Merge branch 'maint'

Conflicts: debian/changelog doc/conf.py misc/bcfg2-selinux.spec misc/bcfg2.spec osx/Makefile osx/macports/Portfile solaris-ips/MANIFEST.bcfg2-server.header solaris-ips/MANIFEST.bcfg2.header solaris-ips/Makefile solaris-ips/pkginfo.bcfg2 solaris-ips/pkginfo.bcfg2-server solaris/Makefile solaris/pkginfo.bcfg2 solaris/pkginfo.bcfg2-server src/lib/Bcfg2/Client/Tools/APT.py src/lib/Bcfg2/Client/Tools/FreeBSDInit.py src/lib/Bcfg2/Client/Tools/__init__.py src/lib/Bcfg2/Options.py src/lib/Bcfg2/Reporting/Collector.py src/lib/Bcfg2/Reporting/templates/base.html src/lib/Bcfg2/Server/CherrypyCore.py src/lib/Bcfg2/Server/Core.py src/lib/Bcfg2/Server/FileMonitor/__init__.py src/lib/Bcfg2/Server/Lint/Validate.py src/lib/Bcfg2/Server/Lint/__init__.py src/lib/Bcfg2/Server/MultiprocessingCore.py src/lib/Bcfg2/Server/Plugin/__init__.py src/lib/Bcfg2/Server/Plugins/GroupPatterns.py src/lib/Bcfg2/Server/Plugins/Metadata.py src/lib/Bcfg2/Server/Plugins/Packages/Source.py src/lib/Bcfg2/Server/Plugins/Packages/Yum.py src/lib/Bcfg2/Server/Plugins/SSHbase.py src/lib/Bcfg2/Server/Plugins/SSLCA.py src/lib/Bcfg2/version.py src/sbin/bcfg2-info src/sbin/bcfg2-test testsuite/requirements.txt
author: Alexander Sulfrian <alexander@sulfrian.net> 2015-06-12 01:20:16 +0200
committer: Alexander Sulfrian <alexander@sulfrian.net> 2015-06-12 03:39:34 +0200
commit: 33e53dde2a85b8783c8e4935868d9c5f50dea440 (patch)
tree: db7ffd6e4fc403a2d0b361481423003ee674802f /src/lib/Bcfg2/Client/Tools
parent: f6b4bd47fc071f0a5230cbb6f59cbffc6b2b624b (diff)
parent: ee11ee47bf86b67db100d76932a912d8239fa9d9 (diff)
download: bcfg2-33e53dde2a85b8783c8e4935868d9c5f50dea440.tar.gz
bcfg2-33e53dde2a85b8783c8e4935868d9c5f50dea440.tar.bz2
bcfg2-33e53dde2a85b8783c8e4935868d9c5f50dea440.zip
3 files changed, 42 insertions, 22 deletions
diff --git a/src/lib/Bcfg2/Client/Tools/APT.py b/src/lib/Bcfg2/Client/Tools/APT.py
index 5a86e8cd4..abc76ef1c 100644
--- a/src/lib/Bcfg2/Client/Tools/APT.py
+++ b/src/lib/Bcfg2/Client/Tools/APT.py
@@ -68,8 +68,8 @@ class APT(Bcfg2.Client.Tools.Tool):
                      Bcfg2.Options.setup.apt_etc_path))]
         self.nonexistent = [entry.get('name') for struct in config
                             for entry in struct
-                            if entry.tag == 'Path' and
-                            entry.get('type') == 'nonexistent']
+                            if (entry.tag == 'Path' and
+                                entry.get('type') == 'nonexistent')]
         os.environ["DEBIAN_FRONTEND"] = 'noninteractive'
         self.actions = {}
         if Bcfg2.Options.setup.kevlar and not Bcfg2.Options.setup.dry_run:
diff --git a/src/lib/Bcfg2/Client/Tools/FreeBSDInit.py b/src/lib/Bcfg2/Client/Tools/FreeBSDInit.py
index 24bc4cf36..7c25e6804 100644
--- a/src/lib/Bcfg2/Client/Tools/FreeBSDInit.py
+++ b/src/lib/Bcfg2/Client/Tools/FreeBSDInit.py
@@ -42,7 +42,6 @@ class FreeBSDInit(Bcfg2.Client.Tools.SvcTool):
         self.logger.debug('Stopping service %s' % service.get('name'))
         return self.cmd.run(self.get_svc_command(service, 'onestop'))
 
-
     def VerifyService(self, entry, _):
         """Verify Service status for entry."""
         entry.set('target_status', entry.get('status'))  # for reporting
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
index 8895eaae1..488920989 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
@@ -6,9 +6,11 @@ import pwd
 import grp
 import stat
 import copy
+import errno
 import shutil
 import Bcfg2.Client.Tools
 import Bcfg2.Client.XML
+import Bcfg2.Options
 from Bcfg2.Compat import oct_mode
 
 try:
@@ -37,6 +39,22 @@ device_map = dict(block=stat.S_IFBLK,  # pylint: disable=C0103
 
 class POSIXTool(Bcfg2.Client.Tools.Tool):
     """ Base class for tools that handle POSIX (Path) entries """
+
+    options = [
+        Bcfg2.Options.Option(
+            cf=('POSIX', 'secontext_ignore'),
+            default=['anon_inodefs_t', 'bdev_t', 'binfmt_misc_fs_t',
+                     'capifs_t', 'configfs_t', 'cpusetfs_t', 'ecryptfs_t',
+                     'eventpollfs_t', 'futexfs_t', 'hugetlbfs_t', 'ibmasmfs_t',
+                     'inotifyfs_t', 'mvfs_t', 'nfsd_fs_t', 'oprofilefs_t',
+                     'ramfs_t', 'romfs_t', 'rpc_pipefs_t', 'spufs_t',
+                     'squash_t', 'vmblock_t', 'vxfs_t', 'xenfs_t', 'autofs_t',
+                     'cifs_t', 'dosfs_t', 'fusefs_t', 'iso9660_t',
+                     'removable_t', 'nfs_t'],
+            help='secontext types to ignore labeling errors',
+            type=Bcfg2.Options.Types.colon_list)
+    ]
+
     def fully_specified(self, entry):  # pylint: disable=W0613
         """ return True if the entry is fully specified """
         # checking is done by __req__
@@ -272,7 +290,7 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
             rv &= self._apply_acl(defacl, path, posix1e.ACL_TYPE_DEFAULT)
         return rv
 
-    def _set_secontext(self, entry, path=None):
+    def _set_secontext(self, entry, path=None):  # pylint: disable=R0911
         """ set the SELinux context of the file on disk according to the
         config"""
         if not HAS_SELINUX:
@@ -284,25 +302,28 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
         if not context:
             # no context listed
             return True
-
-        if context == '__default__':
-            try:
+        secontext = selinux.lgetfilecon(path)[1].split(":")[2]
+        if secontext in Bcfg2.Options.setup.posix_secontext_ignore:
+            return True
+        try:
+            if context == '__default__':
                 selinux.restorecon(path)
-                rv = True
-            except OSError:
-                err = sys.exc_info()[1]
-                self.logger.error("POSIX: Failed to restore SELinux context "
-                                  "for %s: %s" % (path, err))
-                rv = False
-        else:
-            try:
-                rv = selinux.lsetfilecon(path, context) == 0
-            except OSError:
-                err = sys.exc_info()[1]
-                self.logger.error("POSIX: Failed to restore SELinux context "
-                                  "for %s: %s" % (path, err))
-                rv = False
-        return rv
+                return True
+            else:
+                return selinux.lsetfilecon(path, context) == 0
+        except OSError:
+            err = sys.exc_info()[1]
+            if err.errno == errno.EOPNOTSUPP:
+                # Operation not supported
+                if context != '__default__':
+                    self.logger.debug("POSIX: Failed to set SELinux context "
+                                      "for %s: %s" % (path, err))
+                    return False
+                return True
+            err = sys.exc_info()[1]
+            self.logger.error("POSIX: Failed to set or restore SELinux "
+                              "context for %s: %s" % (path, err))
+            return False
 
     def _norm_gid(self, gid):
         """ This takes a group name or gid and returns the
author	Alexander Sulfrian <alexander@sulfrian.net>	2015-06-12 01:20:16 +0200
committer	Alexander Sulfrian <alexander@sulfrian.net>	2015-06-12 03:39:34 +0200
commit	33e53dde2a85b8783c8e4935868d9c5f50dea440 (patch)
tree	db7ffd6e4fc403a2d0b361481423003ee674802f /src/lib/Bcfg2/Client/Tools
parent	f6b4bd47fc071f0a5230cbb6f59cbffc6b2b624b (diff)
parent	ee