[Libguestfs] [PATCH V3] NEW API: add a new api restorecon

Wed Oct 24 14:00:53 UTC 2012

Add a new api restorecon to restore file(s) default
SELinux security contexts.

Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com>
---
 daemon/selinux.c     | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 generator/actions.ml | 26 ++++++++++++++++++++++++++
 gobject/Makefile.inc |  6 ++++--
 po/POTFILES          |  1 +
 src/MAX_PROC_NR      |  2 +-
 5 files changed, 84 insertions(+), 3 deletions(-)

diff --git a/daemon/selinux.c b/daemon/selinux.c
index 40590e1..f5e8cb2 100644
--- a/daemon/selinux.c
+++ b/daemon/selinux.c
@@ -31,6 +31,10 @@
 #include "actions.h"
 #include "optgroups.h"
 
+#define MAX_ARGS 128
+
+GUESTFSD_EXT_CMD(str_restorecon, restorecon);
+
 #if defined(HAVE_LIBSELINUX)
 
 int
@@ -106,3 +110,51 @@ do_getcon (void)
 }
 
 #endif /* !HAVE_LIBSELINUX */
+
+int
+do_restorecon (const char *pathname,
+               const char *labelprefix,
+               int recursion,
+               int force)
+{
+  int r;
+  size_t i = 0;
+  char *buf;
+  char *err;
+  const char *argv[MAX_ARGS];
+
+  buf = sysroot_path (pathname);
+  if (!buf) {
+    reply_with_error ("malloc");
+    return -1;
+  }
+
+  ADD_ARG (argv, i, str_restorecon);
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_LABELPREFIX_BITMASK) {
+    ADD_ARG (argv, i, "-L");
+    ADD_ARG (argv, i, labelprefix);
+  }
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_RECURSION_BITMASK)
+    if (recursion)
+      ADD_ARG (argv, i, "-R");
+
+  if (optargs_bitmask & GUESTFS_RESTORECON_FORCE_BITMASK)
+    if (force)
+      ADD_ARG (argv, i, "-F");
+
+  ADD_ARG (argv, i, buf);
+  ADD_ARG (argv, i, NULL);
+
+  r = commandv (NULL, &err, argv);
+  free (buf);
+  if (r == -1) {
+    reply_with_error ("%s: %s", pathname, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+  return 0;
+}
diff --git a/generator/actions.ml b/generator/actions.ml
index 71aee37..786c229 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -10241,6 +10241,32 @@ If the optional C<suffix> parameter is given, then the suffix
 
 See also: C<guestfs_mkdtemp>." };
 
+  { defaults with
+    name = "restorecon";
+    style = RErr, [Pathname "pathname"], [OString "labelprefix"; OBool "recursion"; OBool "force"];
+    proc_nr = Some 374;
+    optional = Some "selinux";
+    tests = [
+      InitScratchFS, IfAvailable "selinux", TestRun (
+        [["mkdir"; "/a"];
+         ["mkdir"; "/a/b"];
+         ["touch"; "/a/b/c"];
+         ["mkdir"; "/a/d"];
+         ["touch"; "/a/d/e"];
+         ["restorecon"; "/a"; "NOARG"; "true"; "true"]])
+    ];
+    shortdesc = "restore file(s) default SELinux security contexts";
+    longdesc = "\
+This program is primarily used to reset the security context (type)
+(extended attributes) on one or more files.
+
+It can be run at any time to correct errors, to add support for new policy.
+
+If a file object does not have a context, restorecon will write the default
+context to the file object's extended attributes. If a file object has a
+context, C<restorecon> will only modify the type portion of the security
+context.  The C<force> option will force a replacement of the entire context."};
+
 ]
 
 (* Non-API meta-commands available only in guestfish.
diff --git a/gobject/Makefile.inc b/gobject/Makefile.inc
index 95a4b6b..7451d8e 100644
--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
@@ -82,7 +82,8 @@ guestfs_gobject_headers= \
   include/guestfs-gobject/optargs-hivex_open.h \
   include/guestfs-gobject/optargs-xfs_repair.h \
   include/guestfs-gobject/optargs-mke2fs.h \
-  include/guestfs-gobject/optargs-mktemp.h
+  include/guestfs-gobject/optargs-mktemp.h \
+  include/guestfs-gobject/optargs-restorecon.h
 
 guestfs_gobject_sources= \
   src/session.c \
@@ -146,4 +147,5 @@ guestfs_gobject_sources= \
   src/optargs-hivex_open.c \
   src/optargs-xfs_repair.c \
   src/optargs-mke2fs.c \
-  src/optargs-mktemp.c
+  src/optargs-mktemp.c \
+  src/optargs-restorecon.c
diff --git a/po/POTFILES b/po/POTFILES
index a73377d..8d6656b 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -167,6 +167,7 @@ gobject/src/optargs-mount_local.c
 gobject/src/optargs-ntfsclone_out.c
 gobject/src/optargs-ntfsfix.c
 gobject/src/optargs-ntfsresize.c
+gobject/src/optargs-restorecon.c
 gobject/src/optargs-rsync.c
 gobject/src/optargs-rsync_in.c
 gobject/src/optargs-rsync_out.c
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index a5c3fde..38a45c3 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-373
+374
-- 
1.8.0


