[Cluster-devel] [PATCH] resource-agents: Fix nfs mount contexts
Fabio M. Di Nitto
fdinitto at redhat.com
Fri Apr 15 15:24:55 UTC 2011
ACK´ed.
Fabio
On 4/15/2011 5:18 PM, Lon Hohberger wrote:
> - check for SELinux enabled
> - grab the installed distribution's SELinux label for
> /var/lib/nfs/statd
> - chcon / restorecon using that label (restorecon should be enough,
> but it seems to not work across bind mounts)
>
> Resolves: rhbz#635828
>
> Signed-off-by: Lon Hohberger <lhh at redhat.com>
> ---
> rgmanager/src/resources/nfsserver.sh | 12 +++++++++++-
> 1 files changed, 11 insertions(+), 1 deletions(-)
>
> diff --git a/rgmanager/src/resources/nfsserver.sh b/rgmanager/src/resources/nfsserver.sh
> index 17f472d..f7b6b7a 100644
> --- a/rgmanager/src/resources/nfsserver.sh
> +++ b/rgmanager/src/resources/nfsserver.sh
> @@ -16,6 +16,14 @@ export LC_ALL LANG PATH
>
> . $(dirname $0)/ocf-shellfuncs
>
> +# SELinux information
> +which restorecon &> /dev/null && selinuxenabled
> +export SELINUX_ENABLED=$?
> +if [ $SELINUX_ENABLED ]; then
> + export SELINUX_LABEL="$(ls -ldZ /var/lib/nfs/statd | cut -f4 -d' ')"
> +fi
> +
> +
> log_do()
> {
> ocf_log debug $*
> @@ -222,6 +230,8 @@ create_tree()
> [ -f "$fp/xtab" ] || touch "$fp/xtab"
> [ -f "$fp/rmtab" ] || touch "$fp/rmtab"
>
> + [ $SELINUX_ENABLED ] && chcon -R "$SELINUX_LABEL" "$fp"
> +
> #
> # Generate a random state file. If this ends up being what a client
> # already has in its list, that's bad, but the chances of this
> @@ -306,7 +316,7 @@ setup_tree()
>
> mount -o bind "$fp/statd" /var/lib/nfs/statd
> cp -a "$fp"/*tab /var/lib/nfs
> - restorecon /var/lib/nfs
> + [ $SELINUX_ENABLED ] && restorecon /var/lib/nfs
> }
>
>
More information about the Cluster-devel
mailing list