"Fossies" - the Fresh Open Source Software Archive

Member "glusterfs-8.2/extras/hook-scripts/add-brick/post/S10selinux-label-brick.sh" (16 Sep 2020, 2113 Bytes) of package /linux/misc/glusterfs-8.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/bash
    2 #
    3 # Install to hooks/<HOOKS_VER>/add-brick/post
    4 #
    5 # Add an SELinux file context for each brick using the glusterd_brick_t type.
    6 # This ensures that the brick is relabeled correctly on an SELinux restart or
    7 # restore. Subsequently, run a restore on the brick path to set the selinux
    8 # labels.
    9 #
   10 ###
   11 
   12 PROGNAME="Sselinux"
   13 OPTSPEC="volname:,version:,gd-workdir:,volume-op:"
   14 VOL=
   15 
   16 parse_args () {
   17   ARGS=$(getopt -o '' -l ${OPTSPEC} -n ${PROGNAME} -- "$@")
   18   eval set -- "${ARGS}"
   19 
   20   while true; do
   21     case ${1} in
   22       --volname)
   23         shift
   24         VOL=${1}
   25         ;;
   26       --gd-workdir)
   27           shift
   28           GLUSTERD_WORKDIR=$1
   29           ;;
   30       --version)
   31           shift
   32           ;;
   33       --volume-op)
   34           shift
   35           ;;
   36       *)
   37           shift
   38           break
   39           ;;
   40     esac
   41     shift
   42   done
   43 }
   44 
   45 set_brick_labels()
   46 {
   47   local volname="${1}"
   48   local fctx
   49   local list=()
   50 
   51   fctx="$(semanage fcontext --list -C)"
   52 
   53   # wait for new brick path to be updated under
   54   # ${GLUSTERD_WORKDIR}/vols/${volname}/bricks/
   55   sleep 5
   56 
   57   # grab the path for each local brick
   58   brickpath="${GLUSTERD_WORKDIR}/vols/${volname}/bricks/"
   59   brickdirs=$(
   60     find "${brickpath}" -type f -exec grep '^path=' {} \; | \
   61     cut -d= -f 2 | \
   62     sort -u
   63   )
   64 
   65   # create a list of bricks for which custom SELinux
   66   # label doesn't exist
   67   for b in ${brickdirs}; do
   68     pattern="${b}(/.*)?"
   69     echo "${fctx}" | grep "^${pattern}\s" >/dev/null
   70     if [[ $? -ne 0 ]]; then
   71       list+=("${pattern}")
   72     fi
   73   done
   74 
   75   # Add a file context for each brick path in the list and associate with the
   76   # glusterd_brick_t SELinux type.
   77   for p in ${list[@]}
   78   do
   79     semanage fcontext --add -t glusterd_brick_t -r s0 "${p}"
   80   done
   81 
   82   # Set the labels for which SELinux label was added above
   83   for b in ${brickdirs}
   84   do
   85     echo "${list[@]}" | grep "${b}" >/dev/null
   86     if [[ $? -eq 0 ]]; then
   87       restorecon -R "${b}"
   88     fi
   89   done
   90 }
   91 
   92 SELINUX_STATE=$(which getenforce && getenforce)
   93 [ "${SELINUX_STATE}" = 'Disabled' ] && exit 0
   94 
   95 parse_args "$@"
   96 [ -z "${VOL}" ] && exit 1
   97 
   98 set_brick_labels "${VOL}"
   99 
  100 exit 0