diff --git a/SOURCES/0020-apply-directory-s-SELinux-context-to-freshly-created.patch b/SOURCES/0020-apply-directory-s-SELinux-context-to-freshly-created.patch new file mode 100644 index 0000000..bdae03b --- /dev/null +++ b/SOURCES/0020-apply-directory-s-SELinux-context-to-freshly-created.patch @@ -0,0 +1,83 @@ +From dabc5f8a29f34aebd9ea61405d822b5d5bef1ec2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Tue, 2 Mar 2021 14:13:29 +0100 +Subject: [PATCH] apply directory's SELinux context to freshly created mount + points +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Renaud Métrich + +Resolves: rhbz#1934076 +--- + blivet/formats/fs.py | 3 ++- + blivet/util.py | 9 +++++---- + 2 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/blivet/formats/fs.py b/blivet/formats/fs.py +index e61e5b86..a92d3485 100644 +--- a/blivet/formats/fs.py ++++ b/blivet/formats/fs.py +@@ -27,6 +27,7 @@ import os + import tempfile + import uuid as uuid_mod + import random ++import stat + + from parted import fileSystemType, PARTITION_BOOT + +@@ -582,7 +583,7 @@ class FS(DeviceFormat): + mountpoint = kwargs.get("mountpoint") or self.mountpoint + + if self._selinux_supported and flags.selinux and "ro" not in self._mount.mount_options(options).split(",") and flags.selinux_reset_fcon: +- ret = util.reset_file_context(mountpoint, chroot) ++ ret = util.reset_file_context(mountpoint, chroot, stat.S_IFDIR) + if not ret: + log.warning("Failed to reset SElinux context for newly mounted filesystem root directory to default.") + +diff --git a/blivet/util.py b/blivet/util.py +index 48b7818f..f5e0cc1a 100644 +--- a/blivet/util.py ++++ b/blivet/util.py +@@ -448,11 +448,11 @@ def get_cow_sysfs_path(dev_path, dev_sysfsPath): + ## + + +-def match_path_context(path): ++def match_path_context(path, mode=0): + """ Return the default SELinux context for the given path. """ + context = None + try: +- context = selinux.matchpathcon(os.path.normpath(path), 0)[1] ++ context = selinux.matchpathcon(os.path.normpath(path), mode)[1] + except OSError as e: + log.info("failed to get default SELinux context for %s: %s", path, e) + +@@ -491,7 +491,7 @@ def set_file_context(path, context, root=None): + return rc + + +-def reset_file_context(path, root=None): ++def reset_file_context(path, root=None, mode=0): + """ Restore the SELinux context of a file to its default value. + + Arguments: +@@ -501,12 +501,13 @@ def reset_file_context(path, root=None): + Keyword Arguments: + + root an optional chroot string ++ mode an optional mode to use + + Return Value: + + If successful, returns the file's new/default context. + """ +- context = match_path_context(path) ++ context = match_path_context(path, mode) + if context: + if set_file_context(path, context, root=root): + return context +-- +2.29.2 + diff --git a/SPECS/python-blivet.spec b/SPECS/python-blivet.spec index a85e8d6..ed6240c 100644 --- a/SPECS/python-blivet.spec +++ b/SPECS/python-blivet.spec @@ -23,7 +23,7 @@ Version: 3.2.2 #%%global prerelease .b2 # prerelease, if defined, should be something like .a1, .b1, .b2.dev1, or .c2 -Release: 9%{?prerelease}%{?dist} +Release: 10%{?prerelease}%{?dist} Epoch: 1 License: LGPLv2+ Group: System Environment/Libraries @@ -50,6 +50,7 @@ Patch15: 0016-Basic-LVM-VDO-support.patch Patch16: 0017-Let-parted-fix-fixable-issues-with-partition-table.patch Patch17: 0018-Fix-possible-UnicodeDecodeError-when-reading-sysfs-a.patch Patch18: 0019-LVM-VDO-support.patch +Patch19: 0020-apply-directory-s-SELinux-context-to-freshly-created.patch # Versions of required components (done so we make sure the buildrequires # match the requires versions of things). @@ -211,6 +212,10 @@ configuration. %endif %changelog +* Mon Mar 08 2021 Vojtech Trefny - 3.2.2-10 +- apply directory's SELinux context to freshly created mount points + Resolves: rhbz#1934076 + * Tue Feb 9 2021 Vojtech Trefny - 3.2.2-9 - LVM VDO support Resolves: rhbz#1509337