--- policycoreutils-1.14.1/scripts/Makefile.rhat 2004-06-30 12:03:27.000000000 -0400
+++ policycoreutils-1.14.1/scripts/Makefile 2004-06-30 13:14:42.776075168 -0400
@@ -12,6 +12,7 @@
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
install -m 755 fixfiles $(DESTDIR)/sbin
+ install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.daily/fixfiles.cron
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8.gz $(MANDIR)/man8/
--- policycoreutils-1.14.1/scripts/fixfiles.cron.rhat 2004-06-30 13:12:42.062426432 -0400
+++ policycoreutils-1.14.1/scripts/fixfiles.cron 2004-06-30 13:28:28.507544904 -0400
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+CRONTYPE="check"
+INVALIDFILE=/var/tmp/badcontext
+CRONMAILTO="root"
+
+. /etc/selinux/config
+
+renice +19 -p $$ >/dev/null 2>&1
+OUTFILE=`mktemp ${INVALIDFILE}.XXXXXXXXXX` || exit 1
+/sbin/fixfiles -o $OUTFILE $CRONTYPE
+mv -f $OUTFILE $INVALIDFILE
+if [ -s $INVALIDFILE ]; then
+ mail ${MAILTO} -s "Invalid File Contexts" < $INVALIDFILE
+fi
--- policycoreutils-1.14.1/scripts/fixfiles.rhat 2004-06-30 13:10:21.630775288 -0400
+++ policycoreutils-1.14.1/scripts/fixfiles 2004-06-30 13:11:46.932807408 -0400
@@ -19,25 +19,37 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Set global Variables
+#
+checkFlag=0
+restoreFlag=0
+relabelFlag=0
+fullFlag=0
+rpmFlag=0
+rpmFiles=""
+outfileFlag=0
+OUTFILES=""
+LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
+SETFILES=/usr/sbin/setfiles
+FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
SELINUXTYPE="targeted"
+
if [ -e /etc/selinux/config ]; then
. /etc/selinux/config
FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
else
FC=/etc/security/selinux/file_contexts
fi
-LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX` || exit 1
-SETFILES=/usr/sbin/setfiles
-FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
checkLabels () {
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
@@ -45,10 +57,10 @@
echo "logging to $LOGFILE"
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
@@ -58,10 +70,10 @@
rm -rf /tmp/.??* /tmp/*
if [ ! -z "$1" ]; then
for i in `echo $1 | sed 's/,/ /g'`; do
- rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
+ rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
done
else
- ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
fi
}
relabelCheck() {
@@ -81,16 +93,9 @@
}
usage() {
- echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] |check|restore|[-F] relabel}"
+ echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
}
-checkFlag=0
-restoreFlag=0
-relabelFlag=0
-fullFlag=0
-rpmFlag=0
-rpmFiles=""
-
# See how we were called.
for i in $@; do
if [ $rpmFlag = 2 ]; then
@@ -98,6 +103,16 @@
rpmFlag=1
continue
fi
+if [ $outfileFlag = 2 ]; then
+ OUTFILES="-o $i"
+ outfileFlag=1
+ continue
+fi
+if [ $logfileFlag = 2 ]; then
+ LOGFILE="$i"
+ logfileFlag=1
+ continue
+fi
case "$i" in
check)
checkFlag=1
@@ -114,6 +129,12 @@
-R)
rpmFlag=2
;;
+ -o)
+ outfileFlag=2
+ ;;
+ -l)
+ logfileFlag=2
+ ;;
*)
usage
exit 1