1 files changed, 62 insertions, 0 deletions

diff --git a/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh b/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh
new file mode 100755
index 00000000000..2c83331d5cd
--- /dev/null
+++ b/extras/hook-scripts/delete/pre/S10selinux-del-fcontext.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Install to hooks/<HOOKS_VER>/delete/pre
+#
+# Delete the file context associated with the brick path on volume deletion. The
+# associated file context was added during volume creation.
+#
+# We do not explicitly relabel the brick, as this could be time consuming and
+# unnecessary.
+#
+###
+
+PROGNAME="Sselinux"
+OPTSPEC="volname:"
+VOL=
+CONFIGFILE=
+LOGFILEBASE=
+PIDDIR=
+
+function parse_args () {
+        ARGS=$(getopt -l $OPTSPEC  -name $PROGNAME $@)
+        eval set -- "$ARGS"
+
+        while true; do
+        case $1 in
+        --volname)
+         shift
+         VOL=$1
+         ;;
+        *)
+         shift
+         break
+         ;;
+        esac
+        shift
+        done
+}
+
+function delete_brick_fcontext()
+{
+        volname=$1
+
+        # grab the path for each local brick
+        brickdirs=$(grep '^path=' /var/lib/glusterd/vols/${volname}/bricks/* | cut -d= -f 2)
+
+        for b in $brickdirs
+        do
+                # remove the file context associated with the brick path
+                semanage fcontext --delete $b\(/.*\)?
+        done
+}
+
+SELINUX_STATE=$(which getenforce && getenforce)
+[ "${SELINUX_STATE}" = 'Disabled' ] && exit 0
+
+parse_args $@
+[ -z "$VOL" ] && exit 1
+
+delete_brick_fcontext $VOL
+
+# failure to delete the fcontext is not fatal
+exit 0