libselinux python binding of restorecon different from restorecon command

Paul Howarth paul at city-fan.org
Tue Nov 29 16:35:25 UTC 2011 

On 11/29/2011 04:10 PM, Daniel J Walsh wrote:
> On 11/29/2011 07:14 AM, Paul Howarth wrote:
>> I maintain a local RPM package repository and have a "newrepo"
>> script that assembles the repository, calls createrepo and repoview
>> etc.
>>
>> During the script it runs "restorecon" on all of the files in the
>> repo to make sure that they have the correct contexts to be
>> accessible via http etc.
>>
>> A few weeks ago I rewrote the script in python and decided to use
>> the libselinux-python binding (this is on F16) for the "restorecon"
>> call. Around the same time I noticed that my backups were getting a
>> lot bigger but I've only just discovered why. If I use the shell
>> command "restorecon -rvF /path/to/dir", and it doesn't need to
>> change anything, the ctime of the dirs/files concerned remain
>> unchanged. However, if I use the python binding, the ctime is
>> updated. So I've backing up the entire repository on each
>> incremental backup :-(
>>
>> [paul at zion ~]$ ls -l --time=ctime
>> /home/paul/cfo-repo/drivers/advansys/ total 11896 -rw-rw-r--. 1
>> paul paul  649700 Nov 29 11:54 advansys-driverdisk.zip -rw-rw-r--.
>> 1 paul paul 4175872 Nov 29 11:54 advansys-fc2-boot.iso -rw-rw-r--.
>> 2 paul paul  108723 Nov 29 11:54 dkms-2.2.0.2-1.noarch.rpm
>> -rw-rw-r--. 2 paul paul  132593 Nov 29 11:54
>> dkms-2.2.0.2-1.src.rpm -rw-rw-r--. 1 paul paul   10400 Nov 29 11:54
>> HEADER.html -rw-rw-r--. 1 paul paul  287602 Nov 29 11:54
>> kernel-advansys-0.9.1-1dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 228573 Nov 29 11:54 kernel-advansys-0.9.1-1dkms.src.rpm -rw-rw-r--.
>> 1 paul paul  620915 Nov 29 11:54
>> kernel-advansys-0.9.2-1dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 457045 Nov 29 11:54 kernel-advansys-0.9.2-1dkms.src.rpm -rw-rw-r--.
>> 1 paul paul  607931 Nov 29 11:54
>> kernel-advansys-0.9.3-2dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 461727 Nov 29 11:54 kernel-advansys-0.9.3-2dkms.src.rpm -rw-r--r--.
>> 1 paul paul 1234354 Nov 29 11:54
>> kernel-advansys-0.9.4-1dkms.noarch.rpm -rw-r--r--. 1 paul paul
>> 907444 Nov 29 11:54 kernel-advansys-0.9.4-1dkms.src.rpm -rw-rw-r--.
>> 2 paul paul 1286253 Nov 29 11:54
>> kernel-advansys-0.9.5-1dkms.noarch.rpm -rw-rw-r--. 2 paul paul
>> 981819 Nov 29 11:54 kernel-advansys-0.9.5-1dkms.src.rpm [paul at zion
>> ~]$ date; restorecon -rvF /home/paul/cfo-repo/drivers/advansys/;
>> date Tue Nov 29 12:02:54 GMT 2011 Tue Nov 29 12:02:54 GMT 2011
>> [paul at zion ~]$ ls -l --time=ctime
>> /home/paul/cfo-repo/drivers/advansys/ total 11896 -rw-rw-r--. 1
>> paul paul  649700 Nov 29 11:54 advansys-driverdisk.zip -rw-rw-r--.
>> 1 paul paul 4175872 Nov 29 11:54 advansys-fc2-boot.iso -rw-rw-r--.
>> 2 paul paul  108723 Nov 29 11:54 dkms-2.2.0.2-1.noarch.rpm
