Skip to content

fslist: search by selinux labels#1

Open
ajmes wants to merge 1 commit intoORNL-TechInt:masterfrom
ajmes:cea_filter_by_selinux_context
Open

fslist: search by selinux labels#1
ajmes wants to merge 1 commit intoORNL-TechInt:masterfrom
ajmes:cea_filter_by_selinux_context

Conversation

@ajmes
Copy link

@ajmes ajmes commented Mar 15, 2022

Hello,

Recently at the CEA we needed to find all file matching "unlabeled_t" selinux label on several filesystems. Those file had not been properly labeled due to incompatible selinux configurations on the clients.
"find -context" was to slow for us, so I have modified lester to find those files.

Here the patch that we used.

fslist: search by selinux labels
c7dd070 
This patch add a filtering mechanism with callbacks: several filters
can be used (with logical "and" between each filters).

This patch enable to retrieve and filter files with
"security.selinux" xattr.

e.g:
$ lester -A fslist -a show_ctx -a format=lustre -a newer=/bin/chmod \
-a context=".*nfs_t.*" -agenhit=/tmp/hit -o /dev/null <dev>

$ cat /tmp/hit
1647343596|1647343604|1647343596|0|0|100644|0|8908546|0:e2|\
unconfined_u:object_r:nfs_t:s0|/ROOT/test

Signed-off-by: Etienne AUJAMES <eaujames@ddn.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ajmes