This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs an
Go to file
Alan Jenkins 8e9c9a20cb policycoreutils: fixfiles: deprecate -l option
...and write log messages to standard output.

Some versions of fixfiles in 2004 created a logfile by default.
Apparently they also used `tee` to log to standard output at the same time.
We're also told that the logfile was implemented because there was too
much output generated for use on a tty, and it scrolled out of reach.

https://bugzilla.redhat.com/show_bug.cgi?id=131707

In the current version, none of these original reasons for `-l` remain.

The logfile is not created by default.  If no log file is specified,
messages are written to stdin [sic]... if and only stdin is a tty.  If
stdin is not a tty, the log defaults to /dev/null.

When a user runs fixfiles on a tty and finds there is too much output, she
is likely to try redirecting standard output and/or standard error using
the shell.  She will find this doesn't help, because fixfiles is writing
the verbose log messages to standard input.

I tried to fix the problem non-intrusively, by changing the default log
file to `/dev/stdout`.  Sadly, this breaks down where you have
`echo >>$LOGFILE "Log message"` inside a specific function, which is run
with output redirected in order to "return" a string value (captured
into a variable).  exclude_dirs_from_relabelling() was such a function.

I was trying to abstract over writing to both normal files and stdout, but
my abstraction "leaks" in a non-obvious way.

There is a simple solution.  We can write the log messages to standard
output.  When we are passed `-l` by a legacy script, we can redirect
standard output to the logfile.

This removes any distinctions between the logfile and "non-log" messages.
Some calls to restorecon were missing redirections to the log file.
"Cleaning out /tmp" was written to the log file, but "Cleaning out labels
on /tmp" was not.  There were no comments to explain these distinctions.
2017-05-05 13:27:18 -04:00
checkpolicy Makefiles: drop -L/-I to system paths 2017-04-25 08:27:05 -04:00
dbus dbus: Use text streams in selinux_server.py 2017-05-05 11:52:19 -04:00
gui sepolicy: Adapt to new the semodule list output 2017-05-05 11:52:19 -04:00
libselinux libselinux/utils: add noreturn attribute to selinux_check_access's usage 2017-05-05 13:07:04 -04:00
libsemanage Makefiles: drop -L/-I to system paths 2017-04-25 08:27:05 -04:00
libsepol libsepol: silence false-positive -Wwrite-strings warning 2017-05-05 13:09:36 -04:00
mcstrans Makefiles: drop -L/-I to system paths 2017-04-25 08:27:05 -04:00
policycoreutils policycoreutils: fixfiles: deprecate -l option 2017-05-05 13:27:18 -04:00
python sepolicy/gui: Update text strings to use better gettext templates 2017-05-05 11:52:19 -04:00
restorecond restorecond: get pcre cflags/libs from pkg-config 2017-04-25 08:27:44 -04:00
sandbox Makefiles: drop -L/-I to system paths 2017-04-25 08:27:05 -04:00
scripts Fix release script 2016-11-16 11:19:51 -05:00
secilc Makefiles: drop -L/-I to system paths 2017-04-25 08:27:05 -04:00
semodule-utils Makefiles: drop -L/-I to system paths 2017-04-25 08:27:05 -04:00
.gitignore restorecond: Add gitignore 2016-11-16 11:20:05 -05:00
.travis.yml libsemanage/tests: include libsepol headers from $DESTDIR 2017-03-01 10:42:34 -05:00
CleanSpec.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
Makefile Add includes for DESTDIR only in root Makefile 2017-04-25 08:31:10 -04:00
README libsepol compilation fixes for macOS. 2017-01-20 13:19:57 -05:00

Please submit all bug reports and patches to selinux@tycho.nsa.gov.
Subscribe via selinux-join@tycho.nsa.gov.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig xmlto redhat-rpm-config

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.

To install libsepol on macOS (mainly for policy analysis):
cd libsepol; make DESTDIR=/usr/local PREFIX=/usr/local install

This requires GNU coreutils (brew install coreutils).