#160 Relabel /dev/nvme* explicitly
Merged 2 months ago by zpytela. Opened 2 months ago by zpytela.
rpms/ zpytela/selinux-policy nvme-relabel  into  rawhide

file modified
+4
@@ -279,6 +279,10 @@ 

       %{_sbindir}/fixfiles -C ${FILE_CONTEXT}.pre restore &> /dev/null > /dev/null; \

       rm -f ${FILE_CONTEXT}.pre; \

  fi; \

+ # the /dev/nvme* device files type changed, therefore explicit relabeling \

+ # of /dev/nvme* is needed as fixfiles excludes /dev \

+ # this is a temporary workaround till April 2021 \

+ [ -f /dev/nvme0 ] && %{_sbindir}/restorecon /dev/nvme* \

  if %{_sbindir}/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \

      continue; \

  fi;

In the 9613e80506e7ffa37e9b150f2a3f8641dd7c26ea selinux-policy commit,
the type of nvme device files has changed from nvme_device_t to
fixed_disk_device_t.

As fixfiles excludes /dev entries, restorecon needs to be run explicitly
for these files to restore the context.

I'm not very happy about such one-off scriptlet, but at the very least there should be a comment stating a specific date/release when this will be removed.

And we should also address the long-term problem, which is that fixfiles skips /dev for no good reason...

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

rebased onto c7794d9

2 months ago

This is considered a temporary workaround, I've changed both the commit message and content.

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

Pull-Request has been merged by zpytela

2 months ago
Metadata