[node-patches] Change in ovirt-node[master]: persist: use restorecon after persist

dougsland at redhat.com dougsland at redhat.com
Tue Sep 9 23:25:13 UTC 2014 

Douglas Schilling Landgraf has uploaded a new change for review.

Change subject: persist: use restorecon after persist
......................................................................

persist: use restorecon after persist

shutil module doesn't provide method to copy objects keeping
selinux context. This patch adds restorecon call after the persist.

Change-Id: I50965ea67cfc6aa2c9c108a14e7c0c1607b287ad
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M src/ovirt/node/utils/fs/__init__.py
M src/ovirt/node/utils/security.py
2 files changed, 13 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/27/32727/1

diff --git a/src/ovirt/node/utils/fs/__init__.py b/src/ovirt/node/utils/fs/__init__.py
index fe2c2c6..376dd97 100644
--- a/src/ovirt/node/utils/fs/__init__.py
+++ b/src/ovirt/node/utils/fs/__init__.py
@@ -30,6 +30,8 @@
 import StringIO
 import re
 
+from ovirt.node import utils
+
 from . import mount
 from .. import process, parse_varfile
 from ... import base, log
@@ -415,6 +417,8 @@
                 self._logger.error('Failed to persist "%s"', path)
                 return -1
 
+            utils.security.Selinux().restorecon(abspath)
+
     def _persist_dir(self, abspath):
         """Persist directory and bind mount it back to its current location
         """
diff --git a/src/ovirt/node/utils/security.py b/src/ovirt/node/utils/security.py
index 6fceda0..946913b 100644
--- a/src/ovirt/node/utils/security.py
+++ b/src/ovirt/node/utils/security.py
@@ -26,6 +26,7 @@
 import hashlib
 import os.path
 import process
+import selinux
 
 """
 Some convenience functions related to security
@@ -98,6 +99,14 @@
         opasswd.set_password(password, username)
 
 
+class Selinux(base.Base):
+    def restorecon(self, abspath):
+        try:
+            selinux.restorecon(abspath)
+        except OSError:
+            self._logger.debug('No default label: "%s"', abspath)
+
+
 class Ssh(base.Base):
     def __init__(self):
         super(Ssh, self).__init__()


-- 
To view, visit http://gerrit.ovirt.org/32727
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I50965ea67cfc6aa2c9c108a14e7c0c1607b287ad
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>

More information about the node-patches mailing list