Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=493... Commit: 493b100fab97cd9ab746124d460eda069abfc56f Parent: fe9bef6e01c83e87bee845caa6d763deb33da431 Author: Lon Hohberger lhh@redhat.com AuthorDate: Tue Apr 12 11:27:36 2011 -0400 Committer: Lon Hohberger lhh@redhat.com CommitterDate: Fri Apr 15 11:45:18 2011 -0400
resource-agents: Fix nfs mount contexts
- check for SELinux enabled - grab the installed distribution's SELinux label for /var/lib/nfs/statd - chcon / restorecon using that label (restorecon should be enough, but it seems to not work across bind mounts)
Resolves: rhbz#635828
Signed-off-by: Lon Hohberger lhh@redhat.com Reviewed-by: Fabio M. Di Nitto fdinitto@redhat.com --- rgmanager/src/resources/nfsserver.sh | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/rgmanager/src/resources/nfsserver.sh b/rgmanager/src/resources/nfsserver.sh index 17f472d..f7b6b7a 100644 --- a/rgmanager/src/resources/nfsserver.sh +++ b/rgmanager/src/resources/nfsserver.sh @@ -16,6 +16,14 @@ export LC_ALL LANG PATH
. $(dirname $0)/ocf-shellfuncs
+# SELinux information +which restorecon &> /dev/null && selinuxenabled +export SELINUX_ENABLED=$? +if [ $SELINUX_ENABLED ]; then + export SELINUX_LABEL="$(ls -ldZ /var/lib/nfs/statd | cut -f4 -d' ')" +fi + + log_do() { ocf_log debug $* @@ -222,6 +230,8 @@ create_tree() [ -f "$fp/xtab" ] || touch "$fp/xtab" [ -f "$fp/rmtab" ] || touch "$fp/rmtab"
+ [ $SELINUX_ENABLED ] && chcon -R "$SELINUX_LABEL" "$fp" + # # Generate a random state file. If this ends up being what a client # already has in its list, that's bad, but the chances of this @@ -306,7 +316,7 @@ setup_tree()
mount -o bind "$fp/statd" /var/lib/nfs/statd cp -a "$fp"/*tab /var/lib/nfs - restorecon /var/lib/nfs + [ $SELINUX_ENABLED ] && restorecon /var/lib/nfs }
cluster-commits@lists.stg.fedorahosted.org