selabel_opt_subset) {
++					fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
++					optarg, strerror(errno));
++					exit(1);
++				}
++			}
 +			break;
  		case 'o':
  			if (strcmp(optarg, "-") == 0) {
  				r_opts.outfile = stdout;
+@@ -433,7 +450,11 @@ int main(int argc, char **argv)
+ 	if (r_opts.outfile)
+ 		fclose(r_opts.outfile);
+ 
+-       if (r_opts.progress && r_opts.count >= STAR_COUNT)
+-               printf("\n");
++	if (r_opts.progress && r_opts.count >= STAR_COUNT)
++		printf("\n");
++
++	free(r_opts.progname);
++	free(r_opts.selabel_opt_subset);
++	free(r_opts.rootpath);
+ 	exit(errors);
+ }
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 6ace70d..64ec931 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,13 +1,13 @@
 %define	libauditver	1.4.2-1
 %define libsepolver 	2.1.2-1
 %define	libsemanagever	2.1.2-1
-%define	libselinuxver	2.1.5-1
+%define	libselinuxver	2.1.5-2
 %define	sepolgenver	1.1.1
 
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -221,7 +221,7 @@ or level of a logged in user.
 Summary: SELinux configuration GUI
 Group: System Environment/Base
 Requires: policycoreutils-python = %{version}-%{release} 
-Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas 
+Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas, gtkhtml2
 Requires: usermode-gtk 
 Requires: setools-console
 Requires: selinux-policy
@@ -352,6 +352,10 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Fri Sep 2 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-2
+- Allow setfiles and restorecon to use labeledprefix to speed up processing 
+and limit memory.
+
 * Tue Aug 30 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-1
 -Update to upstream
    * policycoreutils

More information about the scm-commits mailing list