Hello Piotr Kliczewski, Yaniv Bronhaim, Dan Kenigsberg, Francesco Romani, Sahina Bose, I'd like you to do a code review. Please visit https://gerrit.ovirt.org/64296 to review the following change. Change subject: gluster: set selinux labels while creating bricks ...................................................................... gluster: set selinux labels while creating bricks brick should have correct selinux labels on the brick mount points. But it missing in the createBrick vdsm verb. This patch sets the correct selinux lables on brick mount point using 'restorecon' and 'semanage' commands Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Bug-Url: https://bugzilla.redhat.com/1368474 Signed-off-by: Ramesh Nachimuthu <rnachimu(a)redhat.com&gt; Reviewed-on: https://gerrit.ovirt.org/62773 Continuous-Integration: Jenkins CI Reviewed-by: Yaniv Bronhaim <ybronhei(a)redhat.com&gt; Reviewed-by: Piotr Kliczewski <piotr.kliczewski(a)gmail.com&gt; Reviewed-by: Sahina Bose <sabose(a)redhat.com&gt; Reviewed-by: Francesco Romani <fromani(a)redhat.com&gt; Reviewed-by: Dan Kenigsberg <danken(a)redhat.com&gt; --- M vdsm/gluster/exception.py M vdsm/gluster/storagedev.py 2 files changed, 40 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/96/64296/1 diff --git a/vdsm/gluster/exception.py b/vdsm/gluster/exception.py index 1e1b961..369d6dd 100644 --- a/vdsm/gluster/exception.py +++ b/vdsm/gluster/exception.py @@ -477,6 +477,28 @@ message = "vgscan failed" +class GlusterHostFailedToSetSelinuxContext(GlusterHostException): + code = 4420 + + def __init__(self, brickMountPoint=None, rc=0, out=(), err=()): + self.rc = rc + self.out = out + self.err = err + self.message = "Failed to set selinux context on the brick : %s" \ + % brickMountPoint + + +class GlusterHostFailedToRunRestorecon(GlusterHostException): + code = 4421 + + def __init__(self, brickMountPoint=None, rc=0, out=(), err=()): + self.rc = rc + self.out = out + self.err = err + self.message = "Failed to run restorecon on the brick : %s" \ + % brickMountPoint + + # Hook class GlusterHookException(GlusterException): code = 4500 diff --git a/vdsm/gluster/storagedev.py b/vdsm/gluster/storagedev.py index ca1ee01..43f8c5f 100644 --- a/vdsm/gluster/storagedev.py +++ b/vdsm/gluster/storagedev.py @@ -21,6 +21,7 @@ import errno import logging import os +import selinux import blivet import blivet.formats @@ -54,6 +55,9 @@ _vgscanCommandPath = utils.CommandPath("vgscan", "/sbin/vgscan", "/usr/sbin/vgscan",) +_semanageCommandPath = utils.CommandPath("semanage", + "/sbin/semanage", + "/usr/sbin/semanage",) # All size are in MiB unless otherwise specified DEFAULT_CHUNK_SIZE_KB = 256 @@ -313,4 +317,18 @@ raise ge.GlusterHostStorageDeviceVGScanFailedException(rc, out, err) fstab.FsTab().add(thinlv.path, mountPoint, DEFAULT_FS_TYPE, mntOpts=[DEFAULT_MOUNT_OPTIONS]) + + # If selinux is enabled, set correct selinux labels on the brick. + if selinux.is_selinux_enabled(): + rc, out, err = commands.execCmd([_semanageCommandPath.cmd, + 'fcontext', '-a', '-t', + 'glusterd_brick_t', mountPoint]) + if rc: + raise ge.GlusterHostFailedToSetSelinuxContext(mountPoint, rc, + out, err) + try: + selinux.restorecon(mountPoint, recursive=True) + except OSError as e: + errMsg = "[Errno %s] %s: '%s'" % (e.errno, e.strerror, e.filename) + raise ge.GlusterHostFailedToRunRestorecon(mountPoint, err=errMsg) return _getDeviceDict(thinlv) -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N <rnachimu(a)redhat.com&gt; Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com&gt; Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com&gt; Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com&gt; Gerrit-Reviewer: Sahina Bose <sabose(a)redhat.com&gt; Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com&gt;