More /sbin/fixfiles oddities (was Re: fixfile.cron added.
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sat Jul 3 18:12:16 UTC 2004
On Thu, 01 Jul 2004 08:14:09 EDT, Daniel J Walsh <dwalsh at redhat.com> said:
> Todays policycoreutils has a new cron job, fixfiles.cron, that will run
> in /etc/cron.daily. This script will run a check on the file system on
> Suggestions on improvements? Comments?
1) /sbin/fixfiles ends up spewing to a logfile whether we want it or not:
logging to /var/tmp/fixfiles.byapo27529
and then it does a '| tee $LOGFILE'.
And after a few days, we have:
ls -l /var/tmp/fix*
-rw------- 1 root root 0 Jun 15 21:47 /var/tmp/fixfiles.FjBnJn1029
-rw------- 1 root root 3079 Jul 2 10:27 /var/tmp/fixfiles.SlZmt16952
-rw------- 1 root root 17899 Jul 3 04:20 /var/tmp/fixfiles.WBgGN24978
-rw------- 1 root root 0 Jul 3 13:48 /var/tmp/fixfiles.byapo27529
-rw------- 1 root root 0 Jun 15 21:49 /var/tmp/fixfiles.ffmJNN1054
-rw------- 1 root root 0 Jun 15 21:47 /var/tmp/fixfiles.xpFMrd1036
This wouldn't be so bad, if it was possible to get fixfiles.cron to
pass a '-l /dev/null' to /sbin/fixfiles or some other way to tell
/sbin/fixfiles that no, you didn't want a copy saved in a file (because
cron will save a copy, or you did a tee yourself, or....)
2) I can't convince myself that the following lines in /sbin/fixfiles are right:
restoreLabels () {
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
done
else
${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
$OUTFILES *twice*?
3) fixfiles didn't exhibit the 86K badcontexts issue when running from
a shell that had context=root:sysadm_r:sysadm_t. I'm wondering if it
got an odd context from cron which confused it. Film at 11 (or 4AM,
really)..I added a call to /usr/bin/id to /sbin/fixfiles so I find out...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040703/9b843a19/attachment.bin
More information about the selinux
mailing list