More /sbin/fixfiles oddities (was Re: fixfile.cron added.

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sat Jul 3 18:12:16 UTC 2004


On Thu, 01 Jul 2004 08:14:09 EDT, Daniel J Walsh <dwalsh at redhat.com>  said:
> Todays policycoreutils has a new cron job, fixfiles.cron, that will run 
> in /etc/cron.daily.   This script will run a check on the file system on 

> Suggestions on improvements?  Comments?

1) /sbin/fixfiles ends up spewing to a logfile whether we want it or not:

logging to /var/tmp/fixfiles.byapo27529
and then it does a '| tee $LOGFILE'.

And after a few days, we have:

 ls -l /var/tmp/fix*
-rw-------  1 root root     0 Jun 15 21:47 /var/tmp/fixfiles.FjBnJn1029
-rw-------  1 root root  3079 Jul  2 10:27 /var/tmp/fixfiles.SlZmt16952
-rw-------  1 root root 17899 Jul  3 04:20 /var/tmp/fixfiles.WBgGN24978
-rw-------  1 root root     0 Jul  3 13:48 /var/tmp/fixfiles.byapo27529
-rw-------  1 root root     0 Jun 15 21:49 /var/tmp/fixfiles.ffmJNN1054
-rw-------  1 root root     0 Jun 15 21:47 /var/tmp/fixfiles.xpFMrd1036

This wouldn't be so bad, if it was possible to get fixfiles.cron to
pass a '-l /dev/null' to /sbin/fixfiles or some other way to tell
/sbin/fixfiles that no, you didn't want a copy saved in a file (because
cron will save a copy, or you did a tee yourself, or....)

2) I can't convince myself that the following lines in /sbin/fixfiles are right:

restoreLabels () {
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
    for i in `echo $1 | sed 's/,/ /g'`; do
        rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
    done
else
    ${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}

$OUTFILES *twice*?

3) fixfiles didn't exhibit the 86K badcontexts issue when running from
a shell that had context=root:sysadm_r:sysadm_t.  I'm wondering if it
got an odd context from cron which confused it.  Film at 11 (or 4AM,
really)..I added a call to /usr/bin/id to /sbin/fixfiles so I find out...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040703/9b843a19/attachment.bin 


More information about the selinux mailing list