anaconda indirectly creates this directory tree when it creates a Yum object
chrooted under /mnt/sysimage, so we need to ensure it gets the proper selinux
label.
While I'm at it, make file context setting recursive since who knows how much
stuff is in /var/cache/yum.
---
pyanaconda/packages.py | 38 ++++++++++++++++++++++----------------
1 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/pyanaconda/packages.py b/pyanaconda/packages.py
index 7d88d06..1fa2ea6 100644
--- a/pyanaconda/packages.py
+++ b/pyanaconda/packages.py
@@ -186,6 +186,22 @@ def setupTimezone(anaconda):
# FIXME: this is a huge gross hack. hard coded list of files
# created by anaconda so that we can not be killed by selinux
def setFileCons(anaconda):
+ def contextCB(arg, directory, files):
+ for file in files:
+ path = os.path.join(directory, file)
+
+ # We need to trim the rootPath off here so resetFileContext will
+ # get the proper context. Otherwise no paths will ever match.
+ if path.startswith(anaconda.rootPath):
+ path = path.replace(anaconda.rootPath, "")
+
+ if not os.access("%s/%s" % (anaconda.rootPath, path), os.R_OK):
+ log.warning("%s doesn't exist" % path)
+ continue
+
+ ret = isys.resetFileContext(path, anaconda.rootPath)
+ log.info("set fc of %s to %s" % (path, ret))
+
if flags.selinux:
log.info("setting SELinux contexts for anaconda created files")
vgs = ["/dev/%s" % vg.name for vg in anaconda.storage.vgs]
- # ugh, this is ugly
- for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig" ] + vgs:
- def addpath(x): return dir + "/" + x
-
- if not os.path.isdir(anaconda.rootPath + dir):
- continue
- dirfiles = os.listdir(anaconda.rootPath + dir)
- files.extend(map(addpath, dirfiles))
- files.append(dir)
+ for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig", "/var/cache/yum" ] + vgs:
+ os.path.walk(dir, contextCB, None)
- for f in files:
- if not os.access("%s/%s" %(anaconda.rootPath, f), os.R_OK):
- log.warning("%s doesn't exist" %(f,))
- continue
- ret = isys.resetFileContext(os.path.normpath(f),
- anaconda.rootPath)
- log.info("set fc of %s to %s" %(f, ret))
+ # os.path.walk won't include the directory we start walking at,
+ # so that needs its context set separtely.
+ contextCB(None, "", [dir])
return
--
1.7.1.1
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
08-18-2010, 07:59 PM
David Cantrell
Reset labels on /var/cache/yum as well (#623434).
Ack with one comment.
On Wed, 18 Aug 2010, Chris Lumens wrote:
anaconda indirectly creates this directory tree when it creates a Yum object
chrooted under /mnt/sysimage, so we need to ensure it gets the proper selinux
label.
While I'm at it, make file context setting recursive since who knows how much
stuff is in /var/cache/yum.
---
pyanaconda/packages.py | 38 ++++++++++++++++++++++----------------
1 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/pyanaconda/packages.py b/pyanaconda/packages.py
index 7d88d06..1fa2ea6 100644
--- a/pyanaconda/packages.py
+++ b/pyanaconda/packages.py
@@ -186,6 +186,22 @@ def setupTimezone(anaconda):
# FIXME: this is a huge gross hack. hard coded list of files
# created by anaconda so that we can not be killed by selinux
def setFileCons(anaconda):
+ def contextCB(arg, directory, files):
+ for file in files:
+ path = os.path.join(directory, file)
+
+ # We need to trim the rootPath off here so resetFileContext will
+ # get the proper context. Otherwise no paths will ever match.
+ if path.startswith(anaconda.rootPath):
+ path = path.replace(anaconda.rootPath, "")
+
+ if not os.access("%s/%s" % (anaconda.rootPath, path), os.R_OK):
+ log.warning("%s doesn't exist" % path)
+ continue
+
+ ret = isys.resetFileContext(path, anaconda.rootPath)
+ log.info("set fc of %s to %s" % (path, ret))
+
if flags.selinux:
log.info("setting SELinux contexts for anaconda created files")
vgs = ["/dev/%s" % vg.name for vg in anaconda.storage.vgs]
- # ugh, this is ugly
- for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig" ] + vgs:
- def addpath(x): return dir + "/" + x
-
- if not os.path.isdir(anaconda.rootPath + dir):
- continue
- dirfiles = os.listdir(anaconda.rootPath + dir)
- files.extend(map(addpath, dirfiles))
- files.append(dir)
+ for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig", "/var/cache/yum" ] + vgs:
Since you're touching this now, how about the first list going in to
constants.py or some place that contains static data?
+ os.path.walk(dir, contextCB, None)
- for f in files:
- if not os.access("%s/%s" %(anaconda.rootPath, f), os.R_OK):
- log.warning("%s doesn't exist" %(f,))
- continue
- ret = isys.resetFileContext(os.path.normpath(f),
- anaconda.rootPath)
- log.info("set fc of %s to %s" %(f, ret))
+ # os.path.walk won't include the directory we start walking at,
+ # so that needs its context set separtely.
+ contextCB(None, "", [dir])
return
--
David Cantrell <dcantrell@redhat.com>
Red Hat / Honolulu, HI
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
Reset labels on /var/cache/yum as well (#623434).
