This doesn't actually relabel security contexts, since arch's coreutils isn't built with selinux support, but it handles maintenance of mode and ownership if you're into that sort of thing. Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- Mostly untested for the reasons above, but it's pretty much all copypasta anyways. This is mostly here to keep compliance with the upstream tool. If anyone wants to figure out a way to add conditional SELinux support in a way that doesn't suck, be my guest. arch-tmpfiles | 40 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 40 insertions(+), 0 deletions(-) diff --git a/arch-tmpfiles b/arch-tmpfiles index 723b6b7..3b94885 100755 --- a/arch-tmpfiles +++ b/arch-tmpfiles @@ -37,6 +37,24 @@ checkparams() { return 0 } +relabel() { + local -a paths=($1) + local mode=$2 uid=$3 gid=$4 + + if ! checkparams 4 "$@"; then + warninvalid + return + fi + + for path in "${paths[@]}"; do + if [[ -e $path ]]; then + [[ $uid != '-' ]] && chown $CHOPTS "$uid" "$path" + [[ $gid != '-' ]] && chgrp $CHOPTS "$gid" "$path" + [[ $mode != '-' ]] && chmod $CHOPTS "$mode" "$path" + fi + done +} + _f() { # Create a file if it doesn't exist yet local path=$1 mode=$2 uid=$3 gid=$4 @@ -168,6 +186,28 @@ _R() { done } +_z() { + # Set ownership, access mode and relabel security context of a file or + # directory if it exists. Lines of this type accept shell-style globs in + # place of normal path names. + local -a paths=($1) + local mode=$2 uid=$3 gid=$4 + + (( CREATE )) || return 0 + + relabel "$@" +} + +_Z() { + # Recursively set ownership, access mode and relabel security context of a + # path and all its subdirectories (if it is a directory). Lines of this type + # accept shell-style globs in place of normal path names. + + (( CREATE )) || return 0 + + CHOPTS=-R relabel "$@" +} + shopt -s nullglob declare -i CREATE=0 REMOVE=0 CLEAN=0 error=0 LINENO=0 -- 1.7.8.1