e3c68b
From 02a93265fe4e78e7fc3fa8c6caa773cbe02f50b6 Mon Sep 17 00:00:00 2001
e3c68b
From: Anoop C S <anoopcs@redhat.com>
e3c68b
Date: Fri, 20 Dec 2019 16:01:59 +0530
e3c68b
Subject: [PATCH 344/344] Revert all fixes to include SELinux hook scripts
e3c68b
e3c68b
Following are the reverts included with this change:
e3c68b
e3c68b
Revert "extras/hooks: syntactical errors in SELinux hooks, scipt logic improved"
e3c68b
Revert "Revert "hooks: remove selinux hooks""
e3c68b
Revert "tests: subdir-mount.t is failing for brick_mux regrssion"
e3c68b
Revert "extras/hooks: Install and package newly added post add-brick hook script"
e3c68b
Revert "extras/hooks: Add SELinux label on new bricks during add-brick"
e3c68b
e3c68b
Label: DOWNSTREAM ONLY
e3c68b
e3c68b
See bug for more details.
e3c68b
e3c68b
Change-Id: I5c9b9e0e6446568ce16af17257fa39338198a827
e3c68b
BUG: 1686800
e3c68b
Signed-off-by: Anoop C S <anoopcs@redhat.com>
e3c68b
Reviewed-on: https://code.engineering.redhat.com/gerrit/188169
e3c68b
Tested-by: RHGS Build Bot <nigelb@redhat.com>
e3c68b
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
e3c68b
---
e3c68b
 configure.ac                                       |   4 -
e3c68b
 extras/hook-scripts/Makefile.am                    |   2 +-
e3c68b
 extras/hook-scripts/add-brick/post/Makefile.am     |   4 +-
e3c68b
 .../add-brick/post/S10selinux-label-brick.sh       | 100 ---------------------
e3c68b
 extras/hook-scripts/create/Makefile.am             |   1 -
e3c68b
 extras/hook-scripts/create/post/Makefile.am        |   6 --
e3c68b
 .../create/post/S10selinux-label-brick.sh          |  13 ++-
e3c68b
 extras/hook-scripts/delete/Makefile.am             |   1 -
e3c68b
 extras/hook-scripts/delete/pre/Makefile.am         |   6 --
e3c68b
 .../delete/pre/S10selinux-del-fcontext.sh          |  60 ++++++-------
e3c68b
 glusterfs.spec.in                                  |   3 -
e3c68b
 tests/bugs/glusterfs-server/bug-877992.t           |   4 +-
e3c68b
 tests/features/subdir-mount.t                      |  11 +--
e3c68b
 13 files changed, 37 insertions(+), 178 deletions(-)
e3c68b
 delete mode 100755 extras/hook-scripts/add-brick/post/S10selinux-label-brick.sh
e3c68b
 delete mode 100644 extras/hook-scripts/create/Makefile.am
e3c68b
 delete mode 100644 extras/hook-scripts/create/post/Makefile.am
e3c68b
 delete mode 100644 extras/hook-scripts/delete/Makefile.am
e3c68b
 delete mode 100644 extras/hook-scripts/delete/pre/Makefile.am
e3c68b
e3c68b
diff --git a/configure.ac b/configure.ac
e3c68b
index 98ee311..327733e 100644
e3c68b
--- a/configure.ac
e3c68b
+++ b/configure.ac
e3c68b
@@ -221,10 +221,6 @@ AC_CONFIG_FILES([Makefile
e3c68b
                 extras/hook-scripts/add-brick/Makefile
e3c68b
                 extras/hook-scripts/add-brick/pre/Makefile
e3c68b
                 extras/hook-scripts/add-brick/post/Makefile
e3c68b
-                extras/hook-scripts/create/Makefile
e3c68b
-                extras/hook-scripts/create/post/Makefile
e3c68b
-                extras/hook-scripts/delete/Makefile
e3c68b
-                extras/hook-scripts/delete/pre/Makefile
e3c68b
                 extras/hook-scripts/start/Makefile
e3c68b
                 extras/hook-scripts/start/post/Makefile
e3c68b
                 extras/hook-scripts/set/Makefile
e3c68b
diff --git a/extras/hook-scripts/Makefile.am b/extras/hook-scripts/Makefile.am
e3c68b
index 26059d7..771b37e 100644
e3c68b
--- a/extras/hook-scripts/Makefile.am
e3c68b
+++ b/extras/hook-scripts/Makefile.am
e3c68b
@@ -1,5 +1,5 @@
e3c68b
 EXTRA_DIST = S40ufo-stop.py S56glusterd-geo-rep-create-post.sh
e3c68b
-SUBDIRS = add-brick create delete set start stop reset
e3c68b
+SUBDIRS = add-brick set start stop reset
e3c68b
 
