fixfiles -F option

Daniel J Walsh dwalsh at redhat.com
Tue Oct 20 15:31:29 UTC 2009 

On 10/20/2009 10:14 AM, Moray Henderson (ICT) wrote:
> Daniel wrote:
>> On 10/05/2009 10:20 AM, Moray Henderson (ICT) wrote:
>>> Hello List.
>>>
>>> I have an rpm for an selinux policy for a custom CentOS 5.3 distribution.
>> When I install it, I use pre/post install scripts to back up the previous
>> file contexts and run "fixfiles -C ${FILE_CONTEXT}.pre restore" as in the
>> standard selinux-policy-targeted rpm.
>>>
>>> On an upgrade, old httpd_sys_content_t files are not being updated to
>> public_content_rw_t because httpd_sys_content_t is in the
>> customizable_types file.
>>>
>>> According to the fixfiles man page, -F should "Force reset of context to
>> match file_context for customizable files", but when I added it, it made
>> no difference.  I had a look at the fixfiles script, and indeed it looks
>> as if -F doesn't work with -C.  Is that correct, or did I miss something?
>>>
>>> Is there a recommended way to do that?
>>>
>>>
>>> Moray.
>>> "To err is human.  To purr, feline"
>>>
>>>
>> Fix fixfiles and send a patch.  :^(
> 
> Sorry for delay - I was at a training course, then recovering from the cold I caught at the training course...
> 
> I am working on fixing the fixfiles script, but it looks more complicated than I thought, as I'm also trying to bring the usage info and man page into line with how the script actually behaves.
> 
> As far as I can see, the "-o outputfile" option has never worked: it just adds the name of the output file to the restorecon or setfiles commands without the -o option to say that it's an output option.  In addition, it won't work at all with the verify command because that uses its own -o option.
> 
> I would therefore vote for removing -o from fixfiles altogether, but if you really want it there and working, I'll see what I can do.  Let me know what you think.
> 
> In addition to fixfiles, I have also documented the -p option to both restorecon and setfiles, and brought their usage info and man pages into line.
> 
> 
> Moray.
> "To err is human.  To purr, feline"
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> 
I have no problem with removing the -o option.  I don't think anyone uses it.

More information about the fedora-selinux-list mailing list