From: zaken Date: Wed, 1 Jan 2025 18:14:45 +0000 (+0200) Subject: mgr/cephadm: Restore client file(s) default SELinux context type X-Git-Tag: v20.0.0~401^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=aa9fc3570220079bf9ab21b743193f0ba369d4ca;p=ceph.git mgr/cephadm: Restore client file(s) default SELinux context type When cephadm writes client files to hosts, the new files are created in /tmp/cephadm- and then moved to their target directory. This makes the client files receive the usr_tmp_t context, which is different then their original context. mv -Z will set the SELinux security context type of the target file based on the SELinux policy rules for the target directory. Fixes: https://tracker.ceph.com/issues/69395 Signed-off-by: zaken --- diff --git a/src/pybind/mgr/cephadm/ssh.py b/src/pybind/mgr/cephadm/ssh.py index 1622cb001abaa..acb5a77c51b9e 100644 --- a/src/pybind/mgr/cephadm/ssh.py +++ b/src/pybind/mgr/cephadm/ssh.py @@ -358,7 +358,7 @@ class SSHManager: await self._check_execute_command(host, chown, addr=addr) chmod = RemoteCommand(Executables.CHMOD, [oct(mode)[2:], tmp_path]) await self._check_execute_command(host, chmod, addr=addr) - mv = RemoteCommand(Executables.MV, [tmp_path, path]) + mv = RemoteCommand(Executables.MV, ['-Z', tmp_path, path]) await self._check_execute_command(host, mv, addr=addr) except Exception as e: msg = f"Unable to write {host}:{path}: {e}"