Displaying 4 results from an estimated 4 matches for "s_selinux".
2016 Jul 14
0
[PATCH v2 2/7] New API: setfiles - SELinux relabel parts of the filesystem.
...+
+GUESTFSD_EXT_CMD(str_setfiles, setfiles);
+
+#define MAX_ARGS 64
+
+/* Takes optional arguments, consult optargs_bitmask. */
+int
+do_setfiles (const char *specfile, const char *path,
+ int force)
+{
+ const char *argv[MAX_ARGS];
+ CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
+ *s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
+ CLEANUP_FREE char *err = NULL;
+ size_t i = 0;
+
+ s_dev = sysroot_path ("/dev");
+ if (!s_dev) {
+ malloc_error:
+ reply_with_perror ("malloc");
+ return -1;
+ }
+ s_proc = sysroot_path ("/proc&...
2016 Jul 14
10
[PATCH v2 0/7] Fix SELinux
v1 -> v2:
- Add simple test of the setfiles API.
- Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel).
- Small fixes.
Rich.
2017 Mar 20
2
[PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).
...t;) == NULL;
+ }
+
+ return flag;
+}
+
/* Takes optional arguments, consult optargs_bitmask. */
int
do_selinux_relabel (const char *specfile, const char *path,
@@ -83,6 +99,13 @@ do_selinux_relabel (const char *specfile, const char *path,
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
+ /* You have to use the -m option (where available) otherwise
+ * setfiles puts all the mountpoints on the excludes list for no
+ * useful reason (RHBZ#1433577).
+ */
+ if (setfiles_has_m_option ())
+ ADD_ARG (argv, i,...
2016 Jul 13
6
[PATCH 0/5] Fix SELinux
We can use the setfiles(8) command to relabel the guest filesystem,
even though we don't have a policy loaded nor SELinux enabled in the
appliance kernel.
This also deprecates or removes the old and broken SELinux support.
This patch isn't quite complete - I would like to add some tests to
the new API. I'm posting here to garner early feedback.
Rich.