Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
gerrit-hooks has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 2: * #1368474::Update tracker: OK * #62773::Update tracker: OK * #64296::Update tracker: OK * Set MODIFIED::bug 1368474#1368474OK -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Ramesh N Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Francesco Romani has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 1: Code-Review+2 we already merged 4.0.6 patches, so we can take this. -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Ramesh N Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Francesco Romani has submitted this change and it was merged. Change subject: gluster: set selinux labels while creating bricks .. gluster: set selinux labels while creating bricks brick should have correct selinux labels on the brick mount points. But it missing in the createBrick vdsm verb. This patch sets the correct selinux lables on brick mount point using 'restorecon' and 'semanage' commands Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Bug-Url: https://bugzilla.redhat.com/1368474 Signed-off-by: Ramesh Nachimuthu Reviewed-on: https://gerrit.ovirt.org/62773 Continuous-Integration: Jenkins CI Reviewed-by: Yaniv Bronhaim Reviewed-by: Piotr Kliczewski Reviewed-by: Sahina Bose Reviewed-by: Francesco Romani Reviewed-by: Dan Kenigsberg Reviewed-on: https://gerrit.ovirt.org/64296 --- M vdsm/gluster/exception.py M vdsm/gluster/storagedev.py 2 files changed, 40 insertions(+), 0 deletions(-) Approvals: Piotr Kliczewski: Looks good to me, but someone else must approve Jenkins CI: Passed CI tests Francesco Romani: Looks good to me, approved Sahina Bose: Looks good to me, but someone else must approve Ramesh N: Verified -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Ramesh N Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Francesco Romani has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 1: Code-Review+1 targeted 4.0.6, temporary holding merge until we finish 4.0.5 -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Ramesh N Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Ramesh N has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 1: Verified+1 -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Ramesh N Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Sahina Bose has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 1: Code-Review+1 -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Piotr Kliczewski has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 1: Code-Review+1 -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
gerrit-hooks has posted comments on this change. Change subject: gluster: set selinux labels while creating bricks .. Patch Set 1: * #1368474::Update tracker: OK * Check Bug-Url::OK * Check Public Bug::#1368474::OK, public bug * Check Product::#1368474::OK, Correct classification oVirt * Check TM::#1368474::OK, correct target milestone ovirt-4.0.6 * Check merged to previous::OK, change not open on any previous branch -- To view, visit https://gerrit.ovirt.org/64296 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.0 Gerrit-Owner: Ramesh N Gerrit-Reviewer: Dan Kenigsberg Gerrit-Reviewer: Francesco Romani Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski Gerrit-Reviewer: Sahina Bose Gerrit-Reviewer: Yaniv Bronhaim Gerrit-Reviewer: gerrit-hooks Gerrit-HasComments: No ___ vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
Change in vdsm[ovirt-4.0]: gluster: set selinux labels while creating bricks
Hello Piotr Kliczewski, Yaniv Bronhaim, Dan Kenigsberg, Francesco Romani,
Sahina Bose,
I'd like you to do a code review. Please visit
https://gerrit.ovirt.org/64296
to review the following change.
Change subject: gluster: set selinux labels while creating bricks
..
gluster: set selinux labels while creating bricks
brick should have correct selinux labels on the brick mount
points. But it missing in the createBrick vdsm verb.
This patch sets the correct selinux lables on brick mount
point using 'restorecon' and 'semanage' commands
Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Bug-Url: https://bugzilla.redhat.com/1368474
Signed-off-by: Ramesh Nachimuthu
Reviewed-on: https://gerrit.ovirt.org/62773
Continuous-Integration: Jenkins CI
Reviewed-by: Yaniv Bronhaim
Reviewed-by: Piotr Kliczewski
Reviewed-by: Sahina Bose
Reviewed-by: Francesco Romani
Reviewed-by: Dan Kenigsberg
---
M vdsm/gluster/exception.py
M vdsm/gluster/storagedev.py
2 files changed, 40 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/96/64296/1
diff --git a/vdsm/gluster/exception.py b/vdsm/gluster/exception.py
index 1e1b961..369d6dd 100644
--- a/vdsm/gluster/exception.py
+++ b/vdsm/gluster/exception.py
@@ -477,6 +477,28 @@
message = "vgscan failed"
+class GlusterHostFailedToSetSelinuxContext(GlusterHostException):
+code = 4420
+
+def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
+self.rc = rc
+self.out = out
+self.err = err
+self.message = "Failed to set selinux context on the brick : %s" \
+ % brickMountPoint
+
+
+class GlusterHostFailedToRunRestorecon(GlusterHostException):
+code = 4421
+
+def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
+self.rc = rc
+self.out = out
+self.err = err
+self.message = "Failed to run restorecon on the brick : %s" \
+ % brickMountPoint
+
+
# Hook
class GlusterHookException(GlusterException):
code = 4500
diff --git a/vdsm/gluster/storagedev.py b/vdsm/gluster/storagedev.py
index ca1ee01..43f8c5f 100644
--- a/vdsm/gluster/storagedev.py
+++ b/vdsm/gluster/storagedev.py
@@ -21,6 +21,7 @@
import errno
import logging
import os
+import selinux
import blivet
import blivet.formats
@@ -54,6 +55,9 @@
_vgscanCommandPath = utils.CommandPath("vgscan",
"/sbin/vgscan",
"/usr/sbin/vgscan",)
+_semanageCommandPath = utils.CommandPath("semanage",
+ "/sbin/semanage",
+ "/usr/sbin/semanage",)
# All size are in MiB unless otherwise specified
DEFAULT_CHUNK_SIZE_KB = 256
@@ -313,4 +317,18 @@
raise ge.GlusterHostStorageDeviceVGScanFailedException(rc, out, err)
fstab.FsTab().add(thinlv.path, mountPoint,
DEFAULT_FS_TYPE, mntOpts=[DEFAULT_MOUNT_OPTIONS])
+
+# If selinux is enabled, set correct selinux labels on the brick.
+if selinux.is_selinux_enabled():
+rc, out, err = commands.execCmd([_semanageCommandPath.cmd,
+ 'fcontext', '-a', '-t',
+ 'glusterd_brick_t', mountPoint])
+if rc:
+raise ge.GlusterHostFailedToSetSelinuxContext(mountPoint, rc,
+ out, err)
+try:
+selinux.restorecon(mountPoint, recursive=True)
+except OSError as e:
+errMsg = "[Errno %s] %s: '%s'" % (e.errno, e.strerror, e.filename)
+raise ge.GlusterHostFailedToRunRestorecon(mountPoint, err=errMsg)
return _getDeviceDict(thinlv)
--
To view, visit https://gerrit.ovirt.org/64296
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-4.0
Gerrit-Owner: Ramesh N
Gerrit-Reviewer: Dan Kenigsberg
Gerrit-Reviewer: Francesco Romani
Gerrit-Reviewer: Piotr Kliczewski
Gerrit-Reviewer: Sahina Bose
Gerrit-Reviewer: Yaniv Bronhaim
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org
