Issue #1681 has been updated by freiheit.
Here's an alternative suggestion:
Once:
Read in and parse /etc/mtab, /proc/mounts or /proc/self/mounts (they have
similar contents. In the /proc stuff I see the / filesystem twice, only once
with the data you want)
You can split on a single space or maybe \s+. looks a lot like /etc/fstab,
so maybe you can use the code that parses that from mount. 2nd field is the
mount point, 3rd is the fstype.
Create a hash with the mount point as the key and the fstype as the data
you're interested in. Wouldn't hurt to store the other fields for use of some
other code somewhere...
For a given file, let's say it's /a/b/c/d/e/f/g
Check if the filename is in the data structure; return the fstype if it is.
Just in case: return something if you're down to "/" or ""
Remove the last slash and everything after it, and repeat with that as the
file for the next loop through.
IOW: look for /a/b/c/d/e/f/g, then /a/b/c/d/e/f, down to /a and finally / or
"". Whichever is the most specific should be the correct answer.
Then if the return is "nfs" or "nfs4", make the nfs_t assumption you refer to.
----------------------------------------
Bug #1681: SELinux gets wrong seltype for NFS mounts
http://projects.reductivelabs.com/issues/show/1681
Author: freiheit
Status: Accepted
Priority: Low
Assigned to: seanmil
Category: file
Target version: 0.24.7
Complexity: Unknown
Affected version: 0.24.6
Keywords:
This is on a system with SELinux in permissive mode.
puppet code looks like:
file { "nfs/jeckle/mail_admin": ensure => directory }
mount { "/nfs/jeckle/mail_admin":
atboot => true,
device => "jeckle-nfs:/vol/vol_mail_admin/mail_admin",
ensure => "mounted",
fstype => "nfs",
options => "vers=3,tcp,intr,hard",
dump => "0",
pass => "0",
require => [ Host[jeckle-nfs], File["/nfs/jeckle/mail_admin"]],
}
This is on a system that already had that in place before upgrading to 0.24.6.
I believe it's possible you'd receive a different result if the file {}
resource was applied before the mount was mounted, but this system already had
the mount going when puppet was run.
Error looks like this:
err:
//Node[nelson]/courierimap/ssu::mailserver/virtmounts/File[/nfs/jeckle/mail_admin]/seltype:
change from nfs_t to default_t failed: Execution of '/usr/bin/chcon -h -t
default_t /nfs/jeckle/mail_admin' returned 1: /usr/bin/chcon: failed to change
context of /nfs/jeckle/mail_admin to system_u:object_r:default_t: Operation not
supported
And error keeps happening.
I believe the fundamental problem is that there are actually TWO
/nfs/jeckle/mail_admin files. One is the local directory which is what
matchpathcon returns. The second is the mount, which overlays and hides the
original directory. It's possible for the two to have different permissions,
etc.
As far as I know, SELinux won't work on NFS mounts or anything on the NFS mount.
----------------------------------------
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
