mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-11-24 03:59:41 +00:00
This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs an
8e9c9a20cb
...and write log messages to standard output. Some versions of fixfiles in 2004 created a logfile by default. Apparently they also used `tee` to log to standard output at the same time. We're also told that the logfile was implemented because there was too much output generated for use on a tty, and it scrolled out of reach. https://bugzilla.redhat.com/show_bug.cgi?id=131707 In the current version, none of these original reasons for `-l` remain. The logfile is not created by default. If no log file is specified, messages are written to stdin [sic]... if and only stdin is a tty. If stdin is not a tty, the log defaults to /dev/null. When a user runs fixfiles on a tty and finds there is too much output, she is likely to try redirecting standard output and/or standard error using the shell. She will find this doesn't help, because fixfiles is writing the verbose log messages to standard input. I tried to fix the problem non-intrusively, by changing the default log file to `/dev/stdout`. Sadly, this breaks down where you have `echo >>$LOGFILE "Log message"` inside a specific function, which is run with output redirected in order to "return" a string value (captured into a variable). exclude_dirs_from_relabelling() was such a function. I was trying to abstract over writing to both normal files and stdout, but my abstraction "leaks" in a non-obvious way. There is a simple solution. We can write the log messages to standard output. When we are passed `-l` by a legacy script, we can redirect standard output to the logfile. This removes any distinctions between the logfile and "non-log" messages. Some calls to restorecon were missing redirections to the log file. "Cleaning out /tmp" was written to the log file, but "Cleaning out labels on /tmp" was not. There were no comments to explain these distinctions. |
||
---|---|---|
checkpolicy | ||
dbus | ||
gui | ||
libselinux | ||
libsemanage | ||
libsepol | ||
mcstrans | ||
policycoreutils | ||
python | ||
restorecond | ||
sandbox | ||
scripts | ||
secilc | ||
semodule-utils | ||
.gitignore | ||
.travis.yml | ||
CleanSpec.mk | ||
Makefile | ||
README |
Please submit all bug reports and patches to selinux@tycho.nsa.gov. Subscribe via selinux-join@tycho.nsa.gov. Build dependencies on Fedora: yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig xmlto redhat-rpm-config To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces. To install libsepol on macOS (mainly for policy analysis): cd libsepol; make DESTDIR=/usr/local PREFIX=/usr/local install This requires GNU coreutils (brew install coreutils).