From c667dbb3ebf05eafeb4fb55d3ffa22d27c25420c Mon Sep 17 00:00:00 2001 From: David Lehman Date: Wed, 24 Oct 2018 20:12:20 -0400 Subject: [PATCH 1/3] Don't try to update sysfs path for non-block devices. (#1579375) --- blivet/devices/file.py | 3 +++ blivet/devices/nfs.py | 3 +++ blivet/devices/nodev.py | 3 +++ 3 files changed, 9 insertions(+) diff --git a/blivet/devices/file.py b/blivet/devices/file.py index 55522c1d..fa3dfb8a 100644 --- a/blivet/devices/file.py +++ b/blivet/devices/file.py @@ -132,6 +132,9 @@ def is_name_valid(self, name): # Override StorageDevice.is_name_valid to allow / return not('\x00' in name or name == '.' or name == '..') + def update_sysfs_path(self): + pass + class SparseFileDevice(FileDevice): diff --git a/blivet/devices/nfs.py b/blivet/devices/nfs.py index 97cbe01e..a0142f91 100644 --- a/blivet/devices/nfs.py +++ b/blivet/devices/nfs.py @@ -77,3 +77,6 @@ def update_size(self, newsize=None): def is_name_valid(self, name): # Override StorageDevice.is_name_valid to allow / return not('\x00' in name or name == '.' or name == '..') + + def update_sysfs_path(self): + pass diff --git a/blivet/devices/nodev.py b/blivet/devices/nodev.py index f6129258..f1b87392 100644 --- a/blivet/devices/nodev.py +++ b/blivet/devices/nodev.py @@ -75,6 +75,9 @@ def destroy(self): def update_size(self, newsize=None): pass + def update_sysfs_path(self): + pass + class TmpFSDevice(NoDevice): From acb0953ad89327b3ffd3571b6d45565762548203 Mon Sep 17 00:00:00 2001 From: David Lehman Date: Wed, 24 Oct 2018 20:27:22 -0400 Subject: [PATCH 2/3] Only try to set selinux context for lost+found on ext file systems. Related: rhbz#1579375 --- blivet/formats/fs.py | 19 ++++++++++++++----- tests/formats_test/selinux_test.py | 5 ++++- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/blivet/formats/fs.py b/blivet/formats/fs.py index 81e367f4..b915a2de 100644 --- a/blivet/formats/fs.py +++ b/blivet/formats/fs.py @@ -569,11 +569,6 @@ def _post_setup(self, **kwargs): ret = util.reset_file_context(mountpoint, chroot) if not ret: log.warning("Failed to reset SElinux context for newly mounted filesystem root directory to default.") - lost_and_found_context = util.match_path_context("/lost+found") - lost_and_found_path = os.path.join(mountpoint, "lost+found") - ret = util.set_file_context(lost_and_found_path, lost_and_found_context, chroot) - if not ret: - log.warning("Failed to set SELinux context for newly mounted filesystem lost+found directory at %s to %s", lost_and_found_path, lost_and_found_context) def _pre_teardown(self, **kwargs): if not super(FS, self)._pre_teardown(**kwargs): @@ -840,6 +835,20 @@ class Ext2FS(FS): parted_system = fileSystemType["ext2"] _metadata_size_factor = 0.93 # ext2 metadata may take 7% of space + def _post_setup(self, **kwargs): + super(Ext2FS, self)._post_setup(**kwargs) + + options = kwargs.get("options", "") + chroot = kwargs.get("chroot", "/") + mountpoint = kwargs.get("mountpoint") or self.mountpoint + + if flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon: + lost_and_found_context = util.match_path_context("/lost+found") + lost_and_found_path = os.path.join(mountpoint, "lost+found") + ret = util.set_file_context(lost_and_found_path, lost_and_found_context, chroot) + if not ret: + log.warning("Failed to set SELinux context for newly mounted filesystem lost+found directory at %s to %s", lost_and_found_path, lost_and_found_context) + register_device_format(Ext2FS) diff --git a/tests/formats_test/selinux_test.py b/tests/formats_test/selinux_test.py index 79c10327..028e084e 100644 --- a/tests/formats_test/selinux_test.py +++ b/tests/formats_test/selinux_test.py @@ -43,7 +43,10 @@ def exec_mount_selinux_format(self, formt, *args): blivet.flags.flags.selinux_reset_fcon = True fmt.setup(mountpoint="dummy") # param needed to pass string check - lsetfilecon.assert_called_with(ANY, lost_found_context) + if isinstance(fmt, fs.Ext2FS): + lsetfilecon.assert_called_with(ANY, lost_found_context) + else: + lsetfilecon.assert_not_called() lsetfilecon.reset_mock() From 1b4e658f098bda3161ff0d5ffee07ea9be5c1d15 Mon Sep 17 00:00:00 2001 From: David Lehman Date: Wed, 24 Oct 2018 20:33:36 -0400 Subject: [PATCH 3/3] Don't try to set selinux context for nodev or vfat file systems. Related: rhbz#1579375 --- blivet/formats/fs.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/blivet/formats/fs.py b/blivet/formats/fs.py index b915a2de..6f09eaff 100644 --- a/blivet/formats/fs.py +++ b/blivet/formats/fs.py @@ -76,6 +76,7 @@ class FS(DeviceFormat): _sync_class = fssync.UnimplementedFSSync _writelabel_class = fswritelabel.UnimplementedFSWriteLabel _writeuuid_class = fswriteuuid.UnimplementedFSWriteUUID + _selinux_supported = True # This constant is aquired by testing some filesystems # and it's giving us percentage of space left after the format. # This number is more guess than precise number because this @@ -565,7 +566,7 @@ def _post_setup(self, **kwargs): chroot = kwargs.get("chroot", "/") mountpoint = kwargs.get("mountpoint") or self.mountpoint - if flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon: + if self._selinux_supported and flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon: ret = util.reset_file_context(mountpoint, chroot) if not ret: log.warning("Failed to reset SElinux context for newly mounted filesystem root directory to default.") @@ -902,6 +903,7 @@ class FATFS(FS): _metadata_size_factor = 0.99 # fat metadata may take 1% of space # FIXME this should be fat32 in some cases parted_system = fileSystemType["fat16"] + _selinux_supported = False def generate_new_uuid(self): ret = "" @@ -1235,6 +1237,7 @@ class NoDevFS(FS): """ nodev filesystem base class """ _type = "nodev" _mount_class = fsmount.NoDevFSMount + _selinux_supported = False def __init__(self, **kwargs): FS.__init__(self, **kwargs)