[policycoreutils] Allow setfiles and restorecon to use labeledprefix to speed up processing and limit memory.
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Sep 2 13:24:54 UTC 2011
commit 04b2851781cad3d913b55ce69f2846c9bb7a2c77
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Sep 2 09:24:40 2011 -0400
Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
policycoreutils-rhat.patch | 108 +++++++++++++++++++++++++++++++++++++++++---
policycoreutils.spec | 10 +++-
2 files changed, 109 insertions(+), 9 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 4fbb0d2..0b2ed9f 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -2855,7 +2855,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
-index 0140cd2..656a028 100644
+index 0140cd2..2c0cfdd 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -20,6 +20,7 @@
@@ -2984,6 +2984,12 @@ index 0140cd2..656a028 100644
except ValueError, error:
errorExit(error.args[0])
except KeyError, error:
+@@ -564,3 +575,5 @@ Object-specific Options (see above):
+ errorExit(error.args[1])
+ except OSError, error:
+ errorExit(error.args[1])
++ except RuntimeError, error:
++ errorExit(error.args[0])
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 6842b07..7f11c4e 100644
--- a/policycoreutils/semanage/seobject.py
@@ -3681,26 +3687,116 @@ index ac27222..fb8eaf9 100644
};
void restore_init(struct restore_opts *opts);
+diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
+index c8ea4bb..6cb7d3d 100644
+--- a/policycoreutils/setfiles/restorecon.8
++++ b/policycoreutils/setfiles/restorecon.8
+@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
+
+ .SH "SYNOPSIS"
+ .B restorecon
+-.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname...
++.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] [\-L labelprefix ] pathname...
+ .P
+ .B restorecon
+-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F]
++.I \-f infilename [\-o outfilename ] [\-e directory ] [\-L labelprefix ] [\-R] [\-n] [\-p] [\-v] [\-F]
+
+ .SH "DESCRIPTION"
+ This manual page describes the
+@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s
+ .B \-e directory
+ directory to exclude (repeat option for more than one directory.)
+ .TP
++.B \-L labelprefix
++Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
++
++# restorecon -R -v -L /dev /dev
++
++.TP
+ .B \-R \-r
+ change files and directories file labels recursively
+ .TP
+diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
+index 7f700ca..c77431a 100644
+--- a/policycoreutils/setfiles/setfiles.8
++++ b/policycoreutils/setfiles/setfiles.8
+@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
+
+ .SH "SYNOPSIS"
+ .B setfiles
+-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
++.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
+ .SH "DESCRIPTION"
+ This manual page describes the
+ .BR setfiles
+@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.)
+ .B \-F
+ Force reset of context to match file_context for customizable files
+ .TP
++.B \-L labelprefix
++Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
++.TP
+ .B \-o filename
+ save list of files with incorrect context in filename.
+ .TP
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
-index fa0cd6a..81c6c13 100644
+index fa0cd6a..eb8a7aa 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
+@@ -39,7 +39,7 @@ void usage(const char *const name)
+ {
+ if (iamrestorecon) {
+ fprintf(stderr,
+- "usage: %s [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
++ "usage: %s [-iFnprRv0] [ -L labelprefix ] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ name);
+ } else {
+ fprintf(stderr,
@@ -217,7 +217,7 @@ int main(int argc, char **argv)
exclude_non_seclabel_mounts();
/* Process any options. */
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
-+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) {
++ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FL:RW0")) > 0) {
switch (opt) {
case 'c':
{
-@@ -280,6 +280,9 @@ int main(int argc, char **argv)
+@@ -280,6 +280,23 @@ int main(int argc, char **argv)
case 'n':
r_opts.change = 0;
break;
-+ case 'S':
-+ r_opts.selabel_opt_subset = optarg;
++ case 'L':
++ if (r_opts.selabel_opt_subset) {
++ if (asprintf((char**) &(r_opts.selabel_opt_subset),"%s;%s",r_opts.selabel_opt_subset,optarg) < 0) {
++ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
++ optarg, strerror(errno));
++ exit(1);
++ }
++ }
++ else {
++ r_opts.selabel_opt_subset = strdup(optarg);
++ if (! r_opts.selabel_opt_subset) {
++ fprintf(stderr, "Can't allocate memory for labeling prefix %s:%s\n",
++ optarg, strerror(errno));
++ exit(1);
++ }
++ }
+ break;
case 'o':
if (strcmp(optarg, "-") == 0) {
r_opts.outfile = stdout;
+@@ -433,7 +450,11 @@ int main(int argc, char **argv)
+ if (r_opts.outfile)
+ fclose(r_opts.outfile);
+
+- if (r_opts.progress && r_opts.count >= STAR_COUNT)
+- printf("\n");
++ if (r_opts.progress && r_opts.count >= STAR_COUNT)
++ printf("\n");
++
++ free(r_opts.progname);
++ free(r_opts.selabel_opt_subset);
++ free(r_opts.rootpath);
+ exit(errors);
+ }
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 6ace70d..64ec931 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,13 +1,13 @@
%define libauditver 1.4.2-1
%define libsepolver 2.1.2-1
%define libsemanagever 2.1.2-1
-%define libselinuxver 2.1.5-1
+%define libselinuxver 2.1.5-2
%define sepolgenver 1.1.1
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.5
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -221,7 +221,7 @@ or level of a logged in user.
Summary: SELinux configuration GUI
Group: System Environment/Base
Requires: policycoreutils-python = %{version}-%{release}
-Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
+Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas, gtkhtml2
Requires: usermode-gtk
Requires: setools-console
Requires: selinux-policy
@@ -352,6 +352,10 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Fri Sep 2 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-2
+- Allow setfiles and restorecon to use labeledprefix to speed up processing
+and limit memory.
+
* Tue Aug 30 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-1
-Update to upstream
* policycoreutils
More information about the scm-commits
mailing list