diff options
| author | Jan Pokorný <jpokorny@redhat.com> | 2013-04-12 17:54:30 +0200 |
|---|---|---|
| committer | Jan Pokorný <jpokorny@redhat.com> | 2013-04-12 17:54:30 +0200 |
| commit | fca26908f07d00f6cc2fe9478b15f6f0b31f9cf2 (patch) | |
| tree | d54690a765e9ba5b5056eb5657ec2c2768e43451 /scripts/selinux/fix.sh | |
| parent | 4323819e6787d5d23f976a0843314bd83b800321 (diff) | |
| download | dotfiles-fca26908f07d00f6cc2fe9478b15f6f0b31f9cf2.tar.gz dotfiles-fca26908f07d00f6cc2fe9478b15f6f0b31f9cf2.tar.xz dotfiles-fca26908f07d00f6cc2fe9478b15f6f0b31f9cf2.zip | |
Add SELinux/ssh fixer
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
Diffstat (limited to 'scripts/selinux/fix.sh')
| -rwxr-xr-x | scripts/selinux/fix.sh | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/scripts/selinux/fix.sh b/scripts/selinux/fix.sh new file mode 100755 index 0000000..6309deb --- /dev/null +++ b/scripts/selinux/fix.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +WHICH='ssh' # pipe-delimited +WHERE='~/.ssh' # space delimited + +SEHOMEPOLICY='/etc/selinux/targeted/contexts/files/file_contexts.homedirs' + +TMPFILE=$(mktemp /tmp/.XXXXX) +#SETFILESCMD="setfiles -n -s -v -o - ${TMPFILE}" # dry-run +SETFILESCMD="setfiles -s -v -o - ${TMPFILE}" + + +# prologue: unrelated to SELinux, but affects password-less ssh in the same way +chmod 700 -- ~/.ssh +CURDIR="$(dirname $(readlink -f ~/.ssh))" +HOMEINODE=$(stat --printf %i ~) +while [ $(stat --printf %i "${CURDIR}") -ne "${HOMEINODE}" ]; do + chmod 700 -- "${CURDIR}" + CURDIR="$(dirname ${CURDIR})" +done + +grep -E "${WHICH}" -- "${SEHOMEPOLICY}" >>${TMPFILE} +${SETFILESCMD} < \ + <(echo "${WHERE}" | xargs -I '{}' sh -c '[ -d {} ] && echo "{}/"; echo "{}"') +rm -f -- "${TMPFILE}" |