policycoreutils: fixfiles: pipe everything to cat before sending to LOGFILE

We do this so we can eliminate foolish avcs about restorecon trying to write to a random directory. We allow apps to communicate with fds globably. So this allows the access no AVC's I am happy Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2025-01-07 11:21:37 +00:00 · 2011-07-10 14:19:47 +02:00 · 2011-07-10 14:19:47 +02:00 · e2769ff670
commit e2769ff670
parent 275560b2a3
1 changed files with 4 additions and 4 deletions
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@ -146,7 +146,7 @@ if [ ! -z "$PREFC" ]; then
 fi
 if [ ! -z "$RPMFILES" ]; then
    for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
-	rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
+	rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 | cat >> $LOGFILE
    done
    exit $?
 fi
@ -154,9 +154,9 @@ if [ ! -z "$FILEPATH" ]; then
    if [ -x /usr/bin/find ]; then
 	/usr/bin/find "$FILEPATH" \
 	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune  -o -print0 | \
-	    ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+	    ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 | cat >> $LOGFILE
    else
-	${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+	${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE
    fi
    return
 fi
@ -179,7 +179,7 @@ then
 	done
 FC=$TEMPFCFILE
 fi
-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
 rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE

 find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete