From a25382d5aa9cddde04b1b3355e9d0d1b43e66406 Mon Sep 17 00:00:00 2001

From: Atin Mukherjee <amukherj@redhat.com>

Date: Mon, 16 Apr 2018 22:49:37 +0530

Subject: [PATCH 222/236] hooks: remove selinux hooks

Label: DOWNSTREAM ONLY

Change-Id: I810466a0ca99ab21f5a8eac8cdffbb18333d10ad

BUG: 1565962

Signed-off-by: Atin Mukherjee <amukherj@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/135800

Tested-by: RHGS Build Bot <nigelb@redhat.com>

Reviewed-by: Jiffin Thottan <jthottan@redhat.com>

Reviewed-by: Milind Changire <mchangir@redhat.com>

---

 configure.ac                                       | 20 -------

 extras/hook-scripts/Makefile.am                    |  2 +-

 extras/hook-scripts/create/Makefile.am             |  1 -

 extras/hook-scripts/create/post/Makefile.am        |  6 ---

 .../create/post/S10selinux-label-brick.sh          | 62 ----------------------

 extras/hook-scripts/delete/Makefile.am             |  1 -

 extras/hook-scripts/delete/pre/Makefile.am         |  6 ---

 .../delete/pre/S10selinux-del-fcontext.sh          | 59 --------------------

 glusterfs.spec.in                                  |  5 +-

 9 files changed, 4 insertions(+), 158 deletions(-)

 delete mode 100644 extras/hook-scripts/create/Makefile.am

 delete mode 100644 extras/hook-scripts/create/post/Makefile.am

 delete mode 100755 extras/hook-scripts/create/post/S10selinux-label-brick.sh

 delete mode 100644 extras/hook-scripts/delete/Makefile.am

 delete mode 100644 extras/hook-scripts/delete/pre/Makefile.am

 delete mode 100755 extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh

diff --git a/configure.ac b/configure.ac

index c9a1cde..b388a13 100644

--- a/configure.ac

+++ b/configure.ac

@@ -228,10 +228,6 @@ AC_CONFIG_FILES([Makefile

                 extras/hook-scripts/add-brick/Makefile

                 extras/hook-scripts/add-brick/pre/Makefile

                 extras/hook-scripts/add-brick/post/Makefile

-                extras/hook-scripts/create/Makefile

-                extras/hook-scripts/create/post/Makefile

-                extras/hook-scripts/delete/Makefile

-                extras/hook-scripts/delete/pre/Makefile

                 extras/hook-scripts/start/Makefile

                 extras/hook-scripts/start/post/Makefile

                 extras/hook-scripts/set/Makefile

@@ -911,21 +907,6 @@ else

 fi

 # end of xml-output

-dnl SELinux feature enablement

-case $host_os in

-  linux*)

-    AC_ARG_ENABLE([selinux],

-                  AC_HELP_STRING([--disable-selinux],

-                                 [Disable SELinux features]),

-                  [USE_SELINUX="${enableval}"], [USE_SELINUX="yes"])

-    ;;

-  *)

-    USE_SELINUX=no

-    ;;

-esac

-AM_CONDITIONAL(USE_SELINUX, test "x${USE_SELINUX}" = "xyes")

-dnl end of SELinux feature enablement

-

 AC_CHECK_HEADERS([execinfo.h], [have_backtrace=yes])

 if test "x${have_backtrace}" = "xyes"; then

    AC_DEFINE(HAVE_BACKTRACE, 1, [define if found backtrace])

@@ -1577,7 +1558,6 @@ echo "Unit Tests           : $BUILD_UNITTEST"

 echo "Track priv ports     : $TRACK_PRIVPORTS"

 echo "POSIX ACLs           : $BUILD_POSIX_ACLS"

 echo "Data Classification  : $BUILD_GFDB"

-echo "SELinux features     : $USE_SELINUX"

 echo "firewalld-config     : $BUILD_FIREWALLD"

 echo "Events               : $BUILD_EVENTS"

 echo "EC dynamic support   : $EC_DYNAMIC_SUPPORT"

diff --git a/extras/hook-scripts/Makefile.am b/extras/hook-scripts/Makefile.am

index 26059d7..771b37e 100644

--- a/extras/hook-scripts/Makefile.am

+++ b/extras/hook-scripts/Makefile.am

@@ -1,5 +1,5 @@

 EXTRA_DIST = S40ufo-stop.py S56glusterd-geo-rep-create-post.sh

-SUBDIRS = add-brick create delete set start stop reset

+SUBDIRS = add-brick set start stop reset

 scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/gsync-create/post/

 if USE_GEOREP

diff --git a/extras/hook-scripts/create/Makefile.am b/extras/hook-scripts/create/Makefile.am

deleted file mode 100644

index b083a91..0000000

--- a/extras/hook-scripts/create/Makefile.am

+++ /dev/null

@@ -1 +0,0 @@

-SUBDIRS = post

diff --git a/extras/hook-scripts/create/post/Makefile.am b/extras/hook-scripts/create/post/Makefile.am

deleted file mode 100644

index adbce78..0000000

--- a/extras/hook-scripts/create/post/Makefile.am

+++ /dev/null

@@ -1,6 +0,0 @@

-EXTRA_DIST = S10selinux-label-brick.sh

-

-scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/create/post/

-if USE_SELINUX

-scripts_SCRIPTS = S10selinux-label-brick.sh

-endif

diff --git a/extras/hook-scripts/create/post/S10selinux-label-brick.sh b/extras/hook-scripts/create/post/S10selinux-label-brick.sh

deleted file mode 100755

index de242d2..0000000

--- a/extras/hook-scripts/create/post/S10selinux-label-brick.sh

+++ /dev/null

@@ -1,62 +0,0 @@

-#!/bin/bash

-#

-# Install to hooks/<HOOKS_VER>/create/post

-#

-# Add an SELinux file context for each brick using the glusterd_brick_t type.

-# This ensures that the brick is relabeled correctly on an SELinux restart or

-# restore. Subsequently, run a restore on the brick path to set the selinux

-# labels.

-#

-###

-

-PROGNAME="Sselinux"

-OPTSPEC="volname:"

-VOL=

-

-parse_args () {

-  ARGS=$(getopt -o '' -l ${OPTSPEC} -n ${PROGNAME} -- "$@")

-  eval set -- "${ARGS}"

-

-  while true; do

-    case ${1} in

-      --volname)

-        shift

-        VOL=${1}

-      ;;

-      *)

-        shift

-        break

-      ;;

-    esac

-    shift

-  done

-}

-

-set_brick_labels()

-{

-  volname=${1}

-

-  # grab the path for each local brick

-  brickpath="/var/lib/glusterd/vols/${volname}/bricks/*"

-  brickdirs=$(grep '^path=' "${brickpath}" | cut -d= -f 2 | sort -u)

-

-  for b in ${brickdirs}; do

-    # Add a file context for each brick path and associate with the

-    # glusterd_brick_t SELinux type.

-    pattern="${b}\(/.*\)?"

-    semanage fcontext --add -t glusterd_brick_t -r s0 "${pattern}"

-

-    # Set the labels on the new brick path.

-    restorecon -R "${b}"

-  done

-}

-

-SELINUX_STATE=$(which getenforce && getenforce)

-[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0

-

-parse_args "$@"

-[ -z "${VOL}" ] && exit 1

-

-set_brick_labels "${VOL}"

-

-exit 0

diff --git a/extras/hook-scripts/delete/Makefile.am b/extras/hook-scripts/delete/Makefile.am

deleted file mode 100644

index c98a05d..0000000

--- a/extras/hook-scripts/delete/Makefile.am

+++ /dev/null

@@ -1 +0,0 @@

-SUBDIRS = pre

diff --git a/extras/hook-scripts/delete/pre/Makefile.am b/extras/hook-scripts/delete/pre/Makefile.am

deleted file mode 100644

index bf0eabe..0000000

--- a/extras/hook-scripts/delete/pre/Makefile.am

+++ /dev/null

@@ -1,6 +0,0 @@

-EXTRA_DIST = S10selinux-del-fcontext.sh

-

-scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/delete/pre/

-if USE_SELINUX

-scripts_SCRIPTS = S10selinux-del-fcontext.sh

-endif

diff --git a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh b/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh

deleted file mode 100755

index 6eba66f..0000000

--- a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh

+++ /dev/null

@@ -1,59 +0,0 @@

-#!/bin/bash

-#

-# Install to hooks/<HOOKS_VER>/delete/pre

-#

-# Delete the file context associated with the brick path on volume deletion. The

-# associated file context was added during volume creation.

-#

-# We do not explicitly relabel the brick, as this could be time consuming and

-# unnecessary.

-#

-###

-

-PROGNAME="Sselinux"

-OPTSPEC="volname:"

-VOL=

-

-function parse_args () {

-        ARGS=$(getopt -o '' -l $OPTSPEC -n $PROGNAME -- "$@")

-        eval set -- "$ARGS"

-

-        while true; do

-        case $1 in

-        --volname)

-         shift

-         VOL=$1

-         ;;

-        *)

-         shift

-         break

-         ;;

-        esac

-        shift

-        done

-}

-

-function delete_brick_fcontext()

-{

-        volname=$1

-

-        # grab the path for each local brick

-        brickdirs=$(grep '^path=' /var/lib/glusterd/vols/${volname}/bricks/* | cut -d= -f 2)

-

-        for b in $brickdirs

-        do

-                # remove the file context associated with the brick path

-                semanage fcontext --delete $b\(/.*\)?

-        done

-}

-

-SELINUX_STATE=$(which getenforce && getenforce)

-[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0

-

-parse_args "$@"

-[ -z "$VOL" ] && exit 1

-

-delete_brick_fcontext $VOL

-

-# failure to delete the fcontext is not fatal

-exit 0

diff --git a/glusterfs.spec.in b/glusterfs.spec.in

index 4b5238a..64e7e29 100644

--- a/glusterfs.spec.in

+++ b/glusterfs.spec.in

@@ -1523,7 +1523,6 @@ exit 0

             %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/pre/S28Quota-enable-root-xattr-heal.sh

        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create

        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/post

-            %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/post/S10selinux-label-brick.sh

 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/pre

 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/copy-file

 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/copy-file/post

@@ -1532,7 +1531,6 @@ exit 0

        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/post

                             %{_sharedstatedir}/glusterd/hooks/1/delete/post/S57glusterfind-delete-post

        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/pre

-            %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/pre/S10selinux-del-fcontext.sh

 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick

 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick/post

 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick/pre

@@ -2157,6 +2155,9 @@ fi

 %endif

 %changelog

+* Wed Apr 18 2018 Atin Mukherjee  <amukherj@redhat.com>

+- Revert SELinux hooks (#1565962)

+

 * Thu Feb 22 2018 Kotresh HR <khiremat@redhat.com>

 - Added util-linux as dependency to georeplication rpm (#1544382)

-- 

1.8.3.1