Merge pull request uyuni-project#441 from mbussolotto/selinux

restore SELinux permission after migration (bsc#1229501)
rjpmestre · Sep 4, 2024 · 3bff107 · 3bff107
2 parents 7ea9d06 + 6858296
commit 3bff107
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/mgradm/shared/podman/podman.go b/mgradm/shared/podman/podman.go
@@ -198,6 +198,18 @@ func RunMigration(
 		[]string{"/var/lib/uyuni-tools/migrate.sh"}); err != nil {
 		return nil, utils.Errorf(err, L("cannot run uyuni migration container"))
 	}
+
+	//now that everything is migrated, we need to fix SELinux permission
+	for _, volumeMount := range utils.ServerVolumeMounts {
+		mountPoint, err := GetMountPoint(volumeMount.Name)
+		if err != nil {
+			return nil, utils.Errorf(err, L("cannot inspect volume %s"), volumeMount)
+		}
+		if err := utils.RunCmdStdMapping(zerolog.DebugLevel, "restorecon", "-F", "-r", "-v", mountPoint); err != nil {
+			return nil, utils.Errorf(err, L("cannot restore %s SELinux permissions"), mountPoint)
+		}
+	}
+
 	extractedData, err := utils.ReadInspectData[utils.InspectResult](path.Join(scriptDir, "data"))
 
 	if err != nil {
@@ -452,3 +464,13 @@ func CallCloudGuestRegistryAuth() error {
 	// silently ignore error if it is missing
 	return nil
 }
+
+// GetMountPoint return folder where a given volume is mounted.
+func GetMountPoint(volumeName string) (string, error) {
+	args := []string{"volume", "inspect", "--format", "{{.Mountpoint}}", volumeName}
+	mountPoint, err := utils.RunCmdOutput(zerolog.DebugLevel, "podman", args...)
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimSuffix(string(mountPoint), "\n"), nil
+}
diff --git a/uyuni-tools.changes.mbussolotto.selinux b/uyuni-tools.changes.mbussolotto.selinux
@@ -0,0 +1 @@
+- restore SELinux permission after migration (bsc#1229501)