[Spacewalk-devel] fix an ISE relating to config management w/selinux

Joshua Roys Tue, 18 Aug 2009 11:25:44 -0700

Hello all,

Attached is a patch to kill another bug in the configuration managementw/selinux. Specifically, backend/server/configFilesHandler.py ended upcalling the old version of lookup_config_info, which caused all fileuploads to fail in an ISE. In fixing this, I also added functionalityto upload the selinux context of files to spacewalk inclient/tools/rhncfg/config_common/repository.py . The other changes arefor completeness, as they look like they could cause problems in the future.


Hopefully this is the last bug - sorry I didn't squash them earlier!

Thanks,

Joshua Roys

diff --git a/backend/server/configFilesHandler.py 
b/backend/server/configFilesHandler.py
index 996d221..f00a937 100644
--- a/backend/server/configFilesHandler.py
+++ b/backend/server/configFilesHandler.py
@@ -158,6 +158,8 @@ class ConfigFilesHandler(rhnHandler):
         file['username'] = file['user']
         file['groupname'] = file['group']
         file['file_mode'] = file['mode']
+        if not file.has_key('selinux_ctx'):
+            file['selinux_ctx'] = ''
 
         result = {}
         
@@ -321,7 +323,7 @@ class ConfigFilesHandler(rhnHandler):
             lob.write(file_contents)
 
     _query_lookup_config_info = rhnSQL.Statement("""
-        select lookup_config_info(:username, :groupname, :file_mode) id
+        select lookup_config_info(:username, :groupname, :file_mode, 
:selinux_ctx) id
           from dual
     """)
 
diff --git a/client/tools/rhncfg/config_common/repository.py 
b/client/tools/rhncfg/config_common/repository.py
index f49f750..145d52e 100644
--- a/client/tools/rhncfg/config_common/repository.py
+++ b/client/tools/rhncfg/config_common/repository.py
@@ -27,6 +27,7 @@ import utils
 
 from rhn_log import log_debug, die
 #from rhn_rpc import rpclib
+from selinux import getfilecon
 
 #6/29/05 rpc_wrapper implements the failover logic.
 import rpc_wrapper
@@ -125,6 +126,8 @@ class Repository:
             ret['group'] = gr_name
             self._gid_cache[gid] = gr_name
 
+        ret['selinux_ctx'] = getfilecon(path)[1]
+
         return ret
 
     def _make_file_info(self, remote_path, local_path=None, delim_start=None,
diff --git a/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm 
b/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm
index d19c1ca..0dff388 100644
--- a/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm
+++ b/web/modules/rhn/RHN/AppInstall/ActionHandler/ActionRunner.pm
@@ -205,6 +205,7 @@ sub generate_config_file {
                              groupname => { default => 'root' },
                              mode => { default => '770' },
                              new_only => { default => 0 },
+                             selinux_ctx => { default => '' },
                            });
 
   my $template_file = 
File::Spec->catfile($session->get_app_instance->get_app_dir(), 
$params{template});
@@ -239,6 +240,7 @@ sub generate_config_file {
   $new_revision->groupname($params{groupname});
   $new_revision->filemode($params{mode});
   $new_revision->contents($contents);
+  $new_revision->selinux_ctx($params{selinux_ctx});
 
   eval {
     $new_revision->commit;
diff --git a/web/modules/rhn/RHN/DB/ConfigRevision.pm 
b/web/modules/rhn/RHN/DB/ConfigRevision.pm
index 1765b9c..3575fb7 100644
--- a/web/modules/rhn/RHN/DB/ConfigRevision.pm
+++ b/web/modules/rhn/RHN/DB/ConfigRevision.pm
@@ -30,7 +30,7 @@ our @ISA = qw/RHN::SimpleStruct/;
 our @core_fields = qw/id revision config_file_id config_content_id
                      config_info_id delim_start delim_end created
                      modified username groupname filemode latest_id latest path
-                     md5sum file_size org_id config_channel_id filetype/;
+                     md5sum file_size org_id config_channel_id filetype 
selinux_ctx/;
 
 our @transient_fields = qw/__contents__ is_binary/;
 our @simple_struct_fields = (@core_fields, @transient_fields);
@@ -154,7 +154,7 @@ sub commit {
   }
  
   my $dbh = RHN::DB->connect;
-  my $ciid = $dbh->call_function('lookup_config_info', $self->username, 
$self->groupname, $self->filemode);
+  my $ciid = $dbh->call_function('lookup_config_info', $self->username, 
$self->groupname, $self->filemode, $self->selinux_ctx);
   my $ccid = $self->config_content_id;
   my $cftid = getFileTypeId($self->filetype);
 
diff --git a/web/modules/rhn/RHN/ProxyInstall.pm 
b/web/modules/rhn/RHN/ProxyInstall.pm
index 4079add..505a506 100644
--- a/web/modules/rhn/RHN/ProxyInstall.pm
+++ b/web/modules/rhn/RHN/ProxyInstall.pm
@@ -370,6 +370,7 @@ sub import_file {
                              username => { default => 'root' },
                              groupname => { default => 'root' },
                              mode => { default => 770 },
+                             selinux_ctx => { default => '' },
                            });
 
   my $cc = $params{config_channel};
@@ -394,6 +395,7 @@ sub import_file {
   $new_revision->groupname($params{groupname});
   $new_revision->filemode($params{mode});
   $new_revision->contents($params{content});
+  $new_revision->selinux_ctx($params{selinux_ctx});
 
   $new_revision->commit;

_______________________________________________
Spacewalk-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-devel

[Spacewalk-devel] fix an ISE relating to config management w/selinux

Reply via email to