From a25382d5aa9cddde04b1b3355e9d0d1b43e66406 Mon Sep 17 00:00:00 2001 From: Atin Mukherjee Date: Mon, 16 Apr 2018 22:49:37 +0530 Subject: [PATCH 222/236] hooks: remove selinux hooks Label: DOWNSTREAM ONLY Change-Id: I810466a0ca99ab21f5a8eac8cdffbb18333d10ad BUG: 1565962 Signed-off-by: Atin Mukherjee Reviewed-on: https://code.engineering.redhat.com/gerrit/135800 Tested-by: RHGS Build Bot Reviewed-by: Jiffin Thottan Reviewed-by: Milind Changire --- configure.ac | 20 ------- extras/hook-scripts/Makefile.am | 2 +- extras/hook-scripts/create/Makefile.am | 1 - extras/hook-scripts/create/post/Makefile.am | 6 --- .../create/post/S10selinux-label-brick.sh | 62 ---------------------- extras/hook-scripts/delete/Makefile.am | 1 - extras/hook-scripts/delete/pre/Makefile.am | 6 --- .../delete/pre/S10selinux-del-fcontext.sh | 59 -------------------- glusterfs.spec.in | 5 +- 9 files changed, 4 insertions(+), 158 deletions(-) delete mode 100644 extras/hook-scripts/create/Makefile.am delete mode 100644 extras/hook-scripts/create/post/Makefile.am delete mode 100755 extras/hook-scripts/create/post/S10selinux-label-brick.sh delete mode 100644 extras/hook-scripts/delete/Makefile.am delete mode 100644 extras/hook-scripts/delete/pre/Makefile.am delete mode 100755 extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh diff --git a/configure.ac b/configure.ac index c9a1cde..b388a13 100644 --- a/configure.ac +++ b/configure.ac @@ -228,10 +228,6 @@ AC_CONFIG_FILES([Makefile extras/hook-scripts/add-brick/Makefile extras/hook-scripts/add-brick/pre/Makefile extras/hook-scripts/add-brick/post/Makefile - extras/hook-scripts/create/Makefile - extras/hook-scripts/create/post/Makefile - extras/hook-scripts/delete/Makefile - extras/hook-scripts/delete/pre/Makefile extras/hook-scripts/start/Makefile extras/hook-scripts/start/post/Makefile extras/hook-scripts/set/Makefile @@ -911,21 +907,6 @@ else fi # end of xml-output -dnl SELinux feature enablement -case $host_os in - linux*) - AC_ARG_ENABLE([selinux], - AC_HELP_STRING([--disable-selinux], - [Disable SELinux features]), - [USE_SELINUX="${enableval}"], [USE_SELINUX="yes"]) - ;; - *) - USE_SELINUX=no - ;; -esac -AM_CONDITIONAL(USE_SELINUX, test "x${USE_SELINUX}" = "xyes") -dnl end of SELinux feature enablement - AC_CHECK_HEADERS([execinfo.h], [have_backtrace=yes]) if test "x${have_backtrace}" = "xyes"; then AC_DEFINE(HAVE_BACKTRACE, 1, [define if found backtrace]) @@ -1577,7 +1558,6 @@ echo "Unit Tests : $BUILD_UNITTEST" echo "Track priv ports : $TRACK_PRIVPORTS" echo "POSIX ACLs : $BUILD_POSIX_ACLS" echo "Data Classification : $BUILD_GFDB" -echo "SELinux features : $USE_SELINUX" echo "firewalld-config : $BUILD_FIREWALLD" echo "Events : $BUILD_EVENTS" echo "EC dynamic support : $EC_DYNAMIC_SUPPORT" diff --git a/extras/hook-scripts/Makefile.am b/extras/hook-scripts/Makefile.am index 26059d7..771b37e 100644 --- a/extras/hook-scripts/Makefile.am +++ b/extras/hook-scripts/Makefile.am @@ -1,5 +1,5 @@ EXTRA_DIST = S40ufo-stop.py S56glusterd-geo-rep-create-post.sh -SUBDIRS = add-brick create delete set start stop reset +SUBDIRS = add-brick set start stop reset scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/gsync-create/post/ if USE_GEOREP diff --git a/extras/hook-scripts/create/Makefile.am b/extras/hook-scripts/create/Makefile.am deleted file mode 100644 index b083a91..0000000 --- a/extras/hook-scripts/create/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -SUBDIRS = post diff --git a/extras/hook-scripts/create/post/Makefile.am b/extras/hook-scripts/create/post/Makefile.am deleted file mode 100644 index adbce78..0000000 --- a/extras/hook-scripts/create/post/Makefile.am +++ /dev/null @@ -1,6 +0,0 @@ -EXTRA_DIST = S10selinux-label-brick.sh - -scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/create/post/ -if USE_SELINUX -scripts_SCRIPTS = S10selinux-label-brick.sh -endif diff --git a/extras/hook-scripts/create/post/S10selinux-label-brick.sh b/extras/hook-scripts/create/post/S10selinux-label-brick.sh deleted file mode 100755 index de242d2..0000000 --- a/extras/hook-scripts/create/post/S10selinux-label-brick.