backend/server/configFilesHandler.py | 4 +++-
client/tools/rhncfg/config_common/repository.py | 9 +++++++++
web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm | 2 ++
web/modules/rhn/RHN/DB/ConfigRevision.pm | 4 ++--
web/modules/rhn/RHN/ProxyInstall.pm | 2 ++
5 files changed, 18 insertions(+), 3 deletions(-)
New commits:
commit 82c993afb4324e5702e69ba0cec35692c79c98ad
Author: Miroslav Suchý <msuchy(a)redhat.com>
Date: Thu Aug 20 10:08:34 2009 +0200
fix an ISE relating to config management w/selinux
Contributed by Joshua Roys:
Attached is a patch to kill another bug in the configuration management w/selinux. Specifically, backend/server/configFilesHandler.py ended up calling the old version of lookup_config_info, which caused all file uploads to fail in an ISE. In fixing this, I also added functionality to upload the selinux context of files to spacewalk in client/tools/rhncfg/config_common/repository.py . The other changes are for completeness, as they look like they could cause problems in the future.
diff --git a/backend/server/configFilesHandler.py b/backend/server/configFilesHandler.py
index 996d221..f00a937 100644
--- a/backend/server/configFilesHandler.py
+++ b/backend/server/configFilesHandler.py
@@ -158,6 +158,8 @@ class ConfigFilesHandler(rhnHandler):
file['username'] = file['user']
file['groupname'] = file['group']
file['file_mode'] = file['mode']
+ if not file.has_key('selinux_ctx'):
+ file['selinux_ctx'] = ''
result = {}
@@ -321,7 +323,7 @@ class ConfigFilesHandler(rhnHandler):
lob.write(file_contents)
_query_lookup_config_info = rhnSQL.Statement("""
- select lookup_config_info(:username, :groupname, :file_mode) id
+ select lookup_config_info(:username, :groupname, :file_mode, :selinux_ctx) id
from dual
""")
diff --git a/client/tools/rhncfg/config_common/repository.py b/client/tools/rhncfg/config_common/repository.py
index f49f750..78abc9e 100644
--- a/client/tools/rhncfg/config_common/repository.py
+++ b/client/tools/rhncfg/config_common/repository.py
@@ -27,6 +27,13 @@ import utils
from rhn_log import log_debug, die
#from rhn_rpc import rpclib
+try:
+ from selinux import getfilecon
+except:
+ # on rhel4 we do not support selinux
+ def getfilecon(path):
+ return [0, ''];
+
#6/29/05 rpc_wrapper implements the failover logic.
import rpc_wrapper
@@ -125,6 +132,8 @@ class Repository:
ret['group'] = gr_name
self._gid_cache[gid] = gr_name
+ ret['selinux_ctx'] = getfilecon(path)[1]
+
return ret
def _make_file_info(self, remote_path, local_path=None, delim_start=None,
diff --git a/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm b/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm
index d19c1ca..0dff388 100644
--- a/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm
+++ b/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm
@@ -205,6 +205,7 @@ sub generate_config_file {
groupname => { default => 'root' },
mode => { default => '770' },
new_only => { default => 0 },
+ selinux_ctx => { default => '' },
});
my $template_file = File::Spec->catfile($session->get_app_instance->get_app_dir(), $params{template});
@@ -239,6 +240,7 @@ sub generate_config_file {
$new_revision->groupname($params{groupname});
$new_revision->filemode($params{mode});
$new_revision->contents($contents);
+ $new_revision->selinux_ctx($params{selinux_ctx});
eval {
$new_revision->commit;
diff --git a/web/modules/rhn/RHN/DB/ConfigRevision.pm b/web/modules/rhn/RHN/DB/ConfigRevision.pm
index 1765b9c..3575fb7 100644
--- a/web/modules/rhn/RHN/DB/ConfigRevision.pm
+++ b/web/modules/rhn/RHN/DB/ConfigRevision.pm
@@ -30,7 +30,7 @@ our @ISA = qw/RHN::SimpleStruct/;
our @core_fields = qw/id revision config_file_id config_content_id
config_info_id delim_start delim_end created
modified username groupname filemode latest_id latest path
- md5sum file_size org_id config_channel_id filetype/;
+ md5sum file_size org_id config_channel_id filetype selinux_ctx/;
our @transient_fields = qw/__contents__ is_binary/;
our @simple_struct_fields = (@core_fields, @transient_fields);
@@ -154,7 +154,7 @@ sub commit {
}
my $dbh = RHN::DB->connect;
- my $ciid = $dbh->call_function('lookup_config_info', $self->username, $self->groupname, $self->filemode);
+ my $ciid = $dbh->call_function('lookup_config_info', $self->username, $self->groupname, $self->filemode, $self->selinux_ctx);
my $ccid = $self->config_content_id;
my $cftid = getFileTypeId($self->filetype);
diff --git a/web/modules/rhn/RHN/ProxyInstall.pm b/web/modules/rhn/RHN/ProxyInstall.pm
index 4079add..505a506 100644
--- a/web/modules/rhn/RHN/ProxyInstall.pm
+++ b/web/modules/rhn/RHN/ProxyInstall.pm
@@ -370,6 +370,7 @@ sub import_file {
username => { default => 'root' },
groupname => { default => 'root' },
mode => { default => 770 },
+ selinux_ctx => { default => '' },
});
my $cc = $params{config_channel};
@@ -394,6 +395,7 @@ sub import_file {
$new_revision->groupname($params{groupname});
$new_revision->filemode($params{mode});
$new_revision->contents($params{content});
+ $new_revision->selinux_ctx($params{selinux_ctx});
$new_revision->commit;