From c1dc2858007322d99e3f2d646fbe0b1c6d7699b5 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Mon, 23 Sep 2013 21:18:02 +0800 Subject: always force to restore file contexts in initscripts In policycoreutils-2.13+, restorecon changes its default behaviour, and does not restore context if the file' type is correct, even its mcs/mls level is incorrect. We should force it always to restore file contexts in initscripts to avoid issues. Signed-off-by: Xin Ouyang Signed-off-by: Joe MacDonald --- recipes-connectivity/bind/bind_9.8.1.bbappend | 4 ++-- recipes-core/initscripts/initscripts_1.0.bbappend | 4 ++-- recipes-core/udev/udev/init | 2 +- recipes-core/udev/udev_182.bbappend | 2 +- recipes-extended/sysklogd/files/sysklogd | 4 ++-- recipes-extended/sysklogd/sysklogd_1.5.bbappend | 2 +- recipes-security/audit/audit-2.2.1/auditd | 2 +- recipes-security/audit/audit_2.2.1.bb | 2 +- recipes-security/selinux/selinux-config/selinux-init.sh | 6 +++--- recipes-security/selinux/selinux-config_0.1.bb | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) diff --git a/recipes-connectivity/bind/bind_9.8.1.bbappend b/recipes-connectivity/bind/bind_9.8.1.bbappend index 069aa84..a15e045 100644 --- a/recipes-connectivity/bind/bind_9.8.1.bbappend +++ b/recipes-connectivity/bind/bind_9.8.1.bbappend @@ -1,4 +1,4 @@ -PR .= ".2" +PR .= ".3" FILESEXTRAPATHS_prepend := "${THISDIR}/files:" @@ -9,5 +9,5 @@ do_install_append() { install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\ - [ -x /sbin/restorecon ] && /sbin/restorecon /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind + [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind } diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend index 630b951..b8172c0 100644 --- a/recipes-core/initscripts/initscripts_1.0.bbappend +++ b/recipes-core/initscripts/initscripts_1.0.bbappend @@ -1,8 +1,8 @@ -PR .= ".2" +PR .= ".3" do_install_append () { cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh touch /var/log/lastlog -test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/ +test ! -x /sbin/restorecon || /sbin/restorecon -RF /var/volatile/ /run EOF } diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init index 44a192a..5fd1011 100644 --- a/recipes-core/udev/udev/init +++ b/recipes-core/udev/udev/init @@ -81,6 +81,6 @@ else /sbin/udevadm settle fi -test ! -x /sbin/restorecon || /sbin/restorecon /dev +test ! -x /sbin/restorecon || /sbin/restorecon -F /dev exit 0 diff --git a/recipes-core/udev/udev_182.bbappend b/recipes-core/udev/udev_182.bbappend index f42ad45..6f8f049 100644 --- a/recipes-core/udev/udev_182.bbappend +++ b/recipes-core/udev/udev_182.bbappend @@ -1,4 +1,4 @@ -PR .= ".3" +PR .= ".4" FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" diff --git a/recipes-extended/sysklogd/files/sysklogd b/recipes-extended/sysklogd/files/sysklogd index 18a6154..8c6eeb5 100755 --- a/recipes-extended/sysklogd/files/sysklogd +++ b/recipes-extended/sysklogd/files/sysklogd @@ -37,7 +37,7 @@ create_xconsole() chmod 0640 /dev/xconsole fi chown root:adm /dev/xconsole - test ! -x /sbin/restorecon || /sbin/restorecon /dev/xconsole + test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/xconsole } log_begin_msg () { @@ -92,7 +92,7 @@ case "$1" in log_begin_msg "Starting system log daemon..." create_xconsole start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD - test ! -x /sbin/restorecon || /sbin/restorecon -R /dev/log /var/log/ + test ! -x /sbin/restorecon || /sbin/restorecon -RF /dev/log /var/log/ log_end_msg $? log_begin_msg "Starting kernel log daemon..." start-stop-daemon --start --quiet --pidfile $pidfile_klogd --name klogd --startas $binpath_klogd -- $KLOGD diff --git a/recipes-extended/sysklogd/sysklogd_1.5.bbappend b/recipes-extended/sysklogd/sysklogd_1.5.bbappend index fd0bc32..0581083 100644 --- a/recipes-extended/sysklogd/sysklogd_1.5.bbappend +++ b/recipes-extended/sysklogd/sysklogd_1.5.bbappend @@ -1,3 +1,3 @@ -PR .= ".1" +PR .= ".2" FILESEXTRAPATHS_prepend := "${THISDIR}/files:" diff --git a/recipes-security/audit/audit-2.2.1/auditd b/recipes-security/audit/audit-2.2.1/auditd index 48b6990..fcd96c9 100755 --- a/recipes-security/audit/audit-2.2.1/auditd +++ b/recipes-security/audit/audit-2.2.1/auditd @@ -86,7 +86,7 @@ do_reload() { if [ ! -e /var/log/audit ]; then mkdir -p /var/log/audit - [ -x /sbin/restorecon ] && /sbin/restorecon /var/log/audit + [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit fi case "$1" in diff --git a/recipes-security/audit/audit_2.2.1.bb b/recipes-security/audit/audit_2.2.1.bb index e0b86e2..0bce60b 100644 --- a/recipes-security/audit/audit_2.2.1.bb +++ b/recipes-security/audit/audit_2.2.1.bb @@ -4,7 +4,7 @@ storing and searching the audit records generated by the audit subsystem \ in the Linux kernel." HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" SECTION = "base" -PR = "r7" +PR = "r8" LICENSE = "GPLv2+ & LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh index 8f3efac..9aaf454 100644 --- a/recipes-security/selinux/selinux-config/selinux-init.sh +++ b/recipes-security/selinux/selinux-config/selinux-init.sh @@ -59,13 +59,13 @@ if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then echo " * First booting, filesystem will be relabeled..." test -x /etc/init.d/auditd && /etc/init.d/auditd start ${SETENFORCE} 0 - ${RESTORECON} -R / - ${RESTORECON} / + ${RESTORECON} -RF / + ${RESTORECON} -F / echo " * Relabel done, rebooting the system." /sbin/reboot -f fi # Now, we should relabel /dev for most services. -${RESTORECON} -R /dev +${RESTORECON} -RF /dev exit 0 diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb index ad0d647..6af9c54 100644 --- a/recipes-security/selinux/selinux-config_0.1.bb +++ b/recipes-security/selinux/selinux-config_0.1.bb @@ -8,7 +8,7 @@ This is the configuration files for SELinux on WRLinux system. \ SECTION = "base" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -PR = "r2" +PR = "r3" SRC_URI = "file://selinux-init.sh" -- cgit v1.2.3-54-g00ecf