Daniel wrote:
> On 10/05/2009 10:20 AM, Moray Henderson (ICT) wrote:
>> Hello List.
>>
>> I have an rpm for an selinux policy for a custom CentOS 5.3 distribution.
> When I install it, I use pre/post install scripts to back up the previous
> file contexts and run "fixfiles -C ${FILE_CONTEXT}.pre restore" as in the
> standard selinux-policy-targeted rpm.
>>
>> On an upgrade, old httpd_sys_content_t files are not being updated to
> public_content_rw_t because httpd_sys_content_t is in the
> customizable_types file.
>>
>> According to the fixfiles man page, -F should "Force reset of context to
> match file_context for customizable files", but when I added it, it made
> no difference. I had a look at the fixfiles script, and indeed it looks
> as if -F doesn't work with -C. Is that correct, or did I miss something?
>>
>> Is there a recommended way to do that?
>>
>>
>> Moray.
>> "To err is human. To purr, feline"
>>
>>
> Fix fixfiles and send a patch. :^(
Sorry for delay - I was at a training course, then recovering from the cold I caught at
the training course...
I am working on fixing the fixfiles script, but it looks more complicated than I thought,
as I'm also trying to bring the usage info and man page into line with how the script
actually behaves.
As far as I can see, the "-o outputfile" option has never worked: it just adds
the name of the output file to the restorecon or setfiles commands without the -o option
to say that it's an output option. In addition, it won't work at all with the
verify command because that uses its own -o option.
I would therefore vote for removing -o from fixfiles altogether, but if you really want
it there and working, I'll see what I can do. Let me know what you think.
In addition to fixfiles, I have also documented the -p option to both restorecon and
setfiles, and brought their usage info and man pages into line.
Moray.
"To err is human. To purr, feline"
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I have no problem with removing the -o option. I don't think anyone uses it.