|
 |
bda387 |
From c667dbb3ebf05eafeb4fb55d3ffa22d27c25420c Mon Sep 17 00:00:00 2001
|
|
|
bda387 |
From: David Lehman <dlehman@redhat.com>
|
|
|
bda387 |
Date: Wed, 24 Oct 2018 20:12:20 -0400
|
|
|
bda387 |
Subject: [PATCH 1/3] Don't try to update sysfs path for non-block devices.
|
|
|
bda387 |
(#1579375)
|
|
|
bda387 |
|
|
|
bda387 |
---
|
|
|
bda387 |
blivet/devices/file.py | 3 +++
|
|
|
bda387 |
blivet/devices/nfs.py | 3 +++
|
|
|
bda387 |
blivet/devices/nodev.py | 3 +++
|
|
|
bda387 |
3 files changed, 9 insertions(+)
|
|
|
bda387 |
|
|
|
bda387 |
diff --git a/blivet/devices/file.py b/blivet/devices/file.py
|
|
|
bda387 |
index 55522c1d..fa3dfb8a 100644
|
|
|
bda387 |
--- a/blivet/devices/file.py
|
|
|
bda387 |
+++ b/blivet/devices/file.py
|
|
|
bda387 |
@@ -132,6 +132,9 @@ def is_name_valid(self, name):
|
|
|
bda387 |
# Override StorageDevice.is_name_valid to allow /
|
|
|
bda387 |
return not('\x00' in name or name == '.' or name == '..')
|
|
|
bda387 |
|
|
|
bda387 |
+ def update_sysfs_path(self):
|
|
|
bda387 |
+ pass
|
|
|
bda387 |
+
|
|
|
bda387 |
|
|
|
bda387 |
class SparseFileDevice(FileDevice):
|
|
|
bda387 |
|
|
|
bda387 |
diff --git a/blivet/devices/nfs.py b/blivet/devices/nfs.py
|
|
|
bda387 |
index 97cbe01e..a0142f91 100644
|
|
|
bda387 |
--- a/blivet/devices/nfs.py
|
|
|
bda387 |
+++ b/blivet/devices/nfs.py
|
|
|
bda387 |
@@ -77,3 +77,6 @@ def update_size(self, newsize=None):
|
|
|
bda387 |
def is_name_valid(self, name):
|
|
|
bda387 |
# Override StorageDevice.is_name_valid to allow /
|
|
|
bda387 |
return not('\x00' in name or name == '.' or name == '..')
|
|
|
bda387 |
+
|
|
|
bda387 |
+ def update_sysfs_path(self):
|
|
|
bda387 |
+ pass
|
|
|
bda387 |
diff --git a/blivet/devices/nodev.py b/blivet/devices/nodev.py
|
|
|
bda387 |
index f6129258..f1b87392 100644
|
|
|
bda387 |
--- a/blivet/devices/nodev.py
|
|
|
bda387 |
+++ b/blivet/devices/nodev.py
|
|
|
bda387 |
@@ -75,6 +75,9 @@ def destroy(self):
|
|
|
bda387 |
def update_size(self, newsize=None):
|
|
|
bda387 |
pass
|
|
|
bda387 |
|
|
|
bda387 |
+ def update_sysfs_path(self):
|
|
|
bda387 |
+ pass
|
|
|
bda387 |
+
|
|
|
bda387 |
|
|
|
bda387 |
class TmpFSDevice(NoDevice):
|
|
|
bda387 |
|
|
|
bda387 |
|
|
|
bda387 |
From acb0953ad89327b3ffd3571b6d45565762548203 Mon Sep 17 00:00:00 2001
|
|
|
bda387 |
From: David Lehman <dlehman@redhat.com>
|
|
|
bda387 |
Date: Wed, 24 Oct 2018 20:27:22 -0400
|
|
|
bda387 |
Subject: [PATCH 2/3] Only try to set selinux context for lost+found on ext
|
|
|
bda387 |
file systems.
|
|
|
bda387 |
|
|
|
bda387 |
Related: rhbz#1579375
|
|
|
bda387 |
---
|
|
|
bda387 |
blivet/formats/fs.py | 19 ++++++++++++++-----
|
|
|
bda387 |
tests/formats_test/selinux_test.py | 5 ++++-
|
|
|
bda387 |
2 files changed, 18 insertions(+), 6 deletions(-)
|
|
|
bda387 |
|
|
|
bda387 |
diff --git a/blivet/formats/fs.py b/blivet/formats/fs.py
|
|
|
bda387 |
index 81e367f4..b915a2de 100644
|
|
|
bda387 |
--- a/blivet/formats/fs.py
|
|
|
bda387 |
+++ b/blivet/formats/fs.py
|
|
|
bda387 |
@@ -569,11 +569,6 @@ def _post_setup(self, **kwargs):
|
|
|
bda387 |
ret = util.reset_file_context(mountpoint, chroot)
|
|
|
bda387 |
if not ret:
|
|
|
bda387 |
log.warning("Failed to reset SElinux context for newly mounted filesystem root directory to default.")
|
|
|
bda387 |
- lost_and_found_context = util.match_path_context("/lost+found")
|
|
|
bda387 |
- lost_and_found_path = os.path.join(mountpoint, "lost+found")
|
|
|
bda387 |
- ret = util.set_file_context(lost_and_found_path, lost_and_found_context, chroot)
|
|
|
bda387 |
- if not ret:
|
|
|
bda387 |
- log.warning("Failed to set SELinux context for newly mounted filesystem lost+found directory at %s to %s", lost_and_found_path, lost_and_found_context)
|
|
|
bda387 |
|
|
|
bda387 |
def _pre_teardown(self, **kwargs):
|
|
|
bda387 |
if not super(FS, self)._pre_teardown(**kwargs):
|
|
|
bda387 |
@@ -840,6 +835,20 @@ class Ext2FS(FS):
|
|
|
bda387 |
parted_system = fileSystemType["ext2"]
|
|
|
bda387 |
_metadata_size_factor = 0.93 # ext2 metadata may take 7% of space
|
|
|
bda387 |
|
|
|
bda387 |
+ def _post_setup(self, **kwargs):
|
|
|
bda387 |
+ super(Ext2FS, self)._post_setup(**kwargs)
|
|
|
bda387 |
+
|
|
|
bda387 |
+ options = kwargs.get("options", "")
|
|
|
bda387 |
+ chroot = kwargs.get("chroot", "/")
|
|
|
bda387 |
+ mountpoint = kwargs.get("mountpoint") or self.mountpoint
|
|
|
bda387 |
+
|
|
|
bda387 |
+ if flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon:
|
|
|
bda387 |
+ lost_and_found_context = util.match_path_context("/lost+found")
|
|
|
bda387 |
+ lost_and_found_path = os.path.join(mountpoint, "lost+found")
|
|
|
bda387 |
+ ret = util.set_file_context(lost_and_found_path, lost_and_found_context, chroot)
|
|
|
bda387 |
+ if not ret:
|
|
|
bda387 |
+ log.warning("Failed to set SELinux context for newly mounted filesystem lost+found directory at %s to %s", lost_and_found_path, lost_and_found_context)
|
|
|
bda387 |
+
|
|
|
bda387 |
register_device_format(Ext2FS)
|
|
|
bda387 |
|
|
|
bda387 |
|
|
|
bda387 |
diff --git a/tests/formats_test/selinux_test.py b/tests/formats_test/selinux_test.py
|
|
|
bda387 |
index 79c10327..028e084e 100644
|
|
|
bda387 |
--- a/tests/formats_test/selinux_test.py
|
|
|
bda387 |
+++ b/tests/formats_test/selinux_test.py
|
|
|
bda387 |
@@ -43,7 +43,10 @@ def exec_mount_selinux_format(self, formt, *args):
|
|
|
bda387 |
|
|
|
bda387 |
blivet.flags.flags.selinux_reset_fcon = True
|
|
|
bda387 |
fmt.setup(mountpoint="dummy") # param needed to pass string check
|
|
|
bda387 |
- lsetfilecon.assert_called_with(ANY, lost_found_context)
|
|
|
bda387 |
+ if isinstance(fmt, fs.Ext2FS):
|
|
|
bda387 |
+ lsetfilecon.assert_called_with(ANY, lost_found_context)
|
|
|
bda387 |
+ else:
|
|
|
bda387 |
+ lsetfilecon.assert_not_called()
|
|
|
bda387 |
|
|
|
bda387 |
lsetfilecon.reset_mock()
|
|
|
bda387 |
|
|
|
bda387 |
|
|
|
bda387 |
From 1b4e658f098bda3161ff0d5ffee07ea9be5c1d15 Mon Sep 17 00:00:00 2001
|
|
|
bda387 |
From: David Lehman <dlehman@redhat.com>
|
|
|
bda387 |
Date: Wed, 24 Oct 2018 20:33:36 -0400
|
|
|
bda387 |
Subject: [PATCH 3/3] Don't try to set selinux context for nodev or vfat file
|
|
|
bda387 |
systems.
