ceph-disk: set selinux context

Ensure that SELinux context is properly set according to policy.We
need this as SELinux context is not preserved across mount points.

Signed-off-by: Milan Broz <mbroz@redhat.com>

diff --git a/src/ceph-disk b/src/ceph-disk
index fc7949f71b72b7bed1c2e834f9b37add324ed55a..cb19cafc28e393933d1b618e4a5ad62ab4852190 100755 (executable)
--- a/src/ceph-disk
+++ b/src/ceph-disk
@@ -629,6 +629,7 @@ def write_one_line(parent, name, text):
     with file(tmp, 'wb') as tmp_file:
         tmp_file.write(text + '\n')
         os.fsync(tmp_file.fileno())
+    path_set_context(tmp)
     os.rename(tmp, path)
 
 
@@ -709,6 +710,15 @@ def get_osd_id(path):
         check_osd_id(osd_id)
     return osd_id
 
+def path_set_context(path):
+    # restore selinux context to default policy values
+    if which('restorecon'):
+        command(
+           [
+                'restorecon', '-R',
+                path,
+                ],
+           )
 
 def _check_output(args=None, **kwargs):
     out, ret = command(args, **kwargs)
@@ -1497,6 +1507,7 @@ def prepare_dev(
                 journal_dmcrypt=journal_dmcrypt,
                 )
         finally:
+            path_set_context(path)
             unmount(path)
     finally:
         if rawdev != dev: