On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote:
> Dominick Grift wrote:
> > On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the
> > > Dominick Grift wrote:
> > >
> > >
> > > > The idea is nice, unfortunately its inflexible and it has
> > > > hard-references to
Dominick Grift wrote:
On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the
Dominick Grift wrote:
The idea is nice, unfortunately its inflexible and it has hard-references to
reference policy all-over. It has potential but it is still rough.
Of course, it is an analysis of a
On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:
> Dominick Grift wrote:
>
>
> > The idea is nice, unfortunately its inflexible and it has hard-references
> > to reference policy all-over. It has potential but it is still rough.
> >
>
> Of course, it is an analysis of a
On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:
> Dominick Grift wrote:
>
>
> > The idea is nice, unfortunately its inflexible and it has hard-references
> > to reference policy all-over. It has potential but it is still rough.
> >
>
> Of course, it is an analysis of a
Dominick Grift wrote:
The idea is nice, unfortunately its inflexible and it has hard-references to
reference policy all-over. It has potential but it is still rough.
Of course, it is an analysis of a refpolicy-based policy. If you want to
analyze a different policy (e.g., Android or
* `fixfiles -B relabel` or `fixfiles -C previouscontext relabel` would
skip the code that handles e.g. `/var/tmp`, which would be run by
`fixfiles relabel`. It would still remove all files in /tmp (subject to
user confirmation). This is confusing, undocumented, and unlikely to
be
This commit allows the use of `set -u` to detect reads of unset variables.
But what I really liked was making the code more explicit about these
modes. I hope that this is easier for a new reader to reason about.
`fixfiles restore` has accumulated five different modes it can run in.
Now use a
It helps see the differences (hopefully there are only intended differences
now!).
---
policycoreutils/scripts/fixfiles | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index cff..0a4 100755
---
DIRS was suspicious because you can't store file names in a normal variable,
and it's not that common to use arrays in bash. It's not actually used.
While we're here, there's another variable which is never used
and should just be removed. (Pointed out by `shellcheck`.
It makes a couple of
This was supposedly fixed in 2009.
http://selinux.fedoraproject.narkive.com/ZskMsNrx/fixfiles-f-option
`-F` was mentioned again in 2013 (commit 2910ca21).
It doesn't look like `-F -C` was fixed though.
---
policycoreutils/scripts/fixfiles | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Make sure usage() in fixfiles shows all the current options.
It's printed when there's a user error, so it needs to be
helpful! (Excluding the deprecated option - see below).
manpage:
Remove the deprecated option `-l logfile`.
Add missing space in `restore|[-f] relabel`.
It's not clear why
`fixfiles -R -a` is much less useful than it was made to sound, because -R
now works recursively. Therefore `fixfiles -R -a` relabels every file on
the system, multiple times. On my system it took over 5 times as long as
plain `fixfiles` (which takes about a minute).
---
$ shellcheck fixfiles
...
In fixfiles line 94:
[[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
^-- SC2076: Don't quote rhs of =~, it'll match
literally rather than as a regex.
---
policycoreutils/scripts/fixfiles | 2 +-
1 file
New users may try something like `fixfiles restore -v /dir/file` -
not realizing they are required to use `fixfiles -v restore /dir/file`.
Detect that `restorecon` aborts due to being run on the non-existent file
`-v`, and stop immediately. This will show the error much more clearly,
instead of
The idea is to print a usage error, then terminate with EXIT_FAILURE.
Don't print the usage error twice when run with no command.
Don't try to check for bogus extra arguments _after_
performing a long-running operation... particularly
if that operation terminates the script with EXIT_SUCCESS
On Sat, May 06, 2017 at 07:19:20PM +0200, Dominick Grift wrote:
> On Sat, May 06, 2017 at 06:19:56PM +0200, Dominick Grift wrote:
> > On Sat, May 06, 2017 at 04:03:58PM +0200, Dominick Grift wrote:
> > > On Fri, May 05, 2017 at 02:27:05PM -0400, Karl MacMillan wrote:
> > > > I’d like to announce
16 matches
Mail list logo
