Moved files temporarily exist without a proper SElinux context which causes issues when running SSSD/ntpd tries to work with files.

https://fedorahosted.org/freeipa/ticket/4923

Patch attached.

--
Martin Basti

From a86424429eea3bede519284e2d986c4fad8755f8 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Jul 2015 16:20:59 +0200
Subject: [PATCH] sysrestore: copy files instead of moving them to avoind
 SELinux issues

Copying files restores SELinux context.

https://fedorahosted.org/freeipa/ticket/4923
---
 ipapython/sysrestore.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py
index c058ff7c04d4604ba96c2a4ece68d476b5b6491f..354897240b542c2671b662a4fdad1a089652f899 100644
--- a/ipapython/sysrestore.py
+++ b/ipapython/sysrestore.py
@@ -186,12 +186,12 @@ class FileStore:
         if new_path is not None:
             path = new_path
 
-        shutil.move(backup_path, path)
+        shutil.copy(backup_path, path)  # SELinux needs copy
+        os.remove(backup_path)
+
         os.chown(path, int(uid), int(gid))
         os.chmod(path, int(mode))
 
-        tasks.restore_context(path)
-
         del self.files[filename]
         self.save()
 
@@ -217,12 +217,12 @@ class FileStore:
                 root_logger.debug("  -> Not restoring - '%s' doesn't exist", backup_path)
                 continue
 
-            shutil.move(backup_path, path)
+            shutil.copy(backup_path, path)  # SELinux needs copy
+            os.remove(backup_path)
+
             os.chown(path, int(uid), int(gid))
             os.chmod(path, int(mode))
 
-            tasks.restore_context(path)
-
 	#force file to be deleted
         self.files = {}
         self.save()
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to