Bug #31908: Maybe restorecon /var/lib/pulp/pulpcore_static/ after every installer run? - Installer - Foreman

Actions

Copy link

Bug #31908

open

Maybe restorecon /var/lib/pulp/pulpcore_static/ after every installer run?

Added by Brian Bouterse almost 4 years ago. Updated almost 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Assuming NFS mounts specify new labels to receive pulpcore_var_lib_t, static media could get mislabeled.

Background

Really everything gets pulpcore_var_lib_t except the static directory (see the policy .fc file here https://github.com/pulp/pulpcore-selinux/blob/master/pulpcore.fc#L17-L23 ). SELinux with local filesystems will get it right but if the /var/lib/pulp/ is on an NFS filesystem and that mount specifies new files to receive pulpcore_var_lib_t (as it should) then the static media could get mislabeled at upgrade time.

Ideas

It's possible new static content could be created with each installer run. We can't run restorecon on all of /var/lib/pulp/ it'll take hours.

So maybe just run restorecon on `/var/lib/pulp/pulpcore_static/` after each installer run?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Installer

Custom queries

Bug #31908

Maybe restorecon /var/lib/pulp/pulpcore_static/ after every installer run?

Updated by Justin Sherrill almost 4 years ago