From: Fabio M. Di Nitto <fdinitto@redhat.com>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [PATCH] resource-agents: Fix nfs mount contexts
Date: Fri, 15 Apr 2011 06:44:47 +0200 [thread overview]
Message-ID: <4DA7CD3F.8060106@redhat.com> (raw)
In-Reply-To: <1302811026-7803-1-git-send-email-lhh@redhat.com>
Hi Lon,
2 small bits here..
in nfsserver.sh, we also call restorecon.
IMHO execution of selinux tools should be conditional to selinux being
enabled and tools available.
To make this a generic upstream patch, we can do (at the beginning of
the agent):
selinuxon=""
[ -n "$(which selinuxenabled)" ] && selinuxenabled && selinuxon=1
this is mostly paranoia and to cache the result for later use. invoking
selinuxenabled is cheap.
.....
[ -n "$selinuxon" ] && [ -n "$(which restorecon)" ] && restorecon...
.....
[ -n "$selinuxon" ] && [ -n "$(which chcon)" ] && chcon -R....
chcon -R works recursively, so one invocation should be sufficient.
The main motivator behind this approach is to guarantee that we don't
need resource-agents to Requires those tools at packaging level and
enforce them on a system.
Fabio
On 04/14/2011 09:57 PM, Lon Hohberger wrote:
> Resolves: rhbz#635828
>
> Signed-off-by: Lon Hohberger <lhh@redhat.com>
> Tested-by: Corey Marthaler <cmarthal@redhat.com>
> ---
> rgmanager/src/resources/nfsserver.sh | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/rgmanager/src/resources/nfsserver.sh b/rgmanager/src/resources/nfsserver.sh
> index 17f472d..bb2632e 100644
> --- a/rgmanager/src/resources/nfsserver.sh
> +++ b/rgmanager/src/resources/nfsserver.sh
> @@ -222,6 +222,9 @@ create_tree()
> [ -f "$fp/xtab" ] || touch "$fp/xtab"
> [ -f "$fp/rmtab" ] || touch "$fp/rmtab"
>
> + chcon -R system_u:object_r:var_lib_nfs_t:s0 "$fp"
> + chcon -R system_u:object_r:var_lib_nfs_t:s0 "$fp/*"
> +
> #
> # Generate a random state file. If this ends up being what a client
> # already has in its list, that's bad, but the chances of this
next prev parent reply other threads:[~2011-04-15 4:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-14 19:57 [Cluster-devel] [PATCH] resource-agents: Fix nfs mount contexts Lon Hohberger
2011-04-14 21:41 ` Lon Hohberger
2011-04-14 22:25 ` Ryan O'Hara
2011-04-15 4:44 ` Fabio M. Di Nitto [this message]
2011-04-15 14:49 ` Lon Hohberger
-- strict thread matches above, loose matches on Subject: below --
2011-04-15 15:18 Lon Hohberger
2011-04-15 15:24 ` Fabio M. Di Nitto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DA7CD3F.8060106@redhat.com \
--to=fdinitto@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).