[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH] NEW API: add a new api restorecon



Add a new api restorecon to restore file(s) default
SELinux security contexts.

Signed-off-by: Wanlong Gao <gaowanlong cn fujitsu com>
---
 daemon/selinux.c          |   69 +
 generator/actions.ml      |   25 +
 gobject/Makefile.inc      |    6 +-
 po/POTFILES               |    2 +
 src/MAX_PROC_NR           |    2 +-
 21 files changed, 13282 insertions(+), 28030 deletions(-)

diff --git a/daemon/selinux.c b/daemon/selinux.c
index 40590e1..14bc666 100644
--- a/daemon/selinux.c
+++ b/daemon/selinux.c
@@ -31,6 +31,10 @@
 #include "actions.h"
 #include "optgroups.h"
 
+#define MAX_ARGS 128
+
+GUESTFSD_EXT_CMD(str_restorecon, restorecon);
+
 #if defined(HAVE_LIBSELINUX)
 
 int
@@ -106,3 +110,68 @@ do_getcon (void)
 }
 
 #endif /* !HAVE_LIBSELINUX */
+
+int
+do_restorecon (const char *pathname,
+               const char *excludedir,
+               const char *labelprefix,
+               int recursion,
+               int force)
+{
+  int r;
+  size_t i = 0;
+  char *buf;
+  char *exdir;
+  char *err;
+  const char *argv[MAX_ARGS];
+
+  buf = sysroot_path (pathname);
+  if (!buf) {
+    reply_with_error ("malloc");
+    return -1;
+  }
+
+  ADD_ARG (argv, i, str_restorecon);
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_EXCLUDEDIR_BITMASK) {
+    if (excludedir) {
+      exdir = sysroot_path (excludedir);
+      if (!exdir) {
+        reply_with_error ("malloc");
+        return -1;
+      }
+      ADD_ARG (argv, i, "-e");
+      ADD_ARG (argv, i, exdir);
+    }
+  }
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_LABELPREFIX_BITMASK) {
+    if (labelprefix) {
+      ADD_ARG (argv, i, "-L");
+      ADD_ARG (argv, i, labelprefix);
+    }
+  }
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_RECURSION_BITMASK)
+    if (recursion)
+      ADD_ARG (argv, i, "-R");
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_FORCE_BITMASK)
+    if (force)
+      ADD_ARG (argv, i, "-F");
+
+  ADD_ARG (argv, i, buf);
+  ADD_ARG (argv, i, NULL);
+
+  r = commandv (NULL, &err, argv);
+  free (buf);
+  if (exdir) free (exdir);
+  if (r == -1) {
+    reply_with_error ("%s: %s", pathname, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+  return 0;
+}
diff --git a/generator/actions.ml b/generator/actions.ml
index 71aee37..12796a7 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -10241,6 +10241,31 @@ If the optional C<suffix> parameter is given, then the suffix
 
 See also: C<guestfs_mkdtemp>." };
 
+  { defaults with
+    name = "restorecon";
+    style = RErr, [Pathname "pathname"], [OString "excludedir"; OString "labelprefix"; OBool "recursion"; OBool "force"];
+    proc_nr = Some 374;
+    tests = [
+      InitScratchFS, Always, TestRun (
+        [["mkdir"; "/a"];
+         ["mkdir"; "/a/b"];
+         ["touch"; "/a/b/c"];
+         ["mkdir"; "/a/d"];
+         ["touch"; "/a/d/e"];
+         ["restorecon"; "/a"; "/a/d"; "NOARG"; "true"; "true"]])
+    ];
+    shortdesc = "restore file(s) default SELinux security contexts";
+    longdesc = "\
+This program is primarily used to reset the security context (type)
+(extended attributes) on one or more files.
+
+It can be run at any time to correct errors, to add support for new policy.
+
+If a file object does not have a context, restorecon will write the default
+context to the file object's extended attributes. If a file object has a
+context, C<restorecon> will only modify the type portion of the security
+context.  The C<force> option will force a replacement of the entire context."};
+
 ]
 
 (* Non-API meta-commands available only in guestfish.
diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
index 95a4b6b..7451d8e 100644
--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
@@ -82,7 +82,8 @@ guestfs_gobject_headers= \
   include/guestfs-gobject/optargs-hivex_open.h \
   include/guestfs-gobject/optargs-xfs_repair.h \
   include/guestfs-gobject/optargs-mke2fs.h \
-  include/guestfs-gobject/optargs-mktemp.h
+  include/guestfs-gobject/optargs-mktemp.h \
+  include/guestfs-gobject/optargs-restorecon.h
 
 guestfs_gobject_sources= \
   src/session.c \
@@ -146,4 +147,5 @@ guestfs_gobject_sources= \
   src/optargs-hivex_open.c \
   src/optargs-xfs_repair.c \
   src/optargs-mke2fs.c \
-  src/optargs-mktemp.c
+  src/optargs-mktemp.c \
+  src/optargs-restorecon.c
diff --git a/po/POTFILES b/po/POTFILES
index a73377d..5cded4e 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -138,6 +138,7 @@ fish/tilde.c
 fish/time.c
 format/format.c
 fuse/guestmount.c
+gobject/docs/guestfs-scan.c
 gobject/src/optargs-add_domain.c
 gobject/src/optargs-add_drive.c
 gobject/src/optargs-btrfs_filesystem_resize.c
@@ -167,6 +168,7 @@ gobject/src/optargs-mount_local.c
 gobject/src/optargs-ntfsclone_out.c
 gobject/src/optargs-ntfsfix.c
 gobject/src/optargs-ntfsresize.c
+gobject/src/optargs-restorecon.c
 gobject/src/optargs-rsync.c
 gobject/src/optargs-rsync_in.c
 gobject/src/optargs-rsync_out.c
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index a5c3fde..38a45c3 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-373
+374
-- 
1.8.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]