[ovs-git] [openvswitch/ovs] 778b01: ovs-lib: Fix SELinux contexts for created dirs.
GitHub
noreply at github.com
Fri Sep 23 17:12:59 UTC 2016
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: 778b01a368d062772ef4006907eb12b35d96df49
https://github.com/openvswitch/ovs/commit/778b01a368d062772ef4006907eb12b35d96df49
Author: Joe Stringer <joe at ovn.org>
Date: 2016-09-23 (Fri, 23 Sep 2016)
Changed paths:
M utilities/ovs-lib.in
Log Message:
-----------
ovs-lib: Fix SELinux contexts for created dirs.
ovs-lib creates several directories directly from the script, but
doesn't make any attempt to ensure that the correct SELinux context is
applied to these directories. As a result, the created directories end
up with type var_run_t rather than openvswitch_var_run_t.
During reboot using a tmpfs for /var/run, startup scripts will invoke
ovs-lib to create these directories with the wrong context. If SELinux
is enabled, OVS will fail to start as it cannot write to this directory.
Fix the issue by sprinkling "restorecon" in each of the places where
directories are created. In practice, many of these should otherwise be
handled by packaging scripts but if they exist then we should ensure the
correct SELinux context is set.
On systems where 'restorecon' is unavailable, this should be a no-op.
VMware-BZ: #1732672
Signed-off-by: Joe Stringer <joe at ovn.org>
Acked-by: Ansis Atteka <aatteka at ovn.org>
More information about the git
mailing list