Hide Forgot
Description of problem: This is a feature request of oo-restorecon oo-accept-node will alert the problem of something being mislabled. IT will look like this: FAIL: invalid MCS labels on /var/lib/openshift/521eb87f5973ca00e4000081/app-root. run oo-restorecon to restore OpenShift SELinux categories Version-Release number of selected component (if applicable): To fix this issue, it suggest to run oo-restorecon. On a machine that has 100GB's of data with 1000's of users, this takes FOREVER to run and complete. Right now we are relabeling 100's of GB's and 1000's of files when all that is needed is one or two gears fixed. It would be best if a path could be passed into oo-restorecon and only that path will have the selinux labels fixed. How reproducible: very, it's the normal behaviour. Steps to Reproduce: 1. run oo-restorecon see how it traversing Additional info: This is a feature request. Thanks.
Proposed pull request https://github.com/openshift/origin-server/pull/3687
Merged, moving to ON_QA, the commands are mentioned in the pull request.
Tested on devenv 3824 Now, if using "oo-restorecon -a", it will try to restore all the gears; if using "oo-restorecon gear_uuid", it will restore the specific gear; if no option is given, it will show the help information correctly. [root@ip-10-179-37-67 52429b6da3a7280759000070]# chcon -h -t httpd_sys_content_t php [root@ip-10-179-37-67 52429b6da3a7280759000070]# ls -Z drwxr-xr-x. root 52429b6da3a7280759000070 system_u:object_r:openshift_var_lib_t:s0:c0,c1017 app-root drwxr-xr-x. root root unconfined_u:object_r:openshift_var_lib_t:s0:c0,c1017 git drwxr-xr-x. 52429b6da3a7280759000070 52429b6da3a7280759000070 system_u:object_r:httpd_sys_content_t:s0:c0,c1017 php [root@ip-10-179-37-67 52429b6da3a7280759000070]# cd .. [root@ip-10-179-37-67 openshift]# oo-restorecon 52429b6da3a7280759000070 [root@ip-10-179-37-67 openshift]# cd - /var/lib/openshift/52429b6da3a7280759000070 [root@ip-10-179-37-67 52429b6da3a7280759000070]# ls -Z drwxr-xr-x. root 52429b6da3a7280759000070 system_u:object_r:openshift_var_lib_t:s0:c0,c1017 app-root drwxr-xr-x. root root unconfined_u:object_r:openshift_var_lib_t:s0:c0,c1017 git drwxr-xr-x. 52429b6da3a7280759000070 52429b6da3a7280759000070 system_u:object_r:openshift_var_lib_t:s0:c0,c1017 php Mark it as verified.
Although the function is working, there is no description about using gear_uuid in the help content: [root@ip-10-145-231-30 ~]# oo-restorecon --help Usage: /usr/sbin/oo-restorecon [options] [UUIDs] -v, --verbose Verbose output -a, --all Chcon all gears -h, --help Display help It is suggested to add the corresponding help info.
To be more accurate, I think it would be better to add an option like "-g" in the help list. Current help info only shows [options] and [UUIDs] together. What should I expect if I use something like "oo-restorecon --all 52439f17be4a4f319500008"? But after discussing with others, we get a conclusion that there is no need to so strict/accurate for this command help info. So move it to verified again.