Hello Piotr Kliczewski, Yaniv Bronhaim, Dan Kenigsberg, Francesco Romani, Sahina Bose,

I'd like you to do a code review. Please visit

https://gerrit.ovirt.org/64296

to review the following change.

Change subject: gluster: set selinux labels while creating bricks ......................................................................

gluster: set selinux labels while creating bricks

brick should have correct selinux labels on the brick mount points. But it missing in the createBrick vdsm verb.

This patch sets the correct selinux lables on brick mount point using 'restorecon' and 'semanage' commands

Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Bug-Url: https://bugzilla.redhat.com/1368474 Signed-off-by: Ramesh Nachimuthu rnachimu@redhat.com Reviewed-on: https://gerrit.ovirt.org/62773 Continuous-Integration: Jenkins CI Reviewed-by: Yaniv Bronhaim ybronhei@redhat.com Reviewed-by: Piotr Kliczewski piotr.kliczewski@gmail.com Reviewed-by: Sahina Bose sabose@redhat.com Reviewed-by: Francesco Romani fromani@redhat.com Reviewed-by: Dan Kenigsberg danken@redhat.com --- M vdsm/gluster/exception.py M vdsm/gluster/storagedev.py 2 files changed, 40 insertions(+), 0 deletions(-)

git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/96/64296/1

diff --git a/vdsm/gluster/exception.py b/vdsm/gluster/exception.py index 1e1b961..369d6dd 100644 --- a/vdsm/gluster/exception.py +++ b/vdsm/gluster/exception.py @@ -477,6 +477,28 @@ message = "vgscan failed"

+class GlusterHostFailedToSetSelinuxContext(GlusterHostException): + code = 4420 + + def __init__(self, brickMountPoint=None, rc=0, out=(), err=()): + self.rc = rc + self.out = out + self.err = err + self.message = "Failed to set selinux context on the brick : %s" \ + % brickMountPoint + + +class GlusterHostFailedToRunRestorecon(GlusterHostException): + code = 4421 + + def __init__(self, brickMountPoint=None, rc=0, out=(), err=()): + self.rc = rc + self.out = out + self.err = err + self.message = "Failed to run restorecon on the brick : %s" \ + % brickMountPoint + + # Hook class GlusterHookException(GlusterException): code = 4500 diff --git a/vdsm/gluster/storagedev.py b/vdsm/gluster/storagedev.py index ca1ee01..43f8c5f 100644 --- a/vdsm/gluster/storagedev.py +++ b/vdsm/gluster/storagedev.py @@ -21,6 +21,7 @@ import errno import logging import os +import selinux

import blivet import blivet.formats @@ -54,6 +55,9 @@ _vgscanCommandPath = utils.CommandPath("vgscan", "/sbin/vgscan", "/usr/sbin/vgscan",) +_semanageCommandPath = utils.CommandPath("semanage", + "/sbin/semanage", + "/usr/sbin/semanage",)

# All size are in MiB unless otherwise specified DEFAULT_CHUNK_SIZE_KB = 256 @@ -313,4 +317,18 @@ raise ge.GlusterHostStorageDeviceVGScanFailedException(rc, out, err) fstab.FsTab().add(thinlv.path, mountPoint, DEFAULT_FS_TYPE, mntOpts=[DEFAULT_MOUNT_OPTIONS]) + + # If selinux is enabled, set correct selinux labels on the brick. + if selinux.is_selinux_enabled(): + rc, out, err = commands.execCmd([_semanageCommandPath.cmd, + 'fcontext', '-a', '-t', + 'glusterd_brick_t', mountPoint]) + if rc: + raise ge.GlusterHostFailedToSetSelinuxContext(mountPoint, rc, + out, err) + try: + selinux.restorecon(mountPoint, recursive=True) + except OSError as e: + errMsg = "[Errno %s] %s: '%s'" % (e.errno, e.strerror, e.filename) + raise ge.GlusterHostFailedToRunRestorecon(mountPoint, err=errMsg) return _getDeviceDict(thinlv)