[PATCH 1/2] Reset labels on /var/cache/yum as well (#623434).

Chris Lumens <clumens@xxxxxxxxxx> · Wed, 18 Aug 2010 15:47:41 -0400

anaconda indirectly creates this directory tree when it creates a Yum object
chrooted under /mnt/sysimage, so we need to ensure it gets the proper selinux
label.

While I'm at it, make file context setting recursive since who knows how much
stuff is in /var/cache/yum.
---
 pyanaconda/packages.py |   38 ++++++++++++++++++++++----------------
 1 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/pyanaconda/packages.py b/pyanaconda/packages.py
index 7d88d06..1fa2ea6 100644
--- a/pyanaconda/packages.py
+++ b/pyanaconda/packages.py
@@ -186,6 +186,22 @@ def setupTimezone(anaconda):
 # FIXME: this is a huge gross hack.  hard coded list of files
 # created by anaconda so that we can not be killed by selinux
 def setFileCons(anaconda):
+    def contextCB(arg, directory, files):
+        for file in files:
+            path = os.path.join(directory, file)
+
+            # We need to trim the rootPath off here so resetFileContext will
+            # get the proper context.  Otherwise no paths will ever match.
+            if path.startswith(anaconda.rootPath):
+                path = path.replace(anaconda.rootPath, "")
+
+            if not os.access("%s/%s" % (anaconda.rootPath, path), os.R_OK):
+                log.warning("%s doesn't exist" % path)
+                continue
+
+            ret = isys.resetFileContext(path, anaconda.rootPath)
+            log.info("set fc of %s to %s" % (path, ret))
+
     if flags.selinux:
         log.info("setting SELinux contexts for anaconda created files")
 
@@ -201,26 +217,16 @@ def setFileCons(anaconda):
                  "/root/install.log", "/root/install.log.syslog",
                  "/etc/shadow", "/etc/shadow-", "/etc/gshadow"] + \
                 glob.glob('/etc/dhcp/dhclient-*.conf')
+        contextCB(None, "", files)
 
         vgs = ["/dev/%s" % vg.name for vg in anaconda.storage.vgs]
 
-        # ugh, this is ugly
-        for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig" ] + vgs:
-            def addpath(x): return dir + "/" + x
-
-            if not os.path.isdir(anaconda.rootPath + dir):
-                continue
-            dirfiles = os.listdir(anaconda.rootPath + dir)
-            files.extend(map(addpath, dirfiles))
-            files.append(dir)
+        for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig", "/var/cache/yum" ] + vgs:
+            os.path.walk(dir, contextCB, None)
 
-        for f in files:
-            if not os.access("%s/%s" %(anaconda.rootPath, f), os.R_OK):
-                log.warning("%s doesn't exist" %(f,))
-                continue
-            ret = isys.resetFileContext(os.path.normpath(f),
-                                        anaconda.rootPath)
-            log.info("set fc of %s to %s" %(f, ret))
+            # os.path.walk won't include the directory we start walking at,
+            # so that needs its context set separtely.
+            contextCB(None, "", [dir])
 
     return
 
-- 
1.7.1.1

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list





