[Freeipa-devel] [PATCH 0153] ipatests: Fix incorrect order of operations when restoring

Tomas Babej tbabej at redhat.com
Thu Feb 20 11:50:33 UTC 2014


On 02/19/2014 04:54 PM, Jan Pazdziora wrote:
> On Wed, Feb 19, 2014 at 04:37:05PM +0100, Tomas Babej wrote:
>> Hi,
>>
>> When restoring files from backup, we do use an incorrect order of
>> operations - we first restore SELinux context and then copy the
>> files from backup, when we need to do the exact opposite.
>>
>> https://fedorahosted.org/freeipa/ticket/4133
>>
>> >From 3c1da9e7265bfb303cd4b9751c5b32b04d502431 Mon Sep 17 00:00:00 2001
>> From: Tomas Babej <tbabej at redhat.com>
>> Date: Wed, 19 Feb 2014 16:31:12 +0100
>> Subject: [PATCH] ipatests: Fix incorrect order of operations when restoring
>>  backup
>>
>> When restoring files from backup, we do use an incorrect order of
>> operations - we first restore SELinux context and then copy the
>> files from backup, when we need to do the exact opposite.
>>
>> https://fedorahosted.org/freeipa/ticket/4133
>> ---
>>  ipatests/test_integration/tasks.py | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
>> index 9a6ea3fa548a53d6e5ab6d19783227c2d956a001..b785f28190ed39a0ac45ff5b69e3b474e2634278 100644
>> --- a/ipatests/test_integration/tasks.py
>> +++ b/ipatests/test_integration/tasks.py
>> @@ -137,7 +137,7 @@ def restore_files(host):
>>  
>>      # Run both commands in one session. For more information, see:
>>      # https://fedorahosted.org/freeipa/ticket/4133
>> -    host.run_command('%s ; (%s ||:)' % (restorecon_command, copyfiles_command))
>> +    host.run_command('%s ; (%s ||:)' % (copyfiles_command, restorecon_command))
> ACK -- having the files in place is definitely useful if we then want
> to find them there.
>
> However: since this is about restoring a backup, can't the backup
> contain the extended attributes, so that the SELinux context gets
> restored to the original state (which could be different from what
> the restorecon will give you)?
>
Yes, it could. Preserving the context is not hard, we can just use:

cp --preserve=context

for backup & restore.

But as others mention, we rather work with a "return-to-the-sane-state"
rather than "return-to-the-previous-state"  assumption here.

-- 
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 




More information about the Freeipa-devel mailing list