diff options
Diffstat (limited to 'extras/hook-scripts/create')
| -rw-r--r-- | extras/hook-scripts/create/Makefile.am | 1 | ||||
| -rw-r--r-- | extras/hook-scripts/create/post/Makefile.am | 6 | ||||
| -rwxr-xr-x | extras/hook-scripts/create/post/S10selinux-label-brick.sh | 61 |
3 files changed, 68 insertions, 0 deletions
diff --git a/extras/hook-scripts/create/Makefile.am b/extras/hook-scripts/create/Makefile.am new file mode 100644 index 00000000000..b083a9145d6 --- /dev/null +++ b/extras/hook-scripts/create/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = post diff --git a/extras/hook-scripts/create/post/Makefile.am b/extras/hook-scripts/create/post/Makefile.am new file mode 100644 index 00000000000..adbce78d249 --- /dev/null +++ b/extras/hook-scripts/create/post/Makefile.am @@ -0,0 +1,6 @@ +EXTRA_DIST = S10selinux-label-brick.sh + +scriptsdir = $(GLUSTERD_WORKDIR)/hooks/1/create/post/ +if USE_SELINUX +scripts_SCRIPTS = S10selinux-label-brick.sh +endif diff --git a/extras/hook-scripts/create/post/S10selinux-label-brick.sh b/extras/hook-scripts/create/post/S10selinux-label-brick.sh new file mode 100755 index 00000000000..d69a938123e --- /dev/null +++ b/extras/hook-scripts/create/post/S10selinux-label-brick.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# +# Install to hooks/<HOOKS_VER>/create/post +# +# Add an SELinux file context for each brick using the glusterd_brick_t type. +# This ensures that the brick is relabeled correctly on an SELinux restart or +# restore. Subsequently, run a restore on the brick path to set the selinux +# labels. +# +### + +PROGNAME="Sselinux" +OPTSPEC="volname:" +VOL= + +function parse_args () { + ARGS=$(getopt -l $OPTSPEC -name $PROGNAME $@) + eval set -- "$ARGS" + + while true; do + case $1 in + --volname) + shift + VOL=$1 + ;; + *) + shift + break + ;; + esac + shift + done +} + +function set_brick_labels() +{ + volname=$1 + + # grab the path for each local brick + brickdirs=$(grep '^path=' /var/lib/glusterd/vols/${volname}/bricks/* | cut -d= -f 2) + + for b in $brickdirs + do + # Add a file context for each brick path and associate with the + # glusterd_brick_t SELinux type. + semanage fcontext --add -t glusterd_brick_t -r s0 $b(/.*)? + + # Set the labels on the new brick path. + restorecon -R $b + done +} + +SELINUX_STATE=$(which getenforce && getenforce) +[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0 + +parse_args $@ +[ -z "$VOL" ] && exit 1 + +set_brick_labels $VOL + +exit 0 |