[Cluster-devel] [PATCH] resource-agents: Fix nfs mount contexts
Lon Hohberger
lhh at redhat.com
Fri Apr 15 14:49:08 UTC 2011
On Fri, Apr 15, 2011 at 06:44:47AM +0200, Fabio M. Di Nitto wrote:
> Hi Lon,
>
> 2 small bits here..
>
> in nfsserver.sh, we also call restorecon.
>
> IMHO execution of selinux tools should be conditional to selinux being
> enabled and tools available.
>
> To make this a generic upstream patch, we can do (at the beginning of
> the agent):
Yep, I'll revert the one I pushed. Sorry about that.
> selinuxon=""
> [ -n "$(which selinuxenabled)" ] && selinuxenabled && selinuxon=1
>
> this is mostly paranoia and to cache the result for later use. invoking
> selinuxenabled is cheap.
>
> .....
>
> [ -n "$selinuxon" ] && [ -n "$(which restorecon)" ] && restorecon...
>
> .....
>
> [ -n "$selinuxon" ] && [ -n "$(which chcon)" ] && chcon -R....
>
> chcon -R works recursively, so one invocation should be sufficient.
In my initial testing, it didn't work, but deleting the second line
seemed to work fine now.
> The main motivator behind this approach is to guarantee that we don't
> need resource-agents to Requires those tools at packaging level and
> enforce them on a system.
Understood.
--
Lon Hohberger - Red Hat, Inc.
More information about the Cluster-devel
mailing list