-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/24/2012 11:42 AM, Richard W.M. Jones wrote:
> Dan & Dan,
>
> Any comments on the design of this restorecon interface? As implemented
> here, it is merely a simple encoding of the restorecon command line tool
> and arguments.
>
> My main worry is that it'll use the wrong policy file, or perhaps no policy
> file, or if SELinux isn't enabled properly it'll end up destroying labels
> instead of setting them.
>
> Also I've no idea if it's legit to run restorecon on a filesystem from one
> guest, using the restorecon command from another system (the host in this
> case).
>
> Rich.
>
The restorecon inside the guest will attempt to read
/etc/selinux/context/POLICYTYPE/files/file_context If it exists.
- From restorecons point of view does this file exists? And is it in the container.
Also restorecon will only work if it thinks SELinux is enabled and the kernel
undestands the labels. If from the restorecon point of view SELinux is not
enabled or /proc/fs/selinux points to the hosts /proc/fs/selinux then there is
a chance that the host will reject labels in the guest.
If you want to fix labels in a guest where the process thinks SELinux is
disabled, then setfiles would be a better tool.
> On Wed, Oct 24, 2012 at 10:00:53PM +0800, Wanlong Gao wrote:
>> Add a new api restorecon to restore file(s) default SELinux security
>> contexts.
>>
>> Signed-off-by: Wanlong Gao <gaowanlong(a)cn.fujitsu.com> ---
>> daemon/selinux.c | 52
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml
>> | 26 ++++++++++++++++++++++++++ gobject/Makefile.inc | 6 ++++--
>> po/POTFILES | 1 + src/MAX_PROC_NR | 2 +- 5 files changed,
>> 84 insertions(+), 3 deletions(-)
>>
>> diff --git a/daemon/selinux.c b/daemon/selinux.c index 40590e1..f5e8cb2
>> 100644 --- a/daemon/selinux.c +++ b/daemon/selinux.c @@ -31,6 +31,10 @@
>> #include "actions.h" #include "optgroups.h"
>>
>> +#define MAX_ARGS 128 + +GUESTFSD_EXT_CMD(str_restorecon, restorecon); +
>> #if defined(HAVE_LIBSELINUX)
>>
>> int @@ -106,3 +110,51 @@ do_getcon (void) }
>>
>> #endif /* !HAVE_LIBSELINUX */ + +int +do_restorecon (const char
>> *pathname, + const char *labelprefix, + int
>> recursion, + int force) +{ + int r; + size_t i = 0; +
>> char *buf; + char *err; + const char *argv[MAX_ARGS]; + + buf =
>> sysroot_path (pathname); + if (!buf) { + reply_with_error
>> ("malloc"); + return -1; + } + + ADD_ARG (argv, i,
str_restorecon);
>> + + if (optargs_bitmask & GUESTFS_RESTORECON_LABELPREFIX_BITMASK) { +
>> ADD_ARG (argv, i, "-L"); + ADD_ARG (argv, i, labelprefix); + } + +
>> if (optargs_bitmask & GUESTFS_RESTORECON_RECURSION_BITMASK) + if
>> (recursion) + ADD_ARG (argv, i, "-R"); + + if (optargs_bitmask
&
>> GUESTFS_RESTORECON_FORCE_BITMASK) + if (force) + ADD_ARG (argv,
>> i, "-F"); + + ADD_ARG (argv, i, buf); + ADD_ARG (argv, i, NULL); + +
r
>> = commandv (NULL, &err, argv); + free (buf); + if (r == -1) { +
>> reply_with_error ("%s: %s", pathname, err); + free (err); +
return
>> -1; + } + + free (err); + return 0; +} diff --git
>> a/generator/actions.ml b/generator/actions.ml index 71aee37..786c229
>> 100644 --- a/generator/actions.ml +++ b/generator/actions.ml @@ -10241,6
>> +10241,32 @@ If the optional C<suffix> parameter is given, then the
>> suffix
>>
>> See also: C<guestfs_mkdtemp>." };
>>
>> + { defaults with + name = "restorecon"; + style = RErr,
[Pathname
>> "pathname"], [OString "labelprefix"; OBool
"recursion"; OBool "force"]; +
>> proc_nr = Some 374; + optional = Some "selinux"; + tests = [ +
>> InitScratchFS, IfAvailable "selinux", TestRun ( +
[["mkdir";
>> "/a"]; + ["mkdir"; "/a/b"]; +
["touch"; "/a/b/c"]; +
>> ["mkdir"; "/a/d"]; + ["touch";
"/a/d/e"]; +
>> ["restorecon"; "/a"; "NOARG"; "true";
"true"]]) + ]; + shortdesc =
>> "restore file(s) default SELinux security contexts"; + longdesc =
"\
>> +This program is primarily used to reset the security context (type)
>> +(extended attributes) on one or more files. + +It can be run at any time
>> to correct errors, to add support for new policy. + +If a file object
>> does not have a context, restorecon will write the default +context to
>> the file object's extended attributes. If a file object has a +context,
>> C<restorecon> will only modify the type portion of the security +context.
>> The C<force> option will force a replacement of the entire context."};
+
>> ]
>>
>> (* Non-API meta-commands available only in guestfish. diff --git
>> a/gobject/Makefile.inc b/gobject/Makefile.inc index 95a4b6b..7451d8e
>> 100644 --- a/gobject/Makefile.inc +++ b/gobject/Makefile.inc @@ -82,7
>> +82,8 @@ guestfs_gobject_headers= \
>> include/guestfs-gobject/optargs-hivex_open.h \
>> include/guestfs-gobject/optargs-xfs_repair.h \
>> include/guestfs-gobject/optargs-mke2fs.h \ -
>> include/guestfs-gobject/optargs-mktemp.h +
>> include/guestfs-gobject/optargs-mktemp.h \ +
>> include/guestfs-gobject/optargs-restorecon.h
>>
>> guestfs_gobject_sources= \ src/session.c \ @@ -146,4 +147,5 @@
>> guestfs_gobject_sources= \ src/optargs-hivex_open.c \
>> src/optargs-xfs_repair.c \ src/optargs-mke2fs.c \ -
>> src/optargs-mktemp.c + src/optargs-mktemp.c \ +
>> src/optargs-restorecon.c diff --git a/po/POTFILES b/po/POTFILES index
>> a73377d..8d6656b 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -167,6
>> +167,7 @@ gobject/src/optargs-mount_local.c
>> gobject/src/optargs-ntfsclone_out.c gobject/src/optargs-ntfsfix.c
>> gobject/src/optargs-ntfsresize.c +gobject/src/optargs-restorecon.c
>> gobject/src/optargs-rsync.c gobject/src/optargs-rsync_in.c
>> gobject/src/optargs-rsync_out.c diff --git a/src/MAX_PROC_NR
>> b/src/MAX_PROC_NR index a5c3fde..38a45c3 100644 --- a/src/MAX_PROC_NR +++
>> b/src/MAX_PROC_NR @@ -1 +1 @@ -373 +374 -- 1.8.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://www.enigmail.net/
iEYEARECAAYFAlCIMB0ACgkQrlYvE4MpobOgTwCfewHzhAC3w5uT1RkWZnKAc2jB
xfEAn2WKpX59+s59qQnNGUkjju6RIRtC
=jnlO
-----END PGP SIGNATURE-----