fixfiles revision 275560b2a380a5f34041fd4569a38791f25aa195 
113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#!/bin/bash
213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# fixfiles
313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Script to restore labels on a SELinux box
513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
6f77e475fd839d26face3deaa7fa27c7265618a02Joshua Brindle# Copyright (C) 2004-2009 Red Hat, Inc.
713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Authors: Dan Walsh <dwalsh@redhat.com>
813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is free software; you can redistribute it and/or modify
1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# it under the terms of the GNU General Public License as published by
1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# the Free Software Foundation; either version 2 of the License, or
1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# (at your option) any later version.
1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is distributed in the hope that it will be useful,
1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# but WITHOUT ANY WARRANTY; without even the implied warranty of
1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# GNU General Public License for more details.
1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# You should have received a copy of the GNU General Public License
2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# along with this program; if not, write to the Free Software
2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
23275560b2a380a5f34041fd4569a38791f25aa195Eric Parisexclude_dirs_from_relabelling() {
24275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    exclude_from_relabelling=
25275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    if [ -e /etc/selinux/fixfiles_exclude_dirs ]
26275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    then
27275560b2a380a5f34041fd4569a38791f25aa195Eric Paris        while read i
28275560b2a380a5f34041fd4569a38791f25aa195Eric Paris        do
29275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          # skip blank line and comment
30275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          # skip not absolute path
31275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          # skip not directory
32275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          [ -z "${i}" ] && continue
33275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
34275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          [[ ! "${i}" =~ ^/.* ]] && continue
35275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          [[ ! -d "${i}" ]] && continue
36275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          exclude_from_relabelling="$exclude_from_relabelling -e $i"
37275560b2a380a5f34041fd4569a38791f25aa195Eric Paris          logit "skipping the directory $i from relabelling"
38275560b2a380a5f34041fd4569a38791f25aa195Eric Paris        done < /etc/selinux/fixfiles_exclude_dirs
39275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    fi
40275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    echo "$exclude_from_relabelling"
41275560b2a380a5f34041fd4569a38791f25aa195Eric Paris}
42275560b2a380a5f34041fd4569a38791f25aa195Eric Paris
43275560b2a380a5f34041fd4569a38791f25aa195Eric Parisexclude_dirs() {
44275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    exclude=
45275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    for i in /home /root /tmp /dev; do
46275560b2a380a5f34041fd4569a38791f25aa195Eric Paris        [ -e $i ]  && exclude="$exclude -e $i";
47275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    done
48275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    exclude="$exclude `exclude_dirs_from_relabelling`"
49275560b2a380a5f34041fd4569a38791f25aa195Eric Paris    echo "$exclude"
50275560b2a380a5f34041fd4569a38791f25aa195Eric Paris}
51275560b2a380a5f34041fd4569a38791f25aa195Eric Paris
5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Set global Variables
5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
5513cd4c8960688af11ad23b4c946149015c80d54Joshua BrindlefullFlag=0
5613cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleFORCEFLAG=""
5713cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleDIRS=""
5813cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleRPMILES=""
5913cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleLOGFILE=`tty`
6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ $? != 0 ]; then
6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    LOGFILE="/dev/null"
6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
6313cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleSYSLOGFLAG="-l"
6413cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleLOGGER=/usr/sbin/logger
6513cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleSETFILES=/sbin/setfiles
6613cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleRESTORECON=/sbin/restorecon
67f77e475fd839d26face3deaa7fa27c7265618a02Joshua BrindleFILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
68f77e475fd839d26face3deaa7fa27c7265618a02Joshua BrindleFILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
6913cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleFILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
7013cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleSELINUXTYPE="targeted"
7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ -e /etc/selinux/config ]; then
7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    . /etc/selinux/config
7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts 
7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleelse
7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    FC=/etc/security/selinux/file_contexts
7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Log to either syslog or a LOGFILE
8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlelogit () {
8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ -n $LOGFILE ]; then
8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    echo $1 >> $LOGFILE
8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Compare PREVious File Context to currently installed File Context and 
8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# run restorecon on all files affected by the differences.
