semanage fails in case if context was already set. This lead to problems with guest [re]installation using koan for the case when fcontext was previously set to target partition. We can check for context before executing semanage, but this will unnecessary complicate code. So it is easier just to drop this check for semanage. All the fail cases, we afraid of, will happen with chcon, so once we will have the problem with selinux, target partition or weirdness with selinux, the chcon will fail and semanage will not be executed. --- koan/app.py | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/koan/app.py b/koan/app.py index e889c80..33714a1 100755 --- a/koan/app.py +++ b/koan/app.py @@ -1450,15 +1450,14 @@ class Koan: args = "/usr/bin/chcon -t %s %s" % (context_type, partition_location) print "%s" % args change_context = sub_process.call(args, close_fds=True, shell=True) + if change_context != 0: + raise InfoException, "SELinux security context setting to LVM partition failed"
# modify SELinux policy in order to preserve security context # between reboots args = "/usr/sbin/semanage fcontext -a -t %s %s" % (context_type, partition_location) print "%s" % args - change_context |= sub_process.call(args, close_fds=True, shell=True) - - if change_context != 0: - raise InfoException, "SELinux security context setting to LVM partition failed" + sub_process.call(args, close_fds=True, shell=True)
# return partition location return partition_location
Anton Arapov wrote:
semanage fails in case if context was already set. This lead to problems with guest [re]installation using koan for the case when fcontext was previously set to target partition. We can check for context before executing semanage, but this will unnecessary complicate code. So it is easier just to drop this check for semanage. All the fail cases, we afraid of, will happen with chcon, so once we will have the problem with selinux, target partition or weirdness with selinux, the chcon will fail and semanage will not be executed.
koan/app.py | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/koan/app.py b/koan/app.py index e889c80..33714a1 100755 --- a/koan/app.py +++ b/koan/app.py @@ -1450,15 +1450,14 @@ class Koan: args = "/usr/bin/chcon -t %s %s" % (context_type, partition_location) print "%s" % args change_context = sub_process.call(args, close_fds=True, shell=True)
if change_context != 0:raise InfoException, "SELinux security context setting to LVM partition failed" # modify SELinux policy in order to preserve security context # between reboots args = "/usr/sbin/semanage fcontext -a -t %s %s" % (context_type, partition_location) print "%s" % args
change_context |= sub_process.call(args, close_fds=True, shell=True)if change_context != 0:raise InfoException, "SELinux security context setting to LVM partition failed"
sub_process.call(args, close_fds=True, shell=True) # return partition location return partition_location
Applied to master (and merging to devel shortly), thanks!
--Michael
cobbler@lists.fedorahosted.org
-
Anton Arapov -
Michael DeHaan