setfiles: Add -E option to treat conflicting specifications as errors.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
2024-12-12 13:56:48 +00:00 · 2020-04-02 11:45:09 -04:00 · 2020-04-02 11:45:09 -04:00 · 5447c8490b
commit 5447c8490b
parent ec85260057
4 changed files with 14 additions and 4 deletions
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@ -41,7 +41,7 @@ void restore_init(struct restore_opts *opts)
 			   opts->xdev | opts->abort_on_error |
 			   opts->syslog_changes | opts->log_matches |
 			   opts->ignore_noent | opts->ignore_mounts |
-			   opts->mass_relabel;
+			   opts->mass_relabel | opts->conflict_error;

 	/* Use setfiles, restorecon and restorecond own handles */
 	selinux_restorecon_set_sehandle(opts->hnd);
--- a/policycoreutils/setfiles/restore.h
+++ b/policycoreutils/setfiles/restore.h
@ -34,6 +34,7 @@ struct restore_opts {
 	unsigned int log_matches;
 	unsigned int ignore_noent;
 	unsigned int ignore_mounts;
+	unsigned int conflict_error;
 	/* restorecon_flags holds | of above for restore_init() */
 	unsigned int restorecon_flags;
 	char *rootpath;
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@ -12,6 +12,7 @@ setfiles \- set SELinux file security contexts.
 .RB [ \-n ]
 .RB [ \-e
 .IR directory ]
+.RB [ \-E ]
 .RB [ \-p ]
 .RB [ \-s ]
 .RB [ \-v ]
@ -62,6 +63,10 @@ after ABORT_ON_ERRORS errors).
 .BI \-e \ directory
 directory to exclude (repeat option for more than one directory).
 .TP
+.BI \-E
+treat conflicting specifications as errors, such as where two hardlinks for
+the same inode have different contexts.
+.TP
 .BI \-f \ infilename
 .I infilename
 contains a list of files to be processed. Use
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
@ -48,8 +48,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name)
 			name, name);
 	} else {
 		fprintf(stderr,
-			"usage:  %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n"
-			"usage:  %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n"
+			"usage:  %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n"
+			"usage:  %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n"
 			"usage:  %s -s [-diIDlmnpqvFW] spec_file\n"
 			"usage:  %s -c policyfile spec_file\n",
 			name, name, name, name);
@ -169,7 +169,7 @@ int main(int argc, char **argv)
 	const char *base;
 	int errors = 0;
 	const char *ropts = "e:f:hiIDlmno:pqrsvFRW0";
-	const char *sopts = "c:de:f:hiIDlmno:pqr:svFR:W0";
+	const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0";
 	const char *opts;
 	union selinux_callback cb;

@ -313,6 +313,10 @@ int main(int argc, char **argv)
 			r_opts.syslog_changes =
 					   SELINUX_RESTORECON_SYSLOG_CHANGES;
 			break;
+		case 'E':
+			r_opts.conflict_error =
+					   SELINUX_RESTORECON_CONFLICT_ERROR;
+			break;
 		case 'F':
 			r_opts.set_specctx =
 					   SELINUX_RESTORECON_SET_SPECFILE_CTX;