On Wed, 15 Jul 2015, Martin Basti wrote:
Moved files temporarily exist without a proper SElinux context which
causes issues when running SSSD/ntpd tries to work with files.
https://fedorahosted.org/freeipa/ticket/4923
Patch attached.
--
Martin Basti
From a86424429eea3bede519284e2d986c4fad8755f8 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 15 Jul 2015 16:20:59 +0200
Subject: [PATCH] sysrestore: copy files instead of moving them to avoind
SELinux issues
Copying files restores SELinux context.
https://fedorahosted.org/freeipa/ticket/4923
---
ipapython/sysrestore.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py
index
c058ff7c04d4604ba96c2a4ece68d476b5b6491f..354897240b542c2671b662a4fdad1a089652f899
100644
--- a/ipapython/sysrestore.py
+++ b/ipapython/sysrestore.py
@@ -186,12 +186,12 @@ class FileStore:
if new_path is not None:
path = new_path
- shutil.move(backup_path, path)
+ shutil.copy(backup_path, path) # SELinux needs copy
+ os.remove(backup_path)
+
os.chown(path, int(uid), int(gid))
os.chmod(path, int(mode))
- tasks.restore_context(path)
-
Please keep restorecon calls because we might have a case when old label
was wrong in the backup.
del self.files[filename]
self.save()
@@ -217,12 +217,12 @@ class FileStore:
root_logger.debug(" -> Not restoring - '%s' doesn't exist",
backup_path)
continue
- shutil.move(backup_path, path)
+ shutil.copy(backup_path, path) # SELinux needs copy
+ os.remove(backup_path)
+
os.chown(path, int(uid), int(gid))
os.chmod(path, int(mode))
- tasks.restore_context(path)
-
Same here.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
