From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lon Hohberger Date: Fri, 15 Apr 2011 10:49:08 -0400 Subject: [Cluster-devel] [PATCH] resource-agents: Fix nfs mount contexts In-Reply-To: <4DA7CD3F.8060106@redhat.com> References: <1302811026-7803-1-git-send-email-lhh@redhat.com> <4DA7CD3F.8060106@redhat.com> Message-ID: <20110415144908.GK16203@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Fri, Apr 15, 2011 at 06:44:47AM +0200, Fabio M. Di Nitto wrote: > Hi Lon, > > 2 small bits here.. > > in nfsserver.sh, we also call restorecon. > > IMHO execution of selinux tools should be conditional to selinux being > enabled and tools available. > > To make this a generic upstream patch, we can do (at the beginning of > the agent): Yep, I'll revert the one I pushed. Sorry about that. > selinuxon="" > [ -n "$(which selinuxenabled)" ] && selinuxenabled && selinuxon=1 > > this is mostly paranoia and to cache the result for later use. invoking > selinuxenabled is cheap. > > ..... > > [ -n "$selinuxon" ] && [ -n "$(which restorecon)" ] && restorecon... > > ..... > > [ -n "$selinuxon" ] && [ -n "$(which chcon)" ] && chcon -R.... > > chcon -R works recursively, so one invocation should be sufficient. In my initial testing, it didn't work, but deleting the second line seemed to work fine now. > The main motivator behind this approach is to guarantee that we don't > need resource-agents to Requires those tools at packaging level and > enforce them on a system. Understood. -- Lon Hohberger - Red Hat, Inc.