summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Iooss2017-08-14 21:27:28 +0200
committerNicolas Iooss2017-08-14 21:32:07 +0200
commit1427658177e989137cc89720b30618dd5efcc7d4 (patch)
tree7310e0c025d458286ea8825d394cf8e127f8ab63
parent03b752d1a8547bb844cf1048ee9dba18e7aed471 (diff)
downloadaur-1427658177e989137cc89720b30618dd5efcc7d4.tar.gz
selinux-alpm-hook 0.1-3 update
Call restorecon in batches in order to improve performance. It it not possible to pipe the list of package files into "| xargs restorecon -F" because restorecon could fail sometimes (for example when there is an invalid file on the filesystem which makes calls to getxattr() fail). Implement a simple filter as a while loop which sanitizes the list of packages files before running restorecon on it, in batches handled by xargs.
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD4
-rwxr-xr-xselinux-alpm-hook7
3 files changed, 8 insertions, 7 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 83ac8077534c..69fc486c2f35 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = selinux-alpm-hook
pkgdesc = SELinux ALPM hook
pkgver = 0.1
- pkgrel = 2
+ pkgrel = 3
url = https://github.com/archlinuxhardened/selinux
arch = any
groups = selinux
@@ -10,7 +10,7 @@ pkgbase = selinux-alpm-hook
source = relabel-selinux.hook
source = selinux-alpm-hook
sha256sums = 4df844a89a50fe1caebe0cb92fc925b3dedf7a1a8258eef53f0dd328c1cc089e
- sha256sums = 61df36242f62a8434756d96fd6639f0fbdea9a4bb64f0d6c3a673e64546bc5d7
+ sha256sums = c85dbba69b776fbbc5f6886eb3e89406de9237f935a295f7c49d6696ea275187
pkgname = selinux-alpm-hook
diff --git a/PKGBUILD b/PKGBUILD
index 698eca928d71..d9ca3fcf0ae4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
pkgname=selinux-alpm-hook
pkgver=0.1
-pkgrel=2
+pkgrel=3
pkgdesc="SELinux ALPM hook"
arch=('any')
url="https://github.com/archlinuxhardened/selinux"
@@ -12,7 +12,7 @@ depends=('policycoreutils')
source=('relabel-selinux.hook'
'selinux-alpm-hook')
sha256sums=('4df844a89a50fe1caebe0cb92fc925b3dedf7a1a8258eef53f0dd328c1cc089e'
- '61df36242f62a8434756d96fd6639f0fbdea9a4bb64f0d6c3a673e64546bc5d7')
+ 'c85dbba69b776fbbc5f6886eb3e89406de9237f935a295f7c49d6696ea275187')
package() {
cd "${srcdir}"
diff --git a/selinux-alpm-hook b/selinux-alpm-hook
index 15abf73bd858..9ac5b060753f 100755
--- a/selinux-alpm-hook
+++ b/selinux-alpm-hook
@@ -22,12 +22,13 @@ fi
echo 'Relabeling package files...'
while read -r FILE; do
if [ -e "$FILE" ] || [ -L "$FILE" ] ; then
- /usr/bin/restorecon -F "$FILE" || die "Error while relabeling $FILE"
+ # Transmit existing files to restorecon
+ printf '%s\0' "$FILE"
else
# Only show a warning when a file does not exist as this is not fatal
- echo "Ugh, an installed file does not exist: $FILE"
+ echo >&2 "Ugh, an installed file does not exist: $FILE"
fi
-done
+done | xargs -0 /usr/bin/restorecon -F || die "Error while relabeling files"
# The install hooks of packages create files which got labelled with the wrong SELinux user
# (e.g. sysadm_u instead of system_u). Relabel all these files too.