Have cobblerd install selinux regexen for semanage instead of doing things

on a per file basis, also selinux is disabled when not present.

2 files changed, 36 insertions, 36 deletions

diff --git a/cobbler/utils.py b/cobbler/utils.py
index 64ad96b3..fece9476 100644
--- a/cobbler/utils.py
+++ b/cobbler/utils.py
@@ -912,47 +912,17 @@ def restorecon(dest, api):
     hardlinking between /var/www and tftpboot but use
     restorecon everywhere else.
     """
-    
+ 
     if not api.is_selinux_enabled():
         return True
 
     tdest = os.path.realpath(dest)
-    
-    matched_path = False
-    if dest.startswith("/var/www"):
-       matched_path = True
-    elif dest.find("/tftpboot/"):
-       matched_path = True
-    remoted = is_remote_file(tdest)
-
-
-    if matched_path and not is_remote_file(tdest):
-        # ensure the file is flagged as public_content_t
-        # because it's something we've likely hardlinked
-        # three ways between tftpboot, /var/www and the source
-        cmd = ["/usr/bin/chcon","-t","public_content_t", tdest]
-        rc = sub_process.call(cmd,shell=False,close_fds=True)
-        if rc != 0:
-            raise CX("chcon operation failed: %s" % cmd)
-        # make it sticky
-        cmd = ["/usr/sbin/semanage","fcontext","-a","-t","public_content_t",tdest]
-        rc = sub_process.call(cmd,shell=False,close_fds=True)
-        if rc != 0:
-            # this seems to lock up...
-            # maybe it's already set!
-            #cmd = ["/usr/sbin/semanage","fcontext","-m","-t","public_content_t",tdest]
-            #time.sleep(0.1)
-            #rc = sub_process.call(cmd,shell=False,close_fds=True)
-            #if rc != 0:
-            #    raise CX("semanage operation failed: %s" % cmd)
-            pass
+    # remoted = is_remote_file(tdest)
 
-    if (not matched_path) or (matched_path and remoted):
-        # the basic restorecon stuff...
-        cmd = [ "/sbin/restorecon",dest ]
-        rc = sub_process.call(cmd,shell=False,close_fds=True)
-        if rc != 0:
-            raise CX("restorecon operation failed: %s" % cmd)
+    cmd = [ "/sbin/restorecon",dest ]
+    rc = sub_process.call(cmd,shell=False,close_fds=True)
+    if rc != 0:
+        raise CX("restorecon operation failed: %s" % cmd)
 
     return 0
 
@@ -1228,6 +1198,8 @@ def safe_filter(var):
        raise CX("Invalid characters found in input")
 
 def is_selinux_enabled():
+    if not os.path.exists("/usr/sbin/selinuxenabled"):
+       return False
     args = "/usr/sbin/selinuxenabled"
     selinuxenabled = sub_process.call(args,close_fds=True)
     if selinuxenabled == 0:
diff --git a/scripts/cobblerd b/scripts/cobblerd
index 37fa44ad..b79ef699 100755
--- a/scripts/cobblerd
+++ b/scripts/cobblerd
@@ -20,6 +20,7 @@ import cobbler.api as bootapi
 import cobbler.cobblerd as app
 import logging
 import cobbler.utils as utils
+import cobbler.sub_process as sub_process
 
 import optparse
 
@@ -31,9 +32,36 @@ import optparse
 #ch.setFormatter(formatter)
 #logger.addHandler(ch)
 
+SELINUX_PUBLIC_PATTERNS = {
+   "/var/lib/tftpboot" : "/var/lib/tftpboot/.*",
+   "/tftpboot" : "/tftpboot/.*",
+   "/var/www/cobbler/images" : "/var/www/cobbler/images/.*",
+}
+
+def selinux_setup():
+
+    if not utils.is_selinux_enabled():
+        return False
+
+    # install rules that will ensure content we are likely
+    # to hardlink between multiple locations gets the right
+    # context (public_content_t) instead of httpd_sys_content_t
+    # or tftpdir_t
+
+    for x in SELINUX_PUBLIC_PATTERNS.keys():
+        y = SELINUX_PUBLIC_PATTERNS[x]
+        if os.path.exists(x):
+            cmd = [ "/usr/sbin/semanage",
+                "fcontext",
+                "-a","-t","public_content_t",y
+            ]
+            print cmd
+            rc = sub_process.call(cmd)
+            
 def daemonize_self(logger):
     # daemonizing code:  http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/66012
     logger.info("cobblerd started")
+    selinux_setup()
     try: 
         pid = os.fork() 
         if pid > 0: