登录 注册
开源 企业版 高校版 私有云 模力方舟 Gitee AI
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
8 Star 0 Fork 5

src-anolis-os/glusterfs

代码 Issues 0 Pull Requests 2 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
0607-SELinux-Fix-boolean-management.patch 4.39 KB
一键复制 编辑 原始数据 按行查看 历史
ZhouWeitao 提交于 2022-02-17 21:00 +08:00 . update to glusterfs-6.0-61.el8
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
From 4b65ff0d1a3d70fcf3cfa8ab769135ae12f529d8 Mon Sep 17 00:00:00 2001

From: nik-redhat <nladha@redhat.com>

Date: Thu, 7 Oct 2021 22:02:32 +0530

Subject: [PATCH 607/610] SELinux: Fix boolean management



Remove %triggerun ganesha

This trigger shouldn't be needed to begin with since removing

selinux-policy-targeted means that the user is switching SELinux off, or

is is switching the policy (to "mls" or "minimum"). In either case the

current boolean setting is not going to be used any more. The last

option, removal of glusterfs-ganesha, is covered by '%postun ganesha'.

But more importantly, the trigger is called every time

selinux-policy-targeted is updated (which can be avoided).

%triggerun is executed after %triggerin -

https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#ordering

So when selinux-policy-targeted is updated, the new version is installed

first triggering `semanage boolean -m ganesha_use_fusefs --on`,

and then the old version is uninstalled triggering

`semanage boolean -m ganesha_use_fusefs --off`.



* use selinux_[un]set_booleans instead of "semanage boolean"

  The macro pair properly manages SELinux stores and doesn't disable the

  boolean in case it was enabled before ${name}-ganesha was installed.



* Only change booleans when the package is first installed or

  uninstalled

Updating ${name}-ganesha would disable the boolean because %postun is

called after %post (same issue as with the triggers).



Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>

Change-Id: Ibb926ffbe00c9f000bd740708c0a4b3435ee7871

PR: https://github.com/gluster/glusterfs/pull/2833

Issue: https://github.com/gluster/glusterfs/issues/2522

Resolves: rhbz#1973566

Resolves: rhbz#1975400



BUG: 1973566

Change-Id: Idef6cbd6bce35151518d6f76e5b74774e5756fc9

Signed-off-by: nik-redhat <nladha@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/c/rhs-glusterfs/+/280114

Tested-by: RHGS Build Bot <nigelb@redhat.com>

Reviewed-by: Kaleb Keithley <kkeithle@redhat.com>

---

 glusterfs.spec.in | 34 +++++++++++++++++++++-------------

 1 file changed, 21 insertions(+), 13 deletions(-)



diff --git a/glusterfs.spec.in b/glusterfs.spec.in

index 424f4ab..a9a83b1 100644

--- a/glusterfs.spec.in

+++ b/glusterfs.spec.in

@@ -954,7 +954,10 @@ exit 0

 %if ( 0%{!?_without_server:1} )

 %if ( 0%{?fedora} && 0%{?fedora} > 25 || ( 0%{?rhel} && 0%{?rhel} > 6 ) )

 %post ganesha

-semanage boolean -m ganesha_use_fusefs --on

+# first install

+if [ $1 -eq 1 ]; then

+  %selinux_set_booleans ganesha_use_fusefs=1

+fi

 exit 0

 %endif

 %endif

@@ -962,7 +965,9 @@ exit 0

 %if ( 0%{!?_without_georeplication:1} )

 %post geo-replication

 %if ( 0%{?rhel} && 0%{?rhel} >= 8 )

-%selinux_set_booleans %{selinuxbooleans}

+if [ $1 -eq 1 ]; then

+  %selinux_set_booleans %{selinuxbooleans}

+fi

 %endif

 if [ $1 -ge 1 ]; then

     %systemd_postun_with_restart glusterd

@@ -1089,29 +1094,32 @@ exit 0

 %if ( 0%{!?_without_server:1} )

 %if ( 0%{?fedora} && 0%{?fedora} > 25  || ( 0%{?rhel} && 0%{?rhel} > 6 ) )

 %postun ganesha

-semanage boolean -m ganesha_use_fusefs --off

+if [ $1 -eq 0 ]; then

+  # use the value of ganesha_use_fusefs from before glusterfs-ganesha was installed

+  %selinux_unset_booleans ganesha_use_fusefs=1

+fi

 exit 0

 %endif

 %endif

 

-##-----------------------------------------------------------------------------

-## All %%trigger should be placed here and keep them sorted

-##

-%if ( 0%{!?_without_server:1} )

-%if ( 0%{?fedora} && 0%{?fedora} > 25  || ( 0%{?rhel} && 0%{?rhel} > 6 ) )

-%trigger ganesha -- selinux-policy-targeted

-semanage boolean -m ganesha_use_fusefs --on

+%if ( 0%{!?_without_georeplication:1} )

+%postun geo-replication

+%if ( 0%{?rhel} && 0%{?rhel} >= 8 )

+if [ $1 -eq 0 ]; then

+  %selinux_unset_booleans %{selinuxbooleans}

+fi

 exit 0

 %endif

 %endif

 

 ##-----------------------------------------------------------------------------

-## All %%triggerun should be placed here and keep them sorted

+## All %%trigger should be placed here and keep them sorted

 ##

 %if ( 0%{!?_without_server:1} )

 %if ( 0%{?fedora} && 0%{?fedora} > 25  || ( 0%{?rhel} && 0%{?rhel} > 6 ) )

-%triggerun ganesha -- selinux-policy-targeted

-semanage boolean -m ganesha_use_fusefs --off

+# ensure ganesha_use_fusefs is on in case of policy mode switch (eg. mls->targeted)

+%triggerin ganesha -- selinux-policy-targeted

+semanage boolean -m ganesha_use_fusefs --on -S targeted

 exit 0

 %endif

 %endif

-- 

1.8.3.1
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/src-anolis-os/glusterfs.git
git@gitee.com:src-anolis-os/glusterfs.git
src-anolis-os
glusterfs
glusterfs
a8
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
371d5123 14472233 46e8bd33 14472233