Bug 1145720
Summary: | selinux relabel after yum update of pulp-selinux | ||
---|---|---|---|
Product: | [Retired] Pulp | Reporter: | Bryan Kearney <bkearney> |
Component: | rel-eng | Assignee: | pulp-bugs |
Status: | CLOSED UPSTREAM | QA Contact: | pulp-qe-list |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | Master | CC: | achan, bkearney, bmbouter, chrobert, katello-bugs, katello-qa-list, mhrivnak, mmccune, mmello, pgervase, shughes, stbenjam, xdmoon |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1131575 | Environment: | |
Last Closed: | 2015-02-28 22:21:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 1
Brian Bouterse
2014-10-16 20:13:17 UTC
You can also detect when changes are made, and only run restorecon on the applicable paths. This works better anyway, because if the future separated pulp-selinux has a small change unrelated to /var/lib/pulp, you don't also relabel that. I haven't looked into this too much, but it may help: 14:09 | stbenjam > is it typical to always run restorecon in a -selinux PRM %post? this is insane on pulp-selinux... /var/lib/pulp has hundreds of thousands of files :-( 14:11 | Dominic > stbenjam: you can optimise it in various ways, see fixfiles -C and probably selinux-policy pre/post script 14:11 | Dominic > stbenjam: I think you're basically only restoring contexts of files where there's a change in fcontext 14:21 | Dominic > stbenjam: line 277-282 in %pre, followed by 263-268 in %post.. http://pkgs.fedoraproject.org/cgit/selinux-policy.git/tree/selinux-policy.spec#n265 Moved to https://pulp.plan.io/issues/540 |