Backport patch for relabeling /var/home on FCOS

Ref: https://github.com/coreos/fedora-coreos-config/issues/2
2018-09-17 14:31:45 -04:00 · 2018-09-17 14:31:45 -04:00 · 623734c384
commit 623734c384
parent 89e03c4b51
2 changed files with 58 additions and 1 deletions
--- a/0001-stages-files-relabel-var-home-and-var-roothome.patch
+++ b/0001-stages-files-relabel-var-home-and-var-roothome.patch
@ -0,0 +1,50 @@
+From 45b75181389d2bc357de524dc32ede787222dedc Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Fri, 14 Sep 2018 15:27:37 -0400
+Subject: [PATCH] stages/files: relabel /var/home and /var/roothome
+
+The behaviour of how `restorecon` handles symlinks changed between RHCOS
+and FCOS. More specifically, `restorecon` will follow symlinks that are
+part of a given path, but not if the target path is a symlink itself.
+On OSTree-based systems, `/home` and `/root` are just symlinks, so the
+newer `restorecon` wasn't actually relabeling anything under there.
+
+Add the real paths to the list of dirs to relabel and add `-i` so that
+it's not a fatal error on non-OSTree-based systems.
+
+Closes: coreos/fedora-coreos-config#2
+---
+ internal/exec/stages/files/files.go  | 2 +-
+ internal/exec/stages/files/passwd.go | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/internal/exec/stages/files/files.go b/internal/exec/stages/files/files.go
+index 077d383..609a0e8 100644
+--- a/internal/exec/stages/files/files.go
+++ b/internal/exec/stages/files/files.go
+@@ -146,7 +146,7 @@ OnFailureJobMode=replace-irreversibly
+ 
+ [Service]
+ Type=oneshot
+-ExecStart=` + distro.RestoreconCmd() + ` -0vRf /etc/selinux/ignition.relabel
+ExecStart=` + distro.RestoreconCmd() + ` -0vRif /etc/selinux/ignition.relabel
+ ExecStart=/usr/bin/rm /etc/selinux/ignition.relabel
+ RemainAfterExit=yes`,
+ 	}
+diff --git a/internal/exec/stages/files/passwd.go b/internal/exec/stages/files/passwd.go
+index 2eecd40..1ae0f02 100644
+--- a/internal/exec/stages/files/passwd.go
+++ b/internal/exec/stages/files/passwd.go
+@@ -41,6 +41,9 @@ func (s *stage) createPasswd(config types.Config) error {
+ 			"/etc/.pwd.lock",
+ 			"/home",
+ 			"/root",
+			// for OSTree-based systems (newer restorecon doesn't follow symlinks)
+			"/var/home",
+			"/var/roothome",
+ 		)
+ 	}
+ 
+-- 
+2.19.0
+
--- a/ignition.spec
+++ b/ignition.spec
@ -73,12 +73,14 @@

 Name:           ignition
 Version:        0.28.0
-Release:        3.git%{shortcommit}%{?dist}
+Release:        4.git%{shortcommit}%{?dist}
 Summary:        First boot installer and configuration tool
 License:        ASL 2.0
 URL:            https://%{provider_prefix}
 Source0:        https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz

+Patch0: 0001-stages-files-relabel-var-home-and-var-roothome.patch
+
 # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
 ExclusiveArch:  %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
 # If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
@ -326,6 +328,7 @@ initramfs on boot.
 # setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html
 # unpack source0 and apply patches
 %setup -T -b 0 -q -n %{repo}-%{commit}
+%patch0 -p1

 # unpack source1 (dracut modules)
 %setup -T -D -a 1 -q -n %{repo}-%{commit}
@ -469,6 +472,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %endif

 %changelog
+* Mon Sep 17 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.28.0-4.gitf707912
+- Backport patch for relabeling /var/home on FCOS
+  https://github.com/coreos/fedora-coreos-config/issues/2
+
 * Thu Sep 06 2018 Luca Bruno <lucab@fedoraproject.org> - 0.28.0-3.gitf707912
 - Add requires for disks stage