Description of problem: Ability to specify a selinux context to the deployable configuration files. Patch: https://www.redhat.com/archives/spacewalk-devel/2009-July/msg00098.html Patch provided by: Joshua Roys (joshua.roys.edu) Reviewed by: Pradeep Kilambi
So far: Patches have been reviewed and deployed to test servers. Current Pending issues: Functionality Issues: ===================== - If you try to deploy a file with a content it hits the below block. D: do_call configfiles.deploy ({'files': [{'config_channel': 'pradtest', 'username': 'root', 'md5sum': '71b517126a29976c78b478065104bc04', 'encoding': 'base64', 'filetype': 'file', 'delim_start': '{|', 'file_contents': 'aGkgc2VsaW51eA==\n', 'groupname': 'root', 'delim_end': '|}', 'selinux_ctx': 'user_home_t', 'filemode': 644, 'path': '/tmp/foo.txt', 'revision': 2}]},) global name 'setfilecon' is not defined D: Sending back response (49, "Failed deployment, rolled back: global name 'setfilecon' is not defined", {}) D: do_call packages.checkNeedUpdate ('rhnsd=1',) D: local action status: (0, 'rpm database not modified since last update (or package list recently updated)', {}) D: closed db index /var/lib/rpm/Providename D: closed db index /var/lib/rpm/Packages D: closed db environment /var/lib/rpm/Packages D: May free Score board((nil)) diff --git a/client/tools/rhncfg/config_common/transactions.py b/client/tools/rhncfg/config_common/transactions.py index 9f87700..2458f9a 100644 --- a/client/tools/rhncfg/config_common/transactions.py +++ b/client/tools/rhncfg/config_common/transactions.py ... + if file_info.has_key('selinux_ctx'): + sectx = file_info.get('selinux_ctx') + if sectx is not None: + log_debug(1, "selinux context: " + sectx); + setfilecon(temp_file_path, sectx); + ... In the above block setfilecon here is not defined, so it will fail with a global setfilecon not set. Looks like you left out parts in your patch that is suppose to set the content of the file once the client gets the request. Build Issues: ============= $ ant clean all (in java dir) you should see, do-compile-main: [javac] Compiling 2469 source files to code/git/spacewalk/java/build/classes [javac] code/git/spacewalk/java/code/src/com/redhat/rhn/domain/config/test/ConfigurationFactoryTest.java:153: lookupOrInsertConfigInfo(java.lang.String,java.lang.String,java.lang.Long,java.lang.String) in com.redhat.rhn.domain.config.ConfigurationFactory cannot be applied to (java.lang.String,java.lang.String,java.lang.Long) [javac] ConfigInfo info1 = ConfigurationFactory.lookupOrInsertConfigInfo("testman", [javac] ^ [javac] code/git/spacewalk/java/code/src/com/redhat/rhn/domain/config/test/ConfigurationFactoryTest.java:155: lookupOrInsertConfigInfo(java.lang.String,java.lang.String,java.lang.Long,java.lang.String) in com.redhat.rhn.domain.config.ConfigurationFactory cannot be applied to (java.lang.String,java.lang.String,java.lang.Long) [javac] ConfigInfo info2 = ConfigurationFactory.lookupOrInsertConfigInfo("testman", [javac] ^ [javac] code/git/spacewalk/java/code/src/com/redhat/rhn/testing/ConfigTestUtils.java:310: lookupOrInsertConfigInfo(java.lang.String,java.lang.String,java.lang.Long,java.lang.String) in com.redhat.rhn.domain.config.ConfigurationFactory cannot be applied to (java.lang.String,java.lang.String,java.lang.Long) [javac] return ConfigurationFactory.lookupOrInsertConfigInfo(user, group, fileMode); [javac] ^ [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -Xlint:deprecation for details. [javac] Note: Some input files use unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 3 errors BUILD FAILED For checkstyle Errors: run $ ant checkstyle (in your java dir) and you'll see, [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/domain/config/ConfigInfo.java:107:19: Name 'getSelinux_ctx' must match pattern '^[a-z][a-zA-Z0-9]*$'. [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/domain/config/ConfigInfo.java:115:17: Name 'setSelinux_ctx' must match pattern '^[a-z][a-zA-Z0-9]*$'. [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/domain/config/ConfigurationFactory.java:483:53: Name 'selinux_ctx' must match pattern '^[a-z][a-zA-Z0-9]*$'. [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/domain/config/ConfigurationFactory.java:498:35: Name 'selinux_ctx' must match pattern '^[a-z][a-zA-Z0-9]*$'. [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/manager/configuration/file/ConfigFileData.java:140:19: Name 'getSelinux_ctx' must match pattern '^[a-z][a-zA-Z0-9]*$'. [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/manager/configuration/file/ConfigFileData.java:147:17: Name 'setSelinux_ctx' must match pattern '^[a-z][a-zA-Z0-9]*$'. [checkstyle] code/git/spacewalk/java/code/src/com/redhat/rhn/manager/configuration/file/ConfigFileData.java:254:39: '(' is followed by whitespace. BUILD FAILED
Suggested Improvements: * If we set an invalid content for a file, setfilecon will return a -1 and leave the default context. I would check if the return code of setfilecon is -1 and log that info so user knows that the context dint apply in failure case. * Secondly in the fileDetails.do page, below the selinux Content entry area, I would add a tip to help users know the format of the input that field takes. Thanks, ~ Prad
New commits: commit 40785d998874d7e9b022a79a8322bce09af8ac3f Author: Joshua Roys<joshua.roys.edu> Date: Mon Aug 3 13:21:21 2009 -0400 Patch: Selinux Context support for config files commit 074cca0508e8d6b4817453f45b2bfada62ed8623 Author: Joshua Roys<joshua.roys.edu> Date: Mon Aug 3 13:25:08 2009 -0400 upgrade script for the previous commit. Patch from Joshua Roys
Spacewalk 0.6 released