Blame SOURCES/0014-Issue-5127-run-restorecon-on-dev-shm-at-server-start.patch

51b5b9
From 03ca5111a8de602ecef9ad33206ba593b242d0df Mon Sep 17 00:00:00 2001
51b5b9
From: Mark Reynolds <mreynolds@redhat.com>
51b5b9
Date: Fri, 21 Jan 2022 10:15:35 -0500
51b5b9
Subject: [PATCH 1/2] Issue 5127 - run restorecon on /dev/shm at server startup
51b5b9
51b5b9
Description:
51b5b9
51b5b9
Update the systemd service file to execute a script that runs
51b5b9
restorecon on the DB home directory.  This addresses issues with
51b5b9
backup/restore, reboot, and FS restore issues that can happen when
51b5b9
/dev/shm is missing or created outside of dscreate.
51b5b9
51b5b9
relates: https://github.com/389ds/389-ds-base/issues/5127
51b5b9
51b5b9
Reviewed by: progier & viktor (Thanks!!)
51b5b9
---
51b5b9
 Makefile.am                          |  2 +-
51b5b9
 rpm/389-ds-base.spec.in              |  1 +
51b5b9
 wrappers/ds_selinux_restorecon.sh.in | 33 ++++++++++++++++++++++++++++
51b5b9
 wrappers/systemd.template.service.in |  1 +
51b5b9
 4 files changed, 36 insertions(+), 1 deletion(-)
51b5b9
 create mode 100644 wrappers/ds_selinux_restorecon.sh.in
51b5b9
51b5b9
diff --git a/Makefile.am b/Makefile.am
51b5b9
index fc5a6a7d1..d6ad273c3 100644
51b5b9
--- a/Makefile.am
51b5b9
+++ b/Makefile.am
51b5b9
@@ -775,7 +775,7 @@ libexec_SCRIPTS += ldap/admin/src/scripts/ds_selinux_enabled \
51b5b9
 	ldap/admin/src/scripts/ds_selinux_port_query
51b5b9
 endif
51b5b9
 if SYSTEMD
51b5b9
-libexec_SCRIPTS += wrappers/ds_systemd_ask_password_acl
51b5b9
+libexec_SCRIPTS += wrappers/ds_systemd_ask_password_acl wrappers/ds_selinux_restorecon.sh
51b5b9
 endif
51b5b9
 
51b5b9
 install-data-hook:
51b5b9
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
51b5b9
index d80de8422..6c0d95abd 100644
51b5b9
--- a/rpm/389-ds-base.spec.in
51b5b9
+++ b/rpm/389-ds-base.spec.in
51b5b9
@@ -623,6 +623,7 @@ exit 0
51b5b9
 %{_sbindir}/ns-slapd
51b5b9
 %{_mandir}/man8/ns-slapd.8.gz
51b5b9
 %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
51b5b9
+%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
51b5b9
 %{_mandir}/man5/99user.ldif.5.gz
51b5b9
 %{_mandir}/man5/certmap.conf.5.gz
51b5b9
 %{_mandir}/man5/slapd-collations.conf.5.gz
51b5b9
diff --git a/wrappers/ds_selinux_restorecon.sh.in b/wrappers/ds_selinux_restorecon.sh.in
51b5b9
new file mode 100644
51b5b9
index 000000000..063347de3
51b5b9
--- /dev/null
51b5b9
+++ b/wrappers/ds_selinux_restorecon.sh.in
51b5b9
@@ -0,0 +1,33 @@
51b5b9
+#!/bin/sh
51b5b9
+# BEGIN COPYRIGHT BLOCK
51b5b9
+# Copyright (C) 2022 Red Hat, Inc.
51b5b9
+#
51b5b9
+# All rights reserved.
51b5b9
+#
51b5b9
+# License: GPL (version 3 or any later version).
51b5b9
+# See LICENSE for details.
51b5b9
+# END COPYRIGHT BLOCK
51b5b9
+
51b5b9
+# Make sure we have the path to the dse.ldif
51b5b9
+if [ -z $1 ]
51b5b9
+then
51b5b9
+    echo "usage: ${0} /etc/dirsrv/slapd-<instance>/dse.ldif"
51b5b9
+    exit 0
51b5b9
+fi
51b5b9
+
51b5b9
+if ! command -v restorecon &> /dev/null
51b5b9
+then
51b5b9
+    # restorecon is not available
51b5b9
+    exit 0
51b5b9
+fi
51b5b9
+
51b5b9
+# Grep the db_home_dir out of the config file
51b5b9
+DS_HOME_DIR=`grep 'nsslapd-db-home-directory: ' $1 | awk '{print $2}'`
51b5b9
+if [ -z "$DS_HOME_DIR" ]
51b5b9
+then
51b5b9
+    # No DB home set, that's ok
51b5b9
+    exit 0
51b5b9
+fi
51b5b9
+
51b5b9
+# Now run restorecon
51b5b9
+restorecon ${DS_HOME_DIR}
51b5b9
diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
51b5b9
index a8c21a9be..4485e0ec0 100644
51b5b9
--- a/wrappers/systemd.template.service.in
51b5b9
+++ b/wrappers/systemd.template.service.in
51b5b9
@@ -14,6 +14,7 @@ EnvironmentFile=-@initconfigdir@/@package_name@
51b5b9
 EnvironmentFile=-@initconfigdir@/@package_name@-%i
51b5b9
 PIDFile=/run/@package_name@/slapd-%i.pid
51b5b9
 ExecStartPre=@libexecdir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
51b5b9
+ExecStartPre=@libexecdir@/ds_selinux_restorecon.sh @instconfigdir@/slapd-%i/dse.ldif
51b5b9
 ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i /run/@package_name@/slapd-%i.pid
51b5b9
 PrivateTmp=on
51b5b9
 
51b5b9
-- 
51b5b9
2.31.1
51b5b9