Backport PR #568 to fix Rawhide lives (rhbz#1663040)

2019-01-15 22:45:22 -08:00 · 2019-01-15 22:45:22 -08:00 · d039d7ce8e
commit d039d7ce8e
parent 238111ee20
2 changed files with 48 additions and 1 deletions
--- a/0001-Don-t-exclude-dev-from-the-setfiles-in-novirt_instal.patch
+++ b/0001-Don-t-exclude-dev-from-the-setfiles-in-novirt_instal.patch
@ -0,0 +1,38 @@
+From 024293968f5ae3e2d2ea6164b7a693c059dc86c3 Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Tue, 15 Jan 2019 10:34:54 -0800
+Subject: [PATCH] Don't exclude /dev from the `setfiles` in `novirt_install`
+
+After a novirt disk image install, we run `setfiles` in the
+install root to ensure some SELinux contexts are correct. /dev
+is currently excluded from this run. However, as reported and
+discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1663040
+it seems that with a recent systemd change, startup of many
+services will fail if /dev itself is incorrectly labelled, and
+in current Rawhide live images, it *is* incorrectly labelled.
+Including `/dev` in this setfiles command appears to resolve the
+problem in my testing.
+
+Resolves: rhbz#1663040
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+---
+ src/pylorax/installer.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pylorax/installer.py b/src/pylorax/installer.py
+index 758c3cf5..6d101609 100644
+--- a/src/pylorax/installer.py
+++ b/src/pylorax/installer.py
+@@ -389,7 +389,7 @@ def novirt_install(opts, disk_img, disk_size, cancel_func=None):
+             log.info(line)
+ 
+         # Make sure the new filesystem is correctly labeled
+-        setfiles_args = ["-e", "/proc", "-e", "/sys", "-e", "/dev",
+        setfiles_args = ["-e", "/proc", "-e", "/sys",
+                          "/etc/selinux/targeted/contexts/files/file_contexts", "/"]
+ 
+         if "--dirinstall" in args:
+-- 
+2.20.1
+
--- a/lorax.spec
+++ b/lorax.spec
@ -4,7 +4,7 @@

 Name:           lorax
 Version:        30.10
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Tool for creating the anaconda install images

 Group:          Applications/System
@ -16,6 +16,11 @@ URL:            https://github.com/weldr/lorax
 # tito build --tgz
 Source0:        %{name}-%{version}.tar.gz

+# Ensure /dev is correctly labelled in live images:
+# https://github.com/weldr/lorax/pull/568
+# https://bugzilla.redhat.com/show_bug.cgi?id=1663040
+Patch0:         0001-Don-t-exclude-dev-from-the-setfiles-in-novirt_instal.patch
+
 BuildRequires:  python3-devel

 Requires:       lorax-templates
@ -158,6 +163,7 @@ build images, etc. from the command line.

 %prep
 %setup -q -n %{name}-%{version}
+%patch0 -p1

 %build

@ -232,6 +238,9 @@ getent passwd weldr >/dev/null 2>&1 || useradd -r -g weldr -d / -s /sbin/nologin
 %{_sysconfdir}/bash_completion.d/composer-cli

 %changelog
+* Tue Jan 15 2019 Adam Williamson <awilliam@redhat.com> - 30.10-2
+- Backport PR #568 to fix Rawhide lives (rhbz#1663040)
+
 * Tue Jan 08 2019 Brian C. Lane <bcl@redhat.com> 30.10-1
 - Remove unneeded else from for/else loop. It confuses pylint (bcl@redhat.com)
 - Turn off pylint warning about docstring with backslash (bcl@redhat.com)