>> -rw-rw-r--. 2 paul paul  132593 Nov 29 11:54
>> dkms-2.2.0.2-1.src.rpm -rw-rw-r--. 1 paul paul   10400 Nov 29 11:54
>> HEADER.html -rw-rw-r--. 1 paul paul  287602 Nov 29 11:54
>> kernel-advansys-0.9.1-1dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 228573 Nov 29 11:54 kernel-advansys-0.9.1-1dkms.src.rpm -rw-rw-r--.
>> 1 paul paul  620915 Nov 29 11:54
>> kernel-advansys-0.9.2-1dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 457045 Nov 29 11:54 kernel-advansys-0.9.2-1dkms.src.rpm -rw-rw-r--.
>> 1 paul paul  607931 Nov 29 11:54
>> kernel-advansys-0.9.3-2dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 461727 Nov 29 11:54 kernel-advansys-0.9.3-2dkms.src.rpm -rw-r--r--.
>> 1 paul paul 1234354 Nov 29 11:54
>> kernel-advansys-0.9.4-1dkms.noarch.rpm -rw-r--r--. 1 paul paul
>> 907444 Nov 29 11:54 kernel-advansys-0.9.4-1dkms.src.rpm -rw-rw-r--.
>> 2 paul paul 1286253 Nov 29 11:54
>> kernel-advansys-0.9.5-1dkms.noarch.rpm -rw-rw-r--. 2 paul paul
>> 981819 Nov 29 11:54 kernel-advansys-0.9.5-1dkms.src.rpm [paul at zion
>> ~]$ date; python -c "from selinux import restorecon;
>> restorecon('/home/paul/cfo-repo/drivers/advansys', recursive =
>> True)"; date Tue Nov 29 12:03:51 GMT 2011 Tue Nov 29 12:03:52 GMT
>> 2011 [paul at zion ~]$ ls -l --time=ctime
>> /home/paul/cfo-repo/drivers/advansys/total 11896 -rw-rw-r--. 1 paul
>> paul  649700 Nov 29 12:03 advansys-driverdisk.zip -rw-rw-r--. 1
>> paul paul 4175872 Nov 29 12:03 advansys-fc2-boot.iso -rw-rw-r--. 2
>> paul paul  108723 Nov 29 12:03 dkms-2.2.0.2-1.noarch.rpm
>> -rw-rw-r--. 2 paul paul  132593 Nov 29 12:03
>> dkms-2.2.0.2-1.src.rpm -rw-rw-r--. 1 paul paul   10400 Nov 29 12:03
>> HEADER.html -rw-rw-r--. 1 paul paul  287602 Nov 29 12:03
>> kernel-advansys-0.9.1-1dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 228573 Nov 29 12:03 kernel-advansys-0.9.1-1dkms.src.rpm -rw-rw-r--.
>> 1 paul paul  620915 Nov 29 12:03
>> kernel-advansys-0.9.2-1dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 457045 Nov 29 12:03 kernel-advansys-0.9.2-1dkms.src.rpm -rw-rw-r--.
>> 1 paul paul  607931 Nov 29 12:03
>> kernel-advansys-0.9.3-2dkms.noarch.rpm -rw-rw-r--. 1 paul paul
>> 461727 Nov 29 12:03 kernel-advansys-0.9.3-2dkms.src.rpm -rw-r--r--.
>> 1 paul paul 1234354 Nov 29 12:03
>> kernel-advansys-0.9.4-1dkms.noarch.rpm -rw-r--r--. 1 paul paul
>> 907444 Nov 29 12:03 kernel-advansys-0.9.4-1dkms.src.rpm -rw-rw-r--.
>> 2 paul paul 1286253 Nov 29 12:03
>> kernel-advansys-0.9.5-1dkms.noarch.rpm -rw-rw-r--. 2 paul paul
>> 981819 Nov 29 12:03 kernel-advansys-0.9.5-1dkms.src.rpm [paul at zion
>> ~]$
>>
>> Is this expected behaviour? Is there a way I can use the python
>> binding but get the same behaviour as the shell command?
>>
> Try out libselinux-2.1.6-5.fc16  Currently in koji.

That's fixed it, thanks.

Paul.

More information about the selinux mailing list