|
|
|
bda387 |
|
|
|
bda387 |
Related: rhbz#1579375
|
|
|
bda387 |
---
|
|
|
bda387 |
blivet/formats/fs.py | 5 ++++-
|
|
|
bda387 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
bda387 |
|
|
|
bda387 |
diff --git a/blivet/formats/fs.py b/blivet/formats/fs.py
|
|
|
bda387 |
index b915a2de..6f09eaff 100644
|
|
|
bda387 |
--- a/blivet/formats/fs.py
|
|
|
bda387 |
+++ b/blivet/formats/fs.py
|
|
|
bda387 |
@@ -76,6 +76,7 @@ class FS(DeviceFormat):
|
|
|
bda387 |
_sync_class = fssync.UnimplementedFSSync
|
|
|
bda387 |
_writelabel_class = fswritelabel.UnimplementedFSWriteLabel
|
|
|
bda387 |
_writeuuid_class = fswriteuuid.UnimplementedFSWriteUUID
|
|
|
bda387 |
+ _selinux_supported = True
|
|
|
bda387 |
# This constant is aquired by testing some filesystems
|
|
|
bda387 |
# and it's giving us percentage of space left after the format.
|
|
|
bda387 |
# This number is more guess than precise number because this
|
|
|
bda387 |
@@ -565,7 +566,7 @@ def _post_setup(self, **kwargs):
|
|
|
bda387 |
chroot = kwargs.get("chroot", "/")
|
|
|
bda387 |
mountpoint = kwargs.get("mountpoint") or self.mountpoint
|
|
|
bda387 |
|
|
|
bda387 |
- if flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon:
|
|
|
bda387 |
+ if self._selinux_supported and flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon:
|
|
|
bda387 |
ret = util.reset_file_context(mountpoint, chroot)
|
|
|
bda387 |
if not ret:
|
|
|
bda387 |
log.warning("Failed to reset SElinux context for newly mounted filesystem root directory to default.")
|
|
|
bda387 |
@@ -902,6 +903,7 @@ class FATFS(FS):
|
|
|
bda387 |
_metadata_size_factor = 0.99 # fat metadata may take 1% of space
|
|
|
bda387 |
# FIXME this should be fat32 in some cases
|
|
|
bda387 |
parted_system = fileSystemType["fat16"]
|
|
|
bda387 |
+ _selinux_supported = False
|
|
|
bda387 |
|
|
|
bda387 |
def generate_new_uuid(self):
|
|
|
bda387 |
ret = ""
|
|
|
bda387 |
@@ -1235,6 +1237,7 @@ class NoDevFS(FS):
|
|
|
bda387 |
""" nodev filesystem base class """
|
|
|
bda387 |
_type = "nodev"
|
|
|
bda387 |
_mount_class = fsmount.NoDevFSMount
|
|
|
bda387 |
+ _selinux_supported = False
|
|
|
bda387 |
|
|
|
bda387 |
def __init__(self, **kwargs):
|
|
|
bda387 |
FS.__init__(self, **kwargs)
|