Project

General

Profile

Actions
Copy link

Bug #31908

open

Maybe restorecon /var/lib/pulp/pulpcore_static/ after every installer run?

Added by Brian Bouterse about 3 years ago. Updated about 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Assuming NFS mounts specify new labels to receive pulpcore_var_lib_t, static media could get mislabeled.

  1. Background

Really everything gets pulpcore_var_lib_t except the static directory (see the policy .fc file here https://github.com/pulp/pulpcore-selinux/blob/master/pulpcore.fc#L17-L23 ). SELinux with local filesystems will get it right but if the /var/lib/pulp/ is on an NFS filesystem and that mount specifies new files to receive pulpcore_var_lib_t (as it should) then the static media could get mislabeled at upgrade time.

  1. Ideas

It's possible new static content could be created with each installer run. We can't run restorecon on all of /var/lib/pulp/ it'll take hours.

So maybe just run restorecon on `/var/lib/pulp/pulpcore_static/` after each installer run?

Actions
Copy link
 #1

Updated by Justin Sherrill about 3 years ago

and to be more specific it would be after every invocation of collectstatic:

https://github.com/theforeman/puppet-pulpcore/blob/6a88107e66607dbbbd008d5b2139ed538395f177/manifests/static.pp#L11-L14

if its deemed necessary

Actions
Copy link

Also available in: Atom PDF