8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlediff_filecontext() {
9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ -f ${PREFC} -a -x /usr/bin/diff ]; then
9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	test -z "$TEMPFILE" && exit
9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	PREFCTEMPFILE=`mktemp ${PREFC}.XXXXXXXXXX`
9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	sed -r -e 's,:s0, ,g' $PREFC | sort -u > ${PREFCTEMPFILE}
9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	sed -r -e 's,:s0, ,g' $FC | sort -u | \
9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	/usr/bin/diff -b ${PREFCTEMPFILE} - | \
9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    grep '^[<>]'|cut -c3-| grep ^/ | \
9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	sed -r -e 's,[[:blank:]].*,,g' \
10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle               -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	       -e 's|([/[:alnum:]])\?|{\1,}|g' \
10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle               -e 's|\?.*|*|g' \
10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	       -e 's|\(.*|*|g' \
10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	       -e 's|\[.*|*|g' \
10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle               -e 's|\.\*.*|*|g' \
10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle               -e 's|\.\+.*|*|g' | \
10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    # These two sorts need to be separate commands \
10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	sort -u | \
11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	sort -d | \
11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle        while read pattern ; \
11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle                  echo "$pattern"; \
11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle                  case "$pattern" in *"*") \
11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	               echo "$pattern" | sed -e 's,^,^,' -e 's,\*$,,g' >> ${TEMPFILE};;  
11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle                  esac; \
11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle               fi; \
11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle            done | \
1192d0c192355ae836ffe047cacfc7c25e146f1fccbEric Paris	${RESTORECON} -f - -R -p `exclude_dirs`; \
12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	rm -f ${TEMPFILE} ${PREFCTEMPFILE}
12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Log all Read Only file systems 
12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
12613cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleLogReadOnly() {
12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ ! -z "$FILESYSTEMSRO" ]; then
12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    logit "Warning: Skipping the following R/O filesystems:"
12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    logit "$FILESYSTEMSRO"
13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerpmlist() {
13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr
13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 
13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# restore
14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# if called with -n will only check file context
14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerestore () {
14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ ! -z "$PREFC" ]; then
14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    diff_filecontext $*
14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    exit $?
14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ ! -z "$RPMFILES" ]; then
14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
14970849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh	rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    done
15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    exit $?
15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ ! -z "$FILEPATH" ]; then
15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    if [ -x /usr/bin/find ]; then
15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	/usr/bin/find "$FILEPATH" \
15673a1f3a8f3a5ce34a76104b0066986086fe78939Daniel J Walsh	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune  -o -print0 | \
15770849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh	    ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    else
15970849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh	${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    fi
16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    return
16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
16370849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
16413cd4c8960688af11ad23b4c946149015c80d54Joshua BrindleLogReadOnly
165275560b2a380a5f34041fd4569a38791f25aa195Eric Paris#
166275560b2a380a5f34041fd4569a38791f25aa195Eric Parisexclude_dirs="`exclude_dirs_from_relabelling`"
167275560b2a380a5f34041fd4569a38791f25aa195Eric Parisif [ -n "${exclude_dirs}" ]
168275560b2a380a5f34041fd4569a38791f25aa195Eric Paristhen
169275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
170275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	test -z "$TEMPFCFILE" && exit
171275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	/bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
172275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	exclude_dirs=${exclude_dirs//-e/}
173275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	for p in ${exclude_dirs}
174275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	do
175275560b2a380a5f34041fd4569a38791f25aa195Eric Paris		p="${p%/}"
176275560b2a380a5f34041fd4569a38791f25aa195Eric Paris		p1="${p}(/.*)? -- <<none>>"
177275560b2a380a5f34041fd4569a38791f25aa195Eric Paris		echo "${p1}" >> $TEMPFCFILE
178275560b2a380a5f34041fd4569a38791f25aa195Eric Paris		logit "skipping the directory ${p} from relabelling"
179275560b2a380a5f34041fd4569a38791f25aa195Eric Paris	done
180275560b2a380a5f34041fd4569a38791f25aa195Eric ParisFC=$TEMPFCFILE
181275560b2a380a5f34041fd4569a38791f25aa195Eric Parisfi
18270849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
183275560b2a380a5f34041fd4569a38791f25aa195Eric Parisrm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
184275560b2a380a5f34041fd4569a38791f25aa195Eric Paris
1852bd5fd1642ef190fa593c2cc608970fe29771d54Eric Parisfind /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete
18695e4b5c3cc37f2c62bf99428275908d7da6e4a0eJoshua Brindlefind /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
18795e4b5c3cc37f2c62bf99428275908d7da6e4a0eJoshua Brindlefind /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
188593154505a8f8c99e8f19b0aae352cd4d1d7e173Eric Parisfind /var/run \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \;
189593154505a8f8c99e8f19b0aae352cd4d1d7e173Eric Paris[ -e /var/lib/debug ] && find /var/lib/debug \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \;
19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleexit $?
19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefullrelabel() {
19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    logit "Cleaning out /tmp"
1956084f72aafc8c7f70ef972e950dcc73777594c32Eric Paris    find /tmp/ -mindepth 1 -delete
19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    LogReadOnly
19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    restore
19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerelabel() {
20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    if [ ! -z "$RPMFILES" ]; then
20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	restore 
20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    fi
20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    if [ $fullFlag == 1  ]; then
20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	fullrelabel
20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    fi
20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    echo -n "
21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    Files in the /tmp directory may be labeled incorrectly, this command 
21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    can remove all files in /tmp.  If you choose to remove files from /tmp, 
21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    a reboot will be required after completion.
21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    
21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    Do you wish to clean out the /tmp directory [N]? "
21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    read answer
21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    if [ "$answer" = y -o  "$answer" = Y ]; then 
21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	fullrelabel
21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    else
21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	restore
22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    fi
22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleprocess() {
22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Make sure they specified one of the three valid commands
22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecase "$1" in
22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    restore) restore -p ;;
22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    check) restore -n -v;;
23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    verify) restore -n -o -;;
23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    relabel) relabel;;
23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    onboot)
23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	touch /.autorelabel
23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	echo "System will relabel on next boot"
23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	;;
23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    *)
23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    usage
23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    exit 1
23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleesac
24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleusage() {
24270849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh      	echo $"""
24370849975f81d2494fb996efe09c50a5bc63f7b33Daniel J WalshUsage: $0 [-F] [-l logfile ] { check | restore| [-f] relabel | verify } [[dir/file] ... ] 
24470849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walshor
24570849975f81d2494fb996efe09c50a5bc63f7b33Daniel J WalshUsage: $0 [-F] -R rpmpackage[,rpmpackage...] [-l logfile ] { check | restore | verify }
24670849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walshor
24770849975f81d2494fb996efe09c50a5bc63f7b33Daniel J WalshUsage: $0 [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
24870849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walshor
24970849975f81d2494fb996efe09c50a5bc63f7b33Daniel J WalshUsage: $0 onboot
25070849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walsh"""
25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ $# = 0 ]; then
25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	usage
25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	exit 1
25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# See how we were called.
25970849975f81d2494fb996efe09c50a5bc63f7b33Daniel J Walshwhile getopts "C:FfR:l:" i; do
26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    case "$i" in
26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	f)
26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		fullFlag=1
26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		;;
26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle        R)
26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		RPMFILES=$OPTARG
26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		;;
26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle        l)
26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		LOGFILE=$OPTARG
26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		;;
27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle        C)
27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		PREFC=$OPTARG
27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		;;
27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	F)
27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		FORCEFLAG="-F"
27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		;;
27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	*)
27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    usage
27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    exit 1
27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleesac
28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledone
28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Move out processed options from arguments
28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleshift $(( OPTIND - 1 ))
28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Check for the command
28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecommand=$1
28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ -z $command ]; then
28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    usage
28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Move out command from arguments
29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleshift
29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# check if they specified both DIRS and RPMFILES
29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#
29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleif [ ! -z "$RPMFILES" ]; then
29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    process $command
30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    if [ $# -gt 0 ]; then
30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    usage
30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    fi
30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleelse
30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    if [ -z "$1" ]; then
30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	process $command
30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    else
30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	while [ -n "$1" ]; do 
30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    FILEPATH=$1
30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    process $command 
31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	    shift
31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    	done
31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle    fi
31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefi
31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleexit $?
315