From 5447c8490b318ef64c61eb6022baddca69233733 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 2 Apr 2020 11:45:09 -0400 Subject: [PATCH] setfiles: Add -E option to treat conflicting specifications as errors. Signed-off-by: Chris PeBenito --- policycoreutils/setfiles/restore.c | 2 +- policycoreutils/setfiles/restore.h | 1 + policycoreutils/setfiles/setfiles.8 | 5 +++++ policycoreutils/setfiles/setfiles.c | 10 +++++++--- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c index d3335d1a..9d688c60 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -41,7 +41,7 @@ void restore_init(struct restore_opts *opts) opts->xdev | opts->abort_on_error | opts->syslog_changes | opts->log_matches | opts->ignore_noent | opts->ignore_mounts | - opts->mass_relabel; + opts->mass_relabel | opts->conflict_error; /* Use setfiles, restorecon and restorecond own handles */ selinux_restorecon_set_sehandle(opts->hnd); diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h index b64042a6..ac6ad680 100644 --- a/policycoreutils/setfiles/restore.h +++ b/policycoreutils/setfiles/restore.h @@ -34,6 +34,7 @@ struct restore_opts { unsigned int log_matches; unsigned int ignore_noent; unsigned int ignore_mounts; + unsigned int conflict_error; /* restorecon_flags holds | of above for restore_init() */ unsigned int restorecon_flags; char *rootpath; diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 index c9f8be06..0188a75a 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 @@ -12,6 +12,7 @@ setfiles \- set SELinux file security contexts. .RB [ \-n ] .RB [ \-e .IR directory ] +.RB [ \-E ] .RB [ \-p ] .RB [ \-s ] .RB [ \-v ] @@ -62,6 +63,10 @@ after ABORT_ON_ERRORS errors). .BI \-e \ directory directory to exclude (repeat option for more than one directory). .TP +.BI \-E +treat conflicting specifications as errors, such as where two hardlinks for +the same inode have different contexts. +.TP .BI \-f \ infilename .I infilename contains a list of files to be processed. Use diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index bc83c27b..16bd592c 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -48,8 +48,8 @@ static __attribute__((__noreturn__)) void usage(const char *const name) name, name); } else { fprintf(stderr, - "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n" - "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n" + "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n" + "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n" "usage: %s -s [-diIDlmnpqvFW] spec_file\n" "usage: %s -c policyfile spec_file\n", name, name, name, name); @@ -169,7 +169,7 @@ int main(int argc, char **argv) const char *base; int errors = 0; const char *ropts = "e:f:hiIDlmno:pqrsvFRW0"; - const char *sopts = "c:de:f:hiIDlmno:pqr:svFR:W0"; + const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0"; const char *opts; union selinux_callback cb; @@ -313,6 +313,10 @@ int main(int argc, char **argv) r_opts.syslog_changes = SELINUX_RESTORECON_SYSLOG_CHANGES; break; + case 'E': + r_opts.conflict_error = + SELINUX_RESTORECON_CONFLICT_ERROR; + break; case 'F': r_opts.set_specctx = SELINUX_RESTORECON_SET_SPECFILE_CTX;