diff options
| -rw-r--r-- | fsset.py | 24 | ||||
| -rw-r--r-- | isys/isys.c | 11 | ||||
| -rw-r--r-- | isys/isys.py | 4 | ||||
| -rw-r--r-- | packages.py | 24 |
4 files changed, 36 insertions, 27 deletions
@@ -187,11 +187,17 @@ class FileSystemType: self.maxLabelChars = 16 self.packages = [] - def mount(self, device, mountpoint, readOnly=0, bindMount=0): + def mount(self, device, mountpoint, readOnly=0, bindMount=0, + instroot=""): if not self.isMountable(): return - iutil.mkdirChain(mountpoint) - isys.mount(device, mountpoint, fstype = self.getName(), + iutil.mkdirChain("%s/%s" %(instroot, mountpoint)) + if flags.selinux: + log.info("setting SELinux context for mountpoint %s" %(mountpoint,)) + isys.resetFileContext(mountpoint, instroot) + + isys.mount(device, "%s/%s" %(instroot, mountpoint), + fstype = self.getName(), readOnly = readOnly, bindMount = bindMount) def umount(self, device, path): @@ -775,7 +781,8 @@ class swapFileSystem(FileSystemType): self.supported = 1 self.maxLabelChars = 15 - def mount(self, device, mountpoint, readOnly=0, bindMount=0): + def mount(self, device, mountpoint, readOnly=0, bindMount=0, + instroot = None): pagesize = resource.getpagesize() buf = None if pagesize > 2048: @@ -1020,13 +1027,18 @@ class AutoFileSystem(PsudoFileSystem): def __init__(self): PsudoFileSystem.__init__(self, "auto") - def mount(self, device, mountpoint, readOnly=0, bindMount=0): + def mount(self, device, mountpoint, readOnly=0, bindMount=0, + instroot = None): errNum = 0 errMsg = "cannot mount auto filesystem on %s of this type" % device if not self.isMountable(): return - iutil.mkdirChain(mountpoint) + iutil.mkdirChain("%s/%s" %(instroot, mountpoint)) + if flags.selinux: + log.info("setting SELinux context for mountpoint %s" %(mountpoint,)) + isys.resetFileContext(mountpoint, instroot) + for fs in getFStoTry (device): try: isys.mount (device, mountpoint, fstype = fs, readOnly = diff --git a/isys/isys.c b/isys/isys.c index d494c4218..521e053d2 100644 --- a/isys/isys.c +++ b/isys/isys.c @@ -1209,15 +1209,22 @@ static PyObject * doGetIPAddress(PyObject * s, PyObject * args) { #ifdef USESELINUX static PyObject * doResetFileContext(PyObject * s, PyObject * args) { char *fn, *buf = NULL; + char * root = NULL; + char path[PATH_MAX]; int ret; - if (!PyArg_ParseTuple(args, "s", &fn)) + if (!PyArg_ParseTuple(args, "s|s", &fn, &root)) return NULL; ret = matchpathcon(fn, 0, &buf); /* fprintf(stderr, "matchpathcon returned %d: set %s to %s\n", ret, fn, buf);*/ if (ret == 0) { - ret = lsetfilecon(fn, buf); + if (root != NULL) + snprintf(path, PATH_MAX, "%s/%s", root, fn); + else + snprintf(path, PATH_MAX, "%s", root); + + ret = lsetfilecon(path, buf); } return Py_BuildValue("s", buf); diff --git a/isys/isys.py b/isys/isys.py index 416990f78..ac2acff97 100644 --- a/isys/isys.py +++ b/isys/isys.py @@ -847,8 +847,8 @@ def isWireless(dev): def getIPAddress(dev): return _isys.getIPAddress(dev) -def resetFileContext(fn): - return _isys.resetFileContext(fn) +def resetFileContext(fn, instroot = '/'): + return _isys.resetFileContext(fn, instroot) auditDaemon = _isys.auditdaemon diff --git a/packages.py b/packages.py index db0b2364c..0658e1f97 100644 --- a/packages.py +++ b/packages.py @@ -210,23 +210,13 @@ def setFileCons(anaconda): files.extend(map(addpath, dirfiles)) files.append(dir) - # blah, to work in a chroot, we need to actually be inside so the - # regexes will work - child = os.fork() - if (not child): - os.chroot(anaconda.rootPath) - for f in files: - if not os.access("%s" %(f,), os.R_OK): - log.warning("%s doesn't exist" %(f,)) - continue - ret = isys.resetFileContext(os.path.normpath(f)) - log.info("set fc of %s to %s" %(f, ret)) - os._exit(0) - - try: - os.waitpid(child, 0) - except OSError, (num, msg): - pass + for f in files: + if not os.access("%s" %(f,), os.R_OK): + log.warning("%s doesn't exist" %(f,)) + continue + ret = isys.resetFileContext(os.path.normpath(f), + anaconda.rootPath) + log.info("set fc of %s to %s" %(f, ret)) return |