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# -# Install to hooks//create/post -# -# Add an SELinux file context for each brick using the glusterd_brick_t type. -# This ensures that the brick is relabeled correctly on an SELinux restart or -# restore. Subsequently, run a restore on the brick path to set the selinux -# labels. -# -### - -PROGNAME="Sselinux" -OPTSPEC="volname:" -VOL= - -parse_args () { - ARGS=$(getopt -o '' -l ${OPTSPEC} -n ${PROGNAME} -- "$@") - eval set -- "${ARGS}" - - while true; do - case ${1} in - --volname) - shift - VOL=${1} - ;; - *) - shift - break - ;; - esac - shift - done -} - -set_brick_labels() -{ - volname=${1} - - # grab the path for each local brick - brickpath="/var/lib/glusterd/vols/${volname}/bricks/*" - brickdirs=$(grep '^path=' "${brickpath}" | cut -d= -f 2 | sort -u) - - for b in ${brickdirs}; do - # Add a file context for each brick path and associate with the - # glusterd_brick_t SELinux type. - pattern="${b}\(/.*\)?" - semanage fcontext --add -t glusterd_brick_t -r s0 "${pattern}" - - # Set the labels on the new brick path. - restorecon -R "${b}" - done -} - -SELINUX_STATE=$(which getenforce && getenforce) -[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0 - -parse_args "$@" -[ -z "${VOL}" ] && exit 1 - -set_brick_labels "${VOL}" - -exit 0 diff --git a/extras/hook-scripts/delete/Makefile.am b/extras/hook-scripts/delete/Makefile.am deleted file mode 100644 index c98a05d..0000000 --- a/extras/hook-scripts/delete/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -SUBDIRS = pre diff --git a/extras/hook-scripts/delete/pre/Makefile.am b/extras/hook-scripts/delete/pre/Makefile.am deleted file mode 100644 index bf0eabe..0000000 --- a/extras/hook-scripts/delete/pre/Makefile.am +++ /dev/null @@ -1,6 +0,0 @@ -EXTRA_DIST = S10selinux-del-fcontext.sh - -scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/delete/pre/ -if USE_SELINUX -scripts_SCRIPTS = S10selinux-del-fcontext.sh -endif diff --git a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh b/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh deleted file mode 100755 index 6eba66f..0000000 --- a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -# -# Install to hooks//delete/pre -# -# Delete the file context associated with the brick path on volume deletion. The -# associated file context was added during volume creation. -# -# We do not explicitly relabel the brick, as this could be time consuming and -# unnecessary. -# -### - -PROGNAME="Sselinux" -OPTSPEC="volname:" -VOL= - -function parse_args () { - ARGS=$(getopt -o '' -l $OPTSPEC -n $PROGNAME -- "$@") - eval set -- "$ARGS" - - while true; do - case $1 in - --volname) - shift - VOL=$1 - ;; - *) - shift - break - ;; - esac - shift - done -} - -function delete_brick_fcontext() -{ - volname=$1 - - # grab the path for each local brick - brickdirs=$(grep '^path=' /var/lib/glusterd/vols/${volname}/bricks/* | cut -d= -f 2) - - for b in $brickdirs - do - # remove the file context associated with the brick path - semanage fcontext --delete $b\(/.*\)? - done -} - -SELINUX_STATE=$(which getenforce && getenforce) -[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0 - -parse_args "$@" -[ -z "$VOL" ] && exit 1 - -delete_brick_fcontext $VOL - -# failure to delete the fcontext is not fatal -exit 0 diff --git a/glusterfs.spec.in b/glusterfs.spec.in index 4b5238a..64e7e29 100644 --- a/glusterfs.spec.in +++ b/glusterfs.spec.in @@ -1523,7 +1523,6 @@ exit 0 %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/add-brick/pre/S28Quota-enable-root-xattr-heal.sh %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/post - %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/post/S10selinux-label-brick.sh %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/create/pre %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/copy-file %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/copy-file/post @@ -1532,7 +1531,6 @@ exit 0 %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/post %{_sharedstatedir}/glusterd/hooks/1/delete/post/S57glusterfind-delete-post %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/pre - %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/delete/pre/S10selinux-del-fcontext.sh %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick/post %ghost %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/hooks/1/remove-brick/pre @@ -2157,6 +2155,9 @@ fi %endif %changelog +* Wed Apr 18 2018 Atin Mukherjee +- Revert SELinux hooks (#1565962) + * Thu Feb 22 2018 Kotresh HR - Added util-linux as dependency to georeplication rpm (#1544382) -- 1.8.3.1