On 02/20/2014 12:20 PM, Petr Viktorin wrote: > On 02/19/2014 04:54 PM, Jan Pazdziora wrote: >> On Wed, Feb 19, 2014 at 04:37:05PM +0100, Tomas Babej wrote: >>> Hi, >>> >>> When restoring files from backup, we do use an incorrect order of >>> operations - we first restore SELinux context and then copy the >>> files from backup, when we need to do the exact opposite. >>> >>> https://fedorahosted.org/freeipa/ticket/4133 >>> >> >>> >From 3c1da9e7265bfb303cd4b9751c5b32b04d502431 Mon Sep 17 00:00:00 2001 >>> From: Tomas Babej <[email protected]> >>> Date: Wed, 19 Feb 2014 16:31:12 +0100 >>> Subject: [PATCH] ipatests: Fix incorrect order of operations when restoring >>> backup >>> >>> When restoring files from backup, we do use an incorrect order of >>> operations - we first restore SELinux context and then copy the >>> files from backup, when we need to do the exact opposite. >>> >>> https://fedorahosted.org/freeipa/ticket/4133 >>> --- >>> ipatests/test_integration/tasks.py | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/ipatests/test_integration/tasks.py >>> b/ipatests/test_integration/tasks.py >>> index >>> 9a6ea3fa548a53d6e5ab6d19783227c2d956a001..b785f28190ed39a0ac45ff5b69e3b474e2634278 >>> 100644 >>> --- a/ipatests/test_integration/tasks.py >>> +++ b/ipatests/test_integration/tasks.py >>> @@ -137,7 +137,7 @@ def restore_files(host): >>> >>> # Run both commands in one session. For more information, see: >>> # https://fedorahosted.org/freeipa/ticket/4133 >>> - host.run_command('%s ; (%s ||:)' % (restorecon_command, >>> copyfiles_command)) >>> + host.run_command('%s ; (%s ||:)' % (copyfiles_command, >>> restorecon_command)) >> >> ACK -- having the files in place is definitely useful if we then want >> to find them there. >> >> However: since this is about restoring a backup, can't the backup >> contain the extended attributes, so that the SELinux context gets >> restored to the original state (which could be different from what >> the restorecon will give you)? > > Well, I guess you're the Beaker authority here. Is that necessary when > restoring? > The tests expect a "sane" state, and they return to that; using a somehow > customized machine to test on is a bad idea anyway.
+1. If you added a proper SELinux rule on that machine to set the right file context, it will still be right after restorecon. Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
