9 a.m.
Add a new api restorecon to restore file(s) default
SELinux security contexts.
Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com>
---
daemon/selinux.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
generator/actions.ml | 26 ++++++++++++++++++++++++++
gobject/Makefile.inc | 6 ++++--
po/POTFILES | 1 +
src/MAX_PROC_NR | 2 +-
5 files changed, 84 insertions(+), 3 deletions(-)
diff --git a/daemon/selinux.c b/daemon/selinux.c
index 40590e1..f5e8cb2 100644
--- a/daemon/selinux.c
+++ b/daemon/selinux.c
@@ -31,6 +31,10 @@
#include "actions.h"
#include "optgroups.h"
+#define MAX_ARGS 128
+
+GUESTFSD_EXT_CMD(str_restorecon, restorecon);
+
#if defined(HAVE_LIBSELINUX)
int
@@ -106,3 +110,51 @@ do_getcon (void)
}
#endif /* !HAVE_LIBSELINUX */
+
+int
+do_restorecon (const char *pathname,
+ const char *labelprefix,
+ int recursion,
+ int force)
+{
+ int r;
+ size_t i = 0;
+ char *buf;
+ char *err;
+ const char *argv[MAX_ARGS];
+
+ buf = sysroot_path (pathname);
+ if (!buf) {
+ reply_with_error ("malloc");
+ return -1;
+ }
+
+ ADD_ARG (argv, i, str_restorecon);
+
+ if (optargs_bitmask & GUESTFS_RESTORECON_LABELPREFIX_BITMASK) {
+ ADD_ARG (argv, i, "-L");
+ ADD_ARG (argv, i, labelprefix);
+ }
+
+ if (optargs_bitmask & GUESTFS_RESTORECON_RECURSION_BITMASK)
+ if (recursion)
+ ADD_ARG (argv, i, "-R");
+
+ if (optargs_bitmask & GUESTFS_RESTORECON_FORCE_BITMASK)
+ if (force)
+ ADD_ARG (argv, i, "-F");
+
+ ADD_ARG (argv, i, buf);
+ ADD_ARG (argv, i, NULL);
+
+ r = commandv (NULL, &err, argv);
+ free (buf);
+ if (r == -1) {
+ reply_with_error ("%s: %s", pathname, err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+ return 0;
+}
diff --git a/generator/actions.ml b/generator/actions.ml
index 71aee37..786c229 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -10241,6 +10241,32 @@ If the optional C<suffix> parameter is given, then the
suffix
See also: C<guestfs_mkdtemp>." };
+ { defaults with
+ name = "restorecon";
+ style = RErr, [Pathname "pathname"], [OString "labelprefix";
OBool "recursion"; OBool "force"];
+ proc_nr = Some 374;
+ optional = Some "selinux";
+ tests = [
+ InitScratchFS, IfAvailable "selinux", TestRun (
+ [["mkdir"; "/a"];
+ ["mkdir"; "/a/b"];
+ ["touch"; "/a/b/c"];
+ ["mkdir"; "/a/d"];
+ ["touch"; "/a/d/e"];
+ ["restorecon"; "/a"; "NOARG"; "true";
"true"]])
+ ];
+ shortdesc = "restore file(s) default SELinux security contexts";
+ longdesc = "\
+This program is primarily used to reset the security context (type)
+(extended attributes) on one or more files.
+
+It can be run at any time to correct errors, to add support for new policy.
+
+If a file object does not have a context, restorecon will write the default
+context to the file object's extended attributes. If a file object has a
+context, C<restorecon> will only modify the type portion of the security
+context. The C<force> option will force a replacement of the entire
context."};
+
]
(* Non-API meta-commands available only in guestfish.
diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
index 95a4b6b..7451d8e 100644
--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
@@ -82,7 +82,8 @@ guestfs_gobject_headers= \
include/guestfs-gobject/optargs-hivex_open.h \
include/guestfs-gobject/optargs-xfs_repair.h \
include/guestfs-gobject/optargs-mke2fs.h \
- include/guestfs-gobject/optargs-mktemp.h
+ include/guestfs-gobject/optargs-mktemp.h \
+ include/guestfs-gobject/optargs-restorecon.h
guestfs_gobject_sources= \
src/session.c \
@@ -146,4 +147,5 @@ guestfs_gobject_sources= \
src/optargs-hivex_open.c \
src/optargs-xfs_repair.c \
src/optargs-mke2fs.c \
- src/optargs-mktemp.c
+ src/optargs-mktemp.c \
+ src/optargs-restorecon.c
diff --git a/po/POTFILES b/po/POTFILES
index a73377d..8d6656b 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -167,6 +167,7 @@ gobject/src/optargs-mount_local.c
gobject/src/optargs-ntfsclone_out.c
gobject/src/optargs-ntfsfix.c
gobject/src/optargs-ntfsresize.c
+gobject/src/optargs-restorecon.c
gobject/src/optargs-rsync.c
gobject/src/optargs-rsync_in.c
gobject/src/optargs-rsync_out.c
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index a5c3fde..38a45c3 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-373
+374
--
1.8.0