Reset labels on /var/cache/yum as well (#623434).

anaconda indirectly creates this directory tree when it creates a Yum object chrooted under /mnt/sysimage, so we need to ensure it gets the proper selinux label. While I'm at it, fix a couple stupid things in how file context setting didn't work: (1) Make directory handling recursive, since who knows how much stuff is in /var/cache/yum. (2) Make globs check against /mnt/sysimage instead of /. Before, we were just getting lucky with contexts since the networking files were all the same. But we shouldn't rely on that luck continuing. (3) Move the file lists into constants.py.
author: Chris Lumens <clumens@redhat.com> 2010-08-18 10:26:00 -0400
committer: Chris Lumens <clumens@redhat.com> 2010-08-19 14:28:48 -0400
commit: 03612bf8024b58380f6b70254913558c9f96c822 (patch)
tree: 798a8522cf8b26ff2a9c364a64a5c56c841afba6 /pyanaconda/packages.py
parent: 4766743fed030a23706c496a7637965061a1b898 (diff)
download: anaconda-03612bf8024b58380f6b70254913558c9f96c822.tar.gz
anaconda-03612bf8024b58380f6b70254913558c9f96c822.tar.xz
anaconda-03612bf8024b58380f6b70254913558c9f96c822.zip
1 files changed, 32 insertions, 31 deletions
diff --git a/pyanaconda/packages.py b/pyanaconda/packages.py
index 7d88d069a..232e329ca 100644
--- a/pyanaconda/packages.py
+++ b/pyanaconda/packages.py
@@ -23,6 +23,7 @@
 #            Jeremy Katz <katzj@redhat.com>
 #
 
+import itertools
 import glob
 import iutil
 import isys
@@ -186,41 +187,41 @@ def setupTimezone(anaconda):
 # FIXME: this is a huge gross hack.  hard coded list of files
 # created by anaconda so that we can not be killed by selinux
 def setFileCons(anaconda):
+    def contextCB(arg, directory, files):
+        for file in files:
+            path = os.path.join(directory, file)
+
+            if not os.access(path, os.R_OK):
+                log.warning("%s doesn't exist" % path)
+                continue
+
+            # If the path begins with rootPath, matchPathCon will never match
+            # anything because policy doesn't contain that path.
+            if path.startswith(anaconda.rootPath):
+                path = path.replace(anaconda.rootPath, "")
+
+            ret = isys.resetFileContext(path, anaconda.rootPath)
+            log.info("set fc of %s to %s" % (path, ret))
+
     if flags.selinux:
         log.info("setting SELinux contexts for anaconda created files")
 
-        files = ["/etc/rpm/macros", "/etc/dasd.conf", "/etc/zfcp.conf",
-                 "/etc/lilo.conf.anaconda", "/lib64", "/usr/lib64",
-                 "/etc/blkid.tab", "/etc/blkid.tab.old", 
-                 "/etc/mtab", "/etc/fstab", "/etc/resolv.conf",
-                 "/etc/modprobe.conf", "/etc/modprobe.conf~",
-                 "/var/log/wtmp", "/var/run/utmp", "/etc/crypttab",
-                 "/dev/log", "/var/lib/rpm", "/", "/etc/raidtab",
-                 "/etc/mdadm.conf", "/etc/sysconfig/network",
-                 "/etc/udev/rules.d/70-persistent-net.rules",
-                 "/root/install.log", "/root/install.log.syslog",
-                 "/etc/shadow", "/etc/shadow-", "/etc/gshadow"] + \
-                glob.glob('/etc/dhcp/dhclient-*.conf')
-
-        vgs = ["/dev/%s" % vg.name for vg in anaconda.storage.vgs]
-
-        # ugh, this is ugly
-        for dir in ["/etc/sysconfig/network-scripts", "/var/lib/rpm", "/etc/lvm", "/dev/mapper", "/etc/iscsi", "/var/lib/iscsi", "/root", "/var/log", "/etc/modprobe.d", "/etc/sysconfig" ] + vgs:
-            def addpath(x): return dir + "/" + x
-
-            if not os.path.isdir(anaconda.rootPath + dir):
-                continue
-            dirfiles = os.listdir(anaconda.rootPath + dir)
-            files.extend(map(addpath, dirfiles))
-            files.append(dir)
+        # Add "/mnt/sysimage" to the front of every path so the glob works.
+        # Then run glob on each element of the list and flatten it into a
+        # single list we can run contextCB across.
+        files = itertools.chain(*map(lambda f: glob.glob("%s/%s" % (anaconda.rootPath, f)),
+                                     relabelFiles))
+        contextCB(None, "", files)
 
-        for f in files:
-            if not os.access("%s/%s" %(anaconda.rootPath, f), os.R_OK):
-                log.warning("%s doesn't exist" %(f,))
-                continue
-            ret = isys.resetFileContext(os.path.normpath(f),
-                                        anaconda.rootPath)
-            log.info("set fc of %s to %s" %(f, ret))
+        for dir in relabelDirs + ["/dev/%s" % vg.name for vg in anaconda.storage.vgs]:
+            # Add "/mnt/sysimage" for similar reasons to above.
+            dir = "%s/%s" % (anaconda.rootPath, dir)
+
+            os.path.walk(dir, contextCB, None)
+
+            # os.path.walk won't include the directory we start walking at,
+            # so that needs its context set separtely.
+            contextCB(None, "", [dir])
 
     return
author	Chris Lumens <clumens@redhat.com>	2010-08-18 10:26:00 -0400
committer	Chris Lumens <clumens@redhat.com>	2010-08-19 14:28:48 -0400
commit	03612bf8024b58380f6b70254913558c9f96c822 (patch)
tree	798a8522cf8b26ff2a9c364a64a5c56c841afba6 /pyanaconda/packages.py
parent	4766743fed030a23706c496a7637965061a1b898 (diff)
download	anaconda-03612bf8024b58380f6b70254913558c9f96c822.tar.gz anaconda-03612bf8024b58380f6b70254913558c9f96c822.tar.xz anaconda-03612bf8024b58380f6b70254913558c9f96c822.zip