From patchwork Tue Apr 22 21:52:31 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 341640 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 1E73D1400B9 for ; Wed, 23 Apr 2014 07:52:39 +1000 (EST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s3MLqaR2014932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 22 Apr 2014 21:52:37 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s3MLqZj2001434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Apr 2014 21:52:36 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1WcicF-0006PV-ST; Tue, 22 Apr 2014 14:52:35 -0700 Received: from acsinet21.oracle.com ([141.146.126.237]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1WcicD-0006PN-Hu for fedfs-utils-devel@oss.oracle.com; Tue, 22 Apr 2014 14:52:33 -0700 Received: from aserp1030.oracle.com (aserp1030.oracle.com [141.146.126.68]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s3MLqXrF001367 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 22 Apr 2014 21:52:33 GMT Received: from mail-ig0-f171.google.com (mail-ig0-f171.google.com [209.85.213.171]) by aserp1030.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s3MLqWqZ030488 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Tue, 22 Apr 2014 21:52:32 GMT Authentication-Results: aserp1030.oracle.com; dkim=pass reason="2048-bit key" header.d=gmail.com header.i=@gmail.com header.b=oJUK1iUz Received: by mail-ig0-f171.google.com with SMTP id c1so3579266igq.4 for ; Tue, 22 Apr 2014 14:52:32 -0700 (PDT) X-Received: by 10.42.136.130 with SMTP id u2mr37431168ict.51.1398203552160; Tue, 22 Apr 2014 14:52:32 -0700 (PDT) Received: from seurat.1015granger.net ([2604:8800:100:81fc:20c:29ff:fe44:ec31]) by mx.google.com with ESMTPSA id kr5sm31270215igb.9.2014.04.22.14.52.31 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Apr 2014 14:52:31 -0700 (PDT) To: fedfs-utils-devel@oss.oracle.com From: Chuck Lever Date: Tue, 22 Apr 2014 17:52:31 -0400 Message-ID: <20140422215231.29534.35494.stgit@seurat.1015granger.net> In-Reply-To: <20140422215044.29534.3645.stgit@seurat.1015granger.net> References: <20140422215044.29534.3645.stgit@seurat.1015granger.net> User-Agent: StGit/0.16 MIME-Version: 1.0 X-Flow-Control-Info: class=Pass-to-MM reputation=ipRisk-All ip=209.85.213.171 ct-class=R5 ct-vol1=0 ct-vol2=8 ct-vol3=7 ct-risk=47 ct-spam1=75 ct-spam2=7 ct-bulk=6 rcpts=1 size=1207 X-Sendmail-CM-Score: 0.00% X-Sendmail-CM-Analysis: v=2.1 cv=X9hrdgje c=1 sm=1 tr=0 a=HW1Es0DY5U6GXn0+robGQA==:117 a=dzsqy3y4QnMA:10 a=OVadzDaG_eAA:10 a=dPGociXpb70A:10 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=yPCof4ZbAAAA:8 a=Lb1rMZzfAAAA:8 a=1XWaLZrsAAAA:8 a=yLUilTNkbtRUvEmNl34A:9 a=QEXdDO 2ut3YA:10 a=7DSvI1NPTFQA:10 X-Sendmail-CT-RefID: str=0001.0A020202.5356E4A1.0018, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 X-Sendmail-CT-Classification: not spam Subject: [fedfs-utils] [PATCH 4/4] PyFedFs: SELinux prevents slapd from starting X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet21.oracle.com [141.146.126.237] Set an appropriate security context on /var/lib/fedfs/nsdb-db so that SELinux will allow slapd to run using datafiles in that directory. Signed-off-by: Chuck Lever --- src/PyFedfs/jumpstart/slapd.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/PyFedfs/jumpstart/slapd.py b/src/PyFedfs/jumpstart/slapd.py index 58ea670..eef7a4f 100644 --- a/src/PyFedfs/jumpstart/slapd.py +++ b/src/PyFedfs/jumpstart/slapd.py @@ -35,6 +35,7 @@ from subprocess import Popen, PIPE try: from PyFedfs.run import EXIT_SUCCESS, EXIT_FAILURE from PyFedfs.run import run_as_user, restart_service + from PyFedfs.run import run_command except ImportError: print >> sys.stderr, \ 'Could not import a required Python module:', sys.exc_value @@ -321,6 +322,10 @@ def replace_slapd_database(pathname): if ret != EXIT_SUCCESS: return ret + ret = run_command(['chcon', 'system_u:object_r:slapd_db_t:s0', pathname]) + if ret != EXIT_SUCCESS: + return ret + try: dbconfig = os.open(os.path.join(pathname, 'DB_CONFIG'), os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0444)