From: Boris Ranto <branto@redhat.com>
Date: Fri, 28 Apr 2017 10:29:46 +0000 (+0200)
Subject: selinux: Do parallel relabel on package install
X-Git-Tag: v11.2.1~2^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4e0cfecd593b267811e6bf92e81ba98dbede5317;p=ceph.git

selinux: Do parallel relabel on package install

We can take advantage of ceph-disk fix subcommand when doing a package
install. We will keep using the differential fixfiles command otherwise.

We also need to add relabel for /usr/bin/ daemons so that we could use
this.

Fixes: http://tracker.ceph.com/issues/20077

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit 1cecddf031991f1c64ea203f173189624f11940e)
---

diff --git a/ceph.spec.in b/ceph.spec.in
index 27d3615d8d4..5cb781227ed 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1595,8 +1595,14 @@ if test $STATUS -eq 0; then
     /usr/bin/systemctl stop ceph.target > /dev/null 2>&1
 fi
 
-# Now, relabel the files
-/usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null
+# Relabel the files
+# Use ceph-disk fix for first package install and fixfiles otherwise
+if [ "$1" = "1" ]; then
+    /usr/sbin/ceph-disk fix --selinux
+else
+    /usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null
+fi
+
 rm -f ${FILE_CONTEXT}.pre
 # The fixfiles command won't fix label for /var/run/ceph
 /usr/sbin/restorecon -R /var/run/ceph > /dev/null 2>&1
diff --git a/src/ceph-disk/ceph_disk/main.py b/src/ceph-disk/ceph_disk/main.py
index 4e8c7569cf6..c783c46730f 100755
--- a/src/ceph-disk/ceph_disk/main.py
+++ b/src/ceph-disk/ceph_disk/main.py
@@ -4686,9 +4686,14 @@ def main_trigger(args):
 def main_fix(args):
     # A hash table containing 'path': ('uid', 'gid', blocking, recursive)
     fix_table = [
+        ('/usr/bin/ceph-mon', 'ceph', 'ceph', True, False),
+        ('/usr/bin/ceph-mds', 'ceph', 'ceph', True, False),
+        ('/usr/bin/ceph-osd', 'ceph', 'ceph', True, False),
+        ('/usr/bin/radosgw', 'ceph', 'ceph', True, False),
         ('/etc/ceph', 'ceph', 'ceph', True, True),
         ('/var/run/ceph', 'ceph', 'ceph', True, True),
         ('/var/log/ceph', 'ceph', 'ceph', True, True),
+        ('/var/log/radosgw', 'ceph', 'ceph', True, True),
         ('/var/lib/ceph', 'ceph', 'ceph', True, False),
     ]