Compare text

Find the difference between two text files
Real-time diff
Unified diff
Collapse lines
Highlight change
Syntax highlighting
Tools

Untitled diff

Created Diff never expires
1 removal
72 lines
7 additions
77 lines
[root@smithi014 ~]# cat /usr/libexec/selinux/selinux-policy-migrate-local-changes.sh
[root@smithi014 ~]# cat /usr/libexec/selinux/selinux-policy-migrate-local-changes.sh
#!/bin/bash
#!/bin/bash
#===============================================================================
#===============================================================================
#
#
# FILE: selinux-policy-migrate-local-changes.sh
# FILE: selinux-policy-migrate-local-changes.sh
#
#
# USAGE: ./selinux-policy-migrate-local-changes.sh <POLICYTYPE>
# USAGE: ./selinux-policy-migrate-local-changes.sh <POLICYTYPE>
#
#
# DESCRIPTION: This script migrates local changes from pre-2.4 SELinux modules
# DESCRIPTION: This script migrates local changes from pre-2.4 SELinux modules
# store structure to the new structure
# store structure to the new structure
#
#
# AUTHOR: Petr Lautrbach <plautrba@redhat.com>
# AUTHOR: Petr Lautrbach <plautrba@redhat.com>
#===============================================================================
#===============================================================================


if [ ! -f /etc/selinux/config ]; then
if [ ! -f /etc/selinux/config ]; then
SELINUXTYPE=none
SELINUXTYPE=none
else
else
source /etc/selinux/config
source /etc/selinux/config
fi
fi


REBUILD=0
REBUILD=0
MIGRATE_SELINUXTYPE=$1
MIGRATE_SELINUXTYPE=$1


for local in booleans.local file_contexts.local ports.local users_extra.local users.local; do
for local in booleans.local file_contexts.local ports.local users_extra.local users.local; do
if [ -e /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/$local ]; then
if [ -e /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/$local ]; then
REBUILD=1
REBUILD=1
cp -v --preserve=mode,ownership,timestamps,links /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/$local /etc/selinux/$MIGRATE_SELINUXTYPE/active/$local
cp -v --preserve=mode,ownership,timestamps,links /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/$local /etc/selinux/$MIGRATE_SELINUXTYPE/active/$local
fi
fi
done
done
if [ -e /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/seusers ]; then
if [ -e /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/seusers ]; then
REBUILD=1
REBUILD=1
cp -v --preserve=mode,ownership,timestamps,links /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/seusers /etc/selinux/$MIGRATE_SELINUXTYPE/active/seusers.local
cp -v --preserve=mode,ownership,timestamps,links /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/seusers /etc/selinux/$MIGRATE_SELINUXTYPE/active/seusers.local
fi
fi


INSTALL_MODULES=""
INSTALL_MODULES=""
for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*disabled 2> /dev/null`; do
for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*disabled 2> /dev/null`; do
module=`basename $i | sed 's/\.pp\.disabled$//'`
module=`basename $i | sed 's/\.pp\.disabled$//'`
if [ $module == "pkcsslotd" ] || [ $module == "vbetool" ]; then
continue
fi
if [ -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
if [ -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
touch /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/disabled/$module
touch /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/disabled/$module
fi
fi
done
done
for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*.pp 2> /dev/null`; do
for i in `find /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/modules/ -name \*.pp 2> /dev/null`; do
module=`basename $i | sed 's/\.pp$//'`
module=`basename $i | sed 's/\.pp$//'`
if [ $module == "pkcsslotd" ] || [ $module == "vbetool" ]; then
continue
fi
if [ ! -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
if [ ! -d /etc/selinux/$MIGRATE_SELINUXTYPE/active/modules/100/$module ]; then
INSTALL_MODULES="${INSTALL_MODULES} $i"
INSTALL_MODULES="${INSTALL_MODULES} $i"
fi
fi
done
done
if [ -n "$INSTALL_MODULES" ]; then
if [ -n "$INSTALL_MODULES" ]; then
semodule -s $MIGRATE_SELINUXTYPE -n -X 400 -i $INSTALL_MODULES
semodule -s $MIGRATE_SELINUXTYPE -n -X 400 -i $INSTALL_MODULES
REBUILD=1
REBUILD=1
fi
fi


cat > /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/README.migrated <<EOF
cat > /etc/selinux/$MIGRATE_SELINUXTYPE/modules/active/README.migrated <<EOF
Your old modules store and local changes were migrated to the new structure in
Your old modules store and local changes were migrated to the new structure in
in the following directory:
in the following directory:


/etc/selinux/$MIGRATE_SELINUXTYPE/active
/etc/selinux/$MIGRATE_SELINUXTYPE/active


WARNING: Do not remove this file or remove /etc/selinux/$MIGRATE_SELINUXTYPE/modules
WARNING: Do not remove this file or remove /etc/selinux/$MIGRATE_SELINUXTYPE/modules
completely if you are confident that you don't need old files anymore.
completely if you are confident that you don't need old files anymore.
EOF
EOF


if [ $REBUILD = 1 ]; then
if [ ${DONT_REBUILD:-0} = 0 -a $REBUILD = 1 ]; then
semodule -B -n -s $MIGRATE_SELINUXTYPE
semodule -B -n -s $MIGRATE_SELINUXTYPE
if [ "$MIGRATE_SELINUXTYPE" = "$SELINUXTYPE" ] && selinuxenabled; then
if [ "$MIGRATE_SELINUXTYPE" = "$SELINUXTYPE" ] && selinuxenabled; then
load_policy
load_policy
if [ -x /usr/sbin/semanage ]; then
if [ -x /usr/sbin/semanage ]; then
/usr/sbin/semanage export | /usr/sbin/semanage import
/usr/sbin/semanage export | /usr/sbin/semanage import
fi
fi
fi
fi
fi
fi

Saved diffs