selinux: Do parallel relabel on package install

We can take advantage of ceph-disk fix subcommand when doing a package
install. We will keep using the differential fixfiles command otherwise.

We also need to add relabel for /usr/bin/ daemons so that we could use
this.

Fixes: http://tracker.ceph.com/issues/20077
Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit 1cecddf031991f1c64ea203f173189624f11940e)

diff --git a/ceph.spec.in b/ceph.spec.in
index 27d3615d8d47bad25c869dd816e4ad4d6af17a65..5cb781227ed070fdcb9df1c02cff004ccff00a56 100644 (file)
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1595,8 +1595,14 @@ if test $STATUS -eq 0; then
     /usr/bin/systemctl stop ceph.target > /dev/null 2>&1
 fi
 
-# Now, relabel the files
-/usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null
+# Relabel the files
+# Use ceph-disk fix for first package install and fixfiles otherwise
+if [ "$1" = "1" ]; then
+    /usr/sbin/ceph-disk fix --selinux
+else
+    /usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null
+fi
+
 rm -f ${FILE_CONTEXT}.pre
 # The fixfiles command won't fix label for /var/run/ceph
 /usr/sbin/restorecon -R /var/run/ceph > /dev/null 2>&1

diff --git a/src/ceph-disk/ceph_disk/main.py b/src/ceph-disk/ceph_disk/main.py
index 4e8c7569cf64053ea1882bfd8e31c0fcf3479f25..c783c46730fe72aa802004de076441dabf56866d 100755 (executable)
--- a/src/ceph-disk/ceph_disk/main.py
+++ b/src/ceph-disk/ceph_disk/main.py
@@ -4686,9 +4686,14 @@ def main_trigger(args):
 def main_fix(args):
     # A hash table containing 'path': ('uid', 'gid', blocking, recursive)
     fix_table = [
+        ('/usr/bin/ceph-mon', 'ceph', 'ceph', True, False),
+        ('/usr/bin/ceph-mds', 'ceph', 'ceph', True, False),
+        ('/usr/bin/ceph-osd', 'ceph', 'ceph', True, False),
+        ('/usr/bin/radosgw', 'ceph', 'ceph', True, False),
         ('/etc/ceph', 'ceph', 'ceph', True, True),
         ('/var/run/ceph', 'ceph', 'ceph', True, True),
         ('/var/log/ceph', 'ceph', 'ceph', True, True),
+        ('/var/log/radosgw', 'ceph', 'ceph', True, True),
         ('/var/lib/ceph', 'ceph', 'ceph', True, False),
     ]