e3c68b
 scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/gsync-create/post/
e3c68b
 if USE_GEOREP
e3c68b
diff --git a/extras/hook-scripts/add-brick/post/Makefile.am b/extras/hook-scripts/add-brick/post/Makefile.am
e3c68b
index 9b236df..bfc0c1c 100644
e3c68b
--- a/extras/hook-scripts/add-brick/post/Makefile.am
e3c68b
+++ b/extras/hook-scripts/add-brick/post/Makefile.am
e3c68b
@@ -1,6 +1,6 @@
e3c68b
-EXTRA_DIST = disabled-quota-root-xattr-heal.sh S10selinux-label-brick.sh S13create-subdir-mounts.sh
e3c68b
+EXTRA_DIST = disabled-quota-root-xattr-heal.sh S13create-subdir-mounts.sh
e3c68b
 
e3c68b
 hookdir = $(GLUSTERD_WORKDIR)/hooks/1/add-brick/post/
e3c68b
 if WITH_SERVER
e3c68b
-hook_SCRIPTS = disabled-quota-root-xattr-heal.sh S10selinux-label-brick.sh S13create-subdir-mounts.sh
e3c68b
+hook_SCRIPTS = disabled-quota-root-xattr-heal.sh S13create-subdir-mounts.sh
e3c68b
 endif
e3c68b
diff --git a/extras/hook-scripts/add-brick/post/S10selinux-label-brick.sh b/extras/hook-scripts/add-brick/post/S10selinux-label-brick.sh
e3c68b
deleted file mode 100755
e3c68b
index 4a17c99..0000000
e3c68b
--- a/extras/hook-scripts/add-brick/post/S10selinux-label-brick.sh
e3c68b
+++ /dev/null
e3c68b
@@ -1,100 +0,0 @@
e3c68b
-#!/bin/bash
e3c68b
-#
e3c68b
-# Install to hooks/<HOOKS_VER>/add-brick/post
e3c68b
-#
e3c68b
-# Add an SELinux file context for each brick using the glusterd_brick_t type.
e3c68b
-# This ensures that the brick is relabeled correctly on an SELinux restart or
e3c68b
-# restore. Subsequently, run a restore on the brick path to set the selinux
e3c68b
-# labels.
e3c68b
-#
e3c68b
-###
e3c68b
-
e3c68b
-PROGNAME="Sselinux"
e3c68b
-OPTSPEC="volname:,version:,gd-workdir:,volume-op:"
e3c68b
-VOL=
e3c68b
-
e3c68b
-parse_args () {
e3c68b
-  ARGS=$(getopt -o '' -l ${OPTSPEC} -n ${PROGNAME} -- "$@")
e3c68b
-  eval set -- "${ARGS}"
e3c68b
-
e3c68b
-  while true; do
e3c68b
-    case ${1} in
e3c68b
-      --volname)
e3c68b
-        shift
e3c68b
-        VOL=${1}
e3c68b
-        ;;
e3c68b
-      --gd-workdir)
e3c68b
-          shift
e3c68b
-          GLUSTERD_WORKDIR=$1
e3c68b
-          ;;
e3c68b
-      --version)
e3c68b
-          shift
e3c68b
-          ;;
e3c68b
-      --volume-op)
e3c68b
-          shift
e3c68b
-          ;;
e3c68b
-      *)
e3c68b
-          shift
e3c68b
-          break
e3c68b
-          ;;
e3c68b
-    esac
e3c68b
-    shift
e3c68b
-  done
e3c68b
-}
e3c68b
-
e3c68b
-set_brick_labels()
e3c68b
-{
e3c68b
-  local volname="${1}"
e3c68b
-  local fctx
e3c68b
-  local list=()
e3c68b
-
e3c68b
-  fctx="$(semanage fcontext --list -C)"
e3c68b
-
e3c68b
-  # wait for new brick path to be updated under
e3c68b
-  # ${GLUSTERD_WORKDIR}/vols/${volname}/bricks/
e3c68b
-  sleep 5
e3c68b
-
e3c68b
-  # grab the path for each local brick
e3c68b
-  brickpath="${GLUSTERD_WORKDIR}/vols/${volname}/bricks/"
e3c68b
-  brickdirs=$(
e3c68b
-    find "${brickpath}" -type f -exec grep '^path=' {} \; | \
e3c68b
-    cut -d= -f 2 | \
e3c68b
-    sort -u
e3c68b
-  )
e3c68b
-
e3c68b
-  # create a list of bricks for which custom SELinux
e3c68b
-  # label doesn't exist
e3c68b
-  for b in ${brickdirs}; do
e3c68b
-    pattern="${b}(/.*)?"
e3c68b
-    echo "${fctx}" | grep "^${pattern}\s" >/dev/null
e3c68b
-    if [[ $? -ne 0 ]]; then
e3c68b
-      list+=("${pattern}")
e3c68b
-    fi
e3c68b
-  done
e3c68b
-
e3c68b
-  # Add a file context for each brick path in the list and associate with the
e3c68b
-  # glusterd_brick_t SELinux type.
e3c68b
-  for p in ${list[@]}
e3c68b
-  do
e3c68b
-    semanage fcontext --add -t glusterd_brick_t -r s0 "${p}"
e3c68b
-  done
e3c68b
-
e3c68b
-  # Set the labels for which SELinux label was added above
e3c68b
-  for b in ${brickdirs}
e3c68b
-  do
e3c68b
-    echo "${list[@]}" | grep "${b}" >/dev/null
e3c68b
-    if [[ $? -eq 0 ]]; then
e3c68b
-      restorecon -R "${b}"
e3c68b
-    fi
e3c68b
-  done
e3c68b
-}
e3c68b
-
e3c68b
-SELINUX_STATE=$(which getenforce && getenforce)
e3c68b
-[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0
e3c68b
-
e3c68b
-parse_args "$@"
e3c68b
-[ -z "${VOL}" ] && exit 1
e3c68b
-
e3c68b
-set_brick_labels "${VOL}"
e3c68b
-
e3c68b
-exit 0
e3c68b
diff --git a/extras/hook-scripts/create/Makefile.am b/extras/hook-scripts/create/Makefile.am
e3c68b
deleted file mode 100644
e3c68b
index b083a91..0000000
e3c68b
--- a/extras/hook-scripts/create/Makefile.am
e3c68b
+++ /dev/null
e3c68b
@@ -1 +0,0 @@
e3c68b
-SUBDIRS = post
e3c68b
diff --git a/extras/hook-scripts/create/post/Makefile.am b/extras/hook-scripts/create/post/Makefile.am
e3c68b
deleted file mode 100644
e3c68b
index 919801a..0000000
e3c68b
--- a/extras/hook-scripts/create/post/Makefile.am
e3c68b
+++ /dev/null
e3c68b
@@ -1,6 +0,0 @@
e3c68b
-EXTRA_DIST = S10selinux-label-brick.sh
e3c68b
-
e3c68b
-scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/create/post/
e3c68b
-if WITH_SERVER
e3c68b
-scripts_SCRIPTS = S10selinux-label-brick.sh
e3c68b
-endif
e3c68b
diff --git a/extras/hook-scripts/create/post/S10selinux-label-brick.sh b/extras/hook-scripts/create/post/S10selinux-label-brick.sh
e3c68b
index f9b4b1a..de242d2 100755
e3c68b
--- a/extras/hook-scripts/create/post/S10selinux-label-brick.sh
e3c68b
+++ b/extras/hook-scripts/create/post/S10selinux-label-brick.sh
e3c68b
@@ -34,21 +34,18 @@ parse_args () {
e3c68b
 
e3c68b
 set_brick_labels()
e3c68b
 {
e3c68b
-  volname="${1}"
e3c68b
+  volname=${1}
e3c68b
 
e3c68b
   # grab the path for each local brick
e3c68b
-  brickpath="/var/lib/glusterd/vols/${volname}/bricks/"
e3c68b
-  brickdirs=$(
e3c68b
-    find "${brickpath}" -type f -exec grep '^path=' {} \; | \
e3c68b
-    cut -d= -f 2 | \
e3c68b
-    sort -u
e3c68b
-  )
e3c68b
+  brickpath="/var/lib/glusterd/vols/${volname}/bricks/*"
e3c68b
+  brickdirs=$(grep '^path=' "${brickpath}" | cut -d= -f 2 | sort -u)
e3c68b
 
e3c68b
   for b in ${brickdirs}; do
e3c68b
     # Add a file context for each brick path and associate with the
e3c68b
     # glusterd_brick_t SELinux type.
e3c68b
-    pattern="${b}(/.*)?"
e3c68b
+    pattern="${b}\(/.*\)?"
e3c68b
     semanage fcontext --add -t glusterd_brick_t -r s0 "${pattern}"
e3c68b
+
e3c68b
     # Set the labels on the new brick path.
e3c68b
     restorecon -R "${b}"
e3c68b
   done
e3c68b
diff --git a/extras/hook-scripts/delete/Makefile.am b/extras/hook-scripts/delete/Makefile.am
e3c68b
deleted file mode 100644
e3c68b
index c98a05d..0000000
e3c68b
--- a/extras/hook-scripts/delete/Makefile.am
e3c68b
+++ /dev/null
e3c68b
@@ -1 +0,0 @@
e3c68b
-SUBDIRS = pre
e3c68b
diff --git a/extras/hook-scripts/delete/pre/Makefile.am b/extras/hook-scripts/delete/pre/Makefile.am
e3c68b
deleted file mode 100644
e3c68b
index 93a6b85..0000000
e3c68b
--- a/extras/hook-scripts/delete/pre/Makefile.am
e3c68b
+++ /dev/null
e3c68b
@@ -1,6 +0,0 @@
e3c68b
-EXTRA_DIST = S10selinux-del-fcontext.sh
e3c68b
-
e3c68b
-scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/delete/pre/
e3c68b
-if WITH_SERVER
e3c68b
-scripts_SCRIPTS = S10selinux-del-fcontext.sh
e3c68b
-endif
e3c68b
diff --git a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh b/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh
e3c68b
index e7f4e8f..6eba66f 100755
e3c68b
--- a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh
e3c68b
+++ b/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh
e3c68b
@@ -15,55 +15,45 @@ OPTSPEC="volname:"
e3c68b
 VOL=
e3c68b
 
e3c68b
 function parse_args () {
e3c68b
-  ARGS=$(getopt -o '' -l ${OPTSPEC} -n ${PROGNAME} -- "$@")
e3c68b
-  eval set -- "${ARGS}"
e3c68b
-
e3c68b
-  while true; do
e3c68b
-    case ${1} in
e3c68b
-      --volname)
e3c68b
-        shift
e3c68b
-        VOL=${1}
e3c68b
-      ;;
e3c68b
-      *)
e3c68b
+        ARGS=$(getopt -o '' -l $OPTSPEC -n $PROGNAME -- "$@")
e3c68b
+        eval set -- "$ARGS"
e3c68b
+
e3c68b
+        while true; do
e3c68b
+        case $1 in
e3c68b
+        --volname)
e3c68b
+         shift
e3c68b
+         VOL=$1
e3c68b
+         ;;
e3c68b
+        *)
e3c68b
+         shift
e3c68b
+         break
e3c68b
+         ;;
e3c68b
+        esac
e3c68b
         shift
e3c68b
-        break
e3c68b
-      ;;
e3c68b
-    esac
e3c68b
-    shift
e3c68b
-  done
e3c68b
+        done
e3c68b
 }
e3c68b
 
e3c68b
 function delete_brick_fcontext()
e3c68b
 {
e3c68b
-  volname="${1}"
e3c68b
-
e3c68b
-  # grab the path for each local brick
e3c68b
-  brickpath="/var/lib/glusterd/vols/${volname}/bricks/"
e3c68b
-  brickdirs=$(
e3c68b
-    find "${brickpath}" -type f -exec grep '^path=' {} \; | \
e3c68b
-    cut -d= -f 2 | \
e3c68b
-    sort -u
e3c68b
-  )
e3c68b
-
e3c68b
-  for b in ${brickdirs}
e3c68b
-  do
e3c68b
-    # remove the file context associated with the brick path
e3c68b
-    pattern="${b}(/.*)?"
e3c68b
-    semanage fcontext --delete "${pattern}"
e3c68b
+        volname=$1
e3c68b
 
e3c68b
-    # remove the labels on brick path.
e3c68b
-    restorecon -R "${b}"
e3c68b
- done
e3c68b
+        # grab the path for each local brick
e3c68b
+        brickdirs=$(grep '^path=' /var/lib/glusterd/vols/${volname}/bricks/* | cut -d= -f 2)
e3c68b
 
e3c68b
+        for b in $brickdirs
e3c68b
+        do
e3c68b
+                # remove the file context associated with the brick path
e3c68b
+                semanage fcontext --delete $b\(/.*\)?
e3c68b
+        done
e3c68b
 }
e3c68b
 
e3c68b
 SELINUX_STATE=$(which getenforce && getenforce)
e3c68b
 [ "${SELINUX_STATE}" = 'Disabled' ] && exit 0
e3c68b
 
e3c68b
 parse_args "$@"
e3c68b
-[ -z "${VOL}" ] && exit 1
e3c68b
+[ -z "$VOL" ] && exit 1
e3c68b
 
e3c68b
-delete_brick_fcontext "${VOL}"
e3c68b
+delete_brick_fcontext $VOL
e3c68b
 
e3c68b
 # failure to delete the fcontext is not fatal
e3c68b
 exit 0
e3c68b
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
e3c68b
index 012989a..671ee27 100644
e3c68b
--- a/glusterfs.spec.in
e3c68b
+++ b/glusterfs.spec.in
e3c68b
@@ -1447,13 +1447,11 @@ exit 0
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/post
e3c68b
             %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/post/disabled-quota-root-xattr-heal.sh
e3c68b
-            %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/post/S10selinux-label-brick.sh
e3c68b
             %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/post/S13create-subdir-mounts.sh
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/pre
e3c68b
             %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/pre/S28Quota-enable-root-xattr-heal.sh
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/post
e3c68b
-            %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/post/S10selinux-label-brick.sh
e3c68b
 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/pre
e3c68b
 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/copy-file
e3c68b
 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/copy-file/post
e3c68b
@@ -1462,7 +1460,6 @@ exit 0
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/post
e3c68b
                             %{_sharedstatedir}/glusterd/hooks/1/delete/post/S57glusterfind-delete-post
e3c68b
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/pre
e3c68b
-            %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/pre/S10selinux-del-fcontext.sh
e3c68b
 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick
e3c68b
 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick/post
e3c68b
 %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick/pre
e3c68b
diff --git a/tests/bugs/glusterfs-server/bug-877992.t b/tests/bugs/glusterfs-server/bug-877992.t
e3c68b
index 300000b..aeb73ed 100755
e3c68b
--- a/tests/bugs/glusterfs-server/bug-877992.t
e3c68b
+++ b/tests/bugs/glusterfs-server/bug-877992.t
e3c68b
@@ -46,9 +46,7 @@ TEST $CLI volume create $V0 $H0:$B0/${V0}1;
e3c68b
 EXPECT "$V0" volinfo_field $V0 'Volume Name';
e3c68b
 EXPECT 'Created' volinfo_field $V0 'Status';
e3c68b
 EXPECT 'createPre' cat /tmp/pre.out;
e3c68b
-# Spost.sh comes after S10selinux-label-brick.sh under create post hook script
e3c68b
-# list. So consider the delay in setting SELinux context on bricks
e3c68b
-EXPECT_WITHIN 5 'createPost' cat /tmp/post.out;
e3c68b
+EXPECT 'createPost' cat /tmp/post.out;
e3c68b
 hooks_cleanup 'create'
e3c68b
 
e3c68b
 
e3c68b
diff --git a/tests/features/subdir-mount.t b/tests/features/subdir-mount.t
e3c68b
index a02bd6b..8401946 100644
e3c68b
--- a/tests/features/subdir-mount.t
e3c68b
+++ b/tests/features/subdir-mount.t
e3c68b
@@ -85,17 +85,12 @@ TEST $CLI volume start $V0
e3c68b
 TEST $GFS --subdir-mount /subdir1/subdir1.1/subdir1.2 -s $H0 --volfile-id $V0 $M2
e3c68b
 TEST stat $M2
e3c68b
 
e3c68b
-initcnt=`grep -i create-subdir-mounts /var/log/glusterfs/glusterd.log  | wc -l`
e3c68b
 # mount shouldn't fail even after add-brick
e3c68b
 TEST $CLI volume add-brick $V0 replica 2 $H0:$B0/${V0}{5,6};
e3c68b
 
e3c68b
-# Wait to execute create-subdir-mounts.sh script by glusterd
e3c68b
-newcnt=`grep -i create-subdir-mounts /var/log/glusterfs/glusterd.log  | wc -l`
e3c68b
-while [ $newcnt -eq $initcnt ]
e3c68b
-do
e3c68b
-   newcnt=`grep -i create-subdir-mounts /var/log/glusterfs/glusterd.log  | wc -l`
e3c68b
-   sleep 1
e3c68b
-done
e3c68b
+# Give time for client process to get notified and use the new
e3c68b
+# volfile after add-brick
e3c68b
+sleep 1
e3c68b
 
e3c68b
 # Existing mount should still be active
e3c68b
 mount_inode=$(stat --format "%i" "$M2")
e3c68b
-- 
e3c68b
1.8.3.1
e3c68b