|
 |
5c64b0 |
From dabc5f8a29f34aebd9ea61405d822b5d5bef1ec2 Mon Sep 17 00:00:00 2001
|
|
|
5c64b0 |
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
|
|
|
5c64b0 |
Date: Tue, 2 Mar 2021 14:13:29 +0100
|
|
|
5c64b0 |
Subject: [PATCH] apply directory's SELinux context to freshly created mount
|
|
|
5c64b0 |
points
|
|
|
5c64b0 |
MIME-Version: 1.0
|
|
|
5c64b0 |
Content-Type: text/plain; charset=UTF-8
|
|
|
5c64b0 |
Content-Transfer-Encoding: 8bit
|
|
|
5c64b0 |
|
|
|
5c64b0 |
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
|
|
|
5c64b0 |
|
|
|
5c64b0 |
Resolves: rhbz#1934076
|
|
|
5c64b0 |
---
|
|
|
5c64b0 |
blivet/formats/fs.py | 3 ++-
|
|
|
5c64b0 |
blivet/util.py | 9 +++++----
|
|
|
5c64b0 |
2 files changed, 7 insertions(+), 5 deletions(-)
|
|
|
5c64b0 |
|
|
|
5c64b0 |
diff --git a/blivet/formats/fs.py b/blivet/formats/fs.py
|
|
|
5c64b0 |
index e61e5b86..a92d3485 100644
|
|
|
5c64b0 |
--- a/blivet/formats/fs.py
|
|
|
5c64b0 |
+++ b/blivet/formats/fs.py
|
|
|
5c64b0 |
@@ -27,6 +27,7 @@ import os
|
|
|
5c64b0 |
import tempfile
|
|
|
5c64b0 |
import uuid as uuid_mod
|
|
|
5c64b0 |
import random
|
|
|
5c64b0 |
+import stat
|
|
|
5c64b0 |
|
|
|
5c64b0 |
from parted import fileSystemType, PARTITION_BOOT
|
|
|
5c64b0 |
|
|
|
5c64b0 |
@@ -582,7 +583,7 @@ class FS(DeviceFormat):
|
|
|
5c64b0 |
mountpoint = kwargs.get("mountpoint") or self.mountpoint
|
|
|
5c64b0 |
|
|
|
5c64b0 |
if self._selinux_supported and flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon:
|
|
|
5c64b0 |
- ret = util.reset_file_context(mountpoint, chroot)
|
|
|
5c64b0 |
+ ret = util.reset_file_context(mountpoint, chroot, stat.S_IFDIR)
|
|
|
5c64b0 |
if not ret:
|
|
|
5c64b0 |
log.warning("Failed to reset SElinux context for newly mounted filesystem root directory to default.")
|
|
|
5c64b0 |
|
|
|
5c64b0 |
diff --git a/blivet/util.py b/blivet/util.py
|
|
|
5c64b0 |
index 48b7818f..f5e0cc1a 100644
|
|
|
5c64b0 |
--- a/blivet/util.py
|
|
|
5c64b0 |
+++ b/blivet/util.py
|
|
|
5c64b0 |
@@ -448,11 +448,11 @@ def get_cow_sysfs_path(dev_path, dev_sysfsPath):
|
|
|
5c64b0 |
##
|
|
|
5c64b0 |
|
|
|
5c64b0 |
|
|
|
5c64b0 |
-def match_path_context(path):
|
|
|
5c64b0 |
+def match_path_context(path, mode=0):
|
|
|
5c64b0 |
""" Return the default SELinux context for the given path. """
|
|
|
5c64b0 |
context = None
|
|
|
5c64b0 |
try:
|
|
|
5c64b0 |
- context = selinux.matchpathcon(os.path.normpath(path), 0)[1]
|
|
|
5c64b0 |
+ context = selinux.matchpathcon(os.path.normpath(path), mode)[1]
|
|
|
5c64b0 |
except OSError as e:
|
|
|
5c64b0 |
log.info("failed to get default SELinux context for %s: %s", path, e)
|
|
|
5c64b0 |
|
|
|
5c64b0 |
@@ -491,7 +491,7 @@ def set_file_context(path, context, root=None):
|
|
|
5c64b0 |
return rc
|
|
|
5c64b0 |
|
|
|
5c64b0 |
|
|
|
5c64b0 |
-def reset_file_context(path, root=None):
|
|
|
5c64b0 |
+def reset_file_context(path, root=None, mode=0):
|
|
|
5c64b0 |
""" Restore the SELinux context of a file to its default value.
|
|
|
5c64b0 |
|
|
|
5c64b0 |
Arguments:
|
|
|
5c64b0 |
@@ -501,12 +501,13 @@ def reset_file_context(path, root=None):
|
|
|
5c64b0 |
Keyword Arguments:
|
|
|
5c64b0 |
|
|
|
5c64b0 |
root an optional chroot string
|
|
|
5c64b0 |
+ mode an optional mode to use
|
|
|
5c64b0 |
|
|
|
5c64b0 |
Return Value:
|
|
|
5c64b0 |
|
|
|
5c64b0 |
If successful, returns the file's new/default context.
|
|
|
5c64b0 |
"""
|
|
|
5c64b0 |
- context = match_path_context(path)
|
|
|
5c64b0 |
+ context = match_path_context(path, mode)
|
|
|
5c64b0 |
if context:
|
|
|
5c64b0 |
if set_file_context(path, context, root=root):
|
|
|
5c64b0 |
return context
|
|
|
5c64b0 |
--
|
|
|
5c64b0 |
2.29.2
|
|
|
5c64b0 |
|