4:43 a.m.
Instead of just documenting this bug, fix it in the file_contexts
file.
Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409.
---
customize/SELinux_relabel.ml | 19 +++++++++++++++++++
v2v/virt-v2v.pod | 11 -----------
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml
index fa9603c..69a4779 100644
--- a/customize/SELinux_relabel.ml
+++ b/customize/SELinux_relabel.ml
@@ -44,6 +44,25 @@ let relabel (g : G.guestfs) =
let specfile =
sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
+ (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
+ * invalid regular expression "/var/run/spice-vdagentd.\pid"
+ * (instead of "\.p"). This stops setfiles from working on
+ * the guest.
+ *
+ * Because an SELinux relabel writes all over the filesystem,
+ * it seems reasonable to fix this problem in the specfile
+ * at the same time. (RHBZ#1374232)
+ *)
+ if g#grep ~fixed:true ".\\p" specfile <> [||] then (
+ debug "fixing invalid regular expression in %s" specfile;
+ let old_specfile = specfile ^ "~" in
+ g#mv specfile old_specfile;
+ let content = g#read_file old_specfile in
+ let content = String.replace content ".\\p" "\\.p" in
+ g#write specfile content;
+ g#copy_attributes ~all:true old_specfile specfile
+ );
+
(* Relabel everything. *)
g#selinux_relabel ~force:true specfile "/";
diff --git a/v2v/virt-v2v.pod b/v2v/virt-v2v.pod
index 3d0eada..a5b8e88 100644
--- a/v2v/virt-v2v.pod
+++ b/v2v/virt-v2v.pod
@@ -789,17 +789,6 @@ can install policycoreutils E<ge> 1.18.1-4.13 before starting
the v2v
conversion. See also
L<https://bugzilla.redhat.com/show_bug.cgi?id=244636>
-=head1 RHEL 6
-
-=head2 RHEL 6.2 fails with "libguestfs error: selinux_relabel: : Success"
-
-Conversion of a RHEL 6.2 (exactly) guest will fail because the
-C</etc/selinux/targeted/contexts/files> file within the guest contains
-a corrupt regular expression. This was fixed in later versions of
-RHEL 6, so you will need to update to any version E<ge> 6.3 before
-performing the conversion. See also
-L<https://bugzilla.redhat.com/show_bug.cgi?id=1374232>
-
=head1 DEBIAN AND UBUNTU
=head2 "warning: could not determine a way to update the configuration of
Grub2"
--
2.10.2
8:48 a.m.
On Monday, 6 March 2017 11:43:14 CET Richard W.M. Jones wrote:
Instead of just documenting this bug, fix it in the file_contexts
file.
Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409.
---
customize/SELinux_relabel.ml | 19 +++++++++++++++++++
v2v/virt-v2v.pod | 11 -----------
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml
index fa9603c..69a4779 100644
--- a/customize/SELinux_relabel.ml
+++ b/customize/SELinux_relabel.ml
@@ -44,6 +44,25 @@ let relabel (g : G.guestfs) =
let specfile =
sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
+ (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
+ * invalid regular expression "/var/run/spice-vdagentd.\pid"
+ * (instead of "\.p"). This stops setfiles from working on
+ * the guest.
+ *
+ * Because an SELinux relabel writes all over the filesystem,
+ * it seems reasonable to fix this problem in the specfile
+ * at the same time. (RHBZ#1374232)
+ *)
+ if g#grep ~fixed:true ".\\p" specfile <> [||] then (
Should the search&replace be restricted to e.g. "spice-vdagentd.\pid",
to avoid possible breaks with other versions of the contexts file?
Thanks,
--
Pino Toscano
9:11 a.m.
On Mon, Mar 06, 2017 at 03:48:06PM +0100, Pino Toscano wrote:
On Monday, 6 March 2017 11:43:14 CET Richard W.M. Jones wrote:
> Instead of just documenting this bug, fix it in the file_contexts
> file.
>
> Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409.
> ---
> customize/SELinux_relabel.ml | 19 +++++++++++++++++++
> v2v/virt-v2v.pod | 11 -----------
> 2 files changed, 19 insertions(+), 11 deletions(-)
>
> diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml
> index fa9603c..69a4779 100644
> --- a/customize/SELinux_relabel.ml
> +++ b/customize/SELinux_relabel.ml
> @@ -44,6 +44,25 @@ let relabel (g : G.guestfs) =
> let specfile =
> sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
>
> + (* RHEL 6.2 - 6.5 had a malformed specfile that contained the
> + * invalid regular expression "/var/run/spice-vdagentd.\pid"
> + * (instead of "\.p"). This stops setfiles from working on
> + * the guest.
> + *
> + * Because an SELinux relabel writes all over the filesystem,
> + * it seems reasonable to fix this problem in the specfile
> + * at the same time. (RHBZ#1374232)
> + *)
> + if g#grep ~fixed:true ".\\p" specfile <> [||] then (
Should the search&replace be restricted to e.g. "spice-vdagentd.\pid",
to avoid possible breaks with other versions of the contexts file?
Assuming it's a list of regular expressions (ie. the format doesn't
change radically) then \p would never be valid. However yes I can
tighten up the test.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
2818
days inactive
2818
days old
2 comments
2 participants
participants (2)
-
Pino Toscano -
Richard W.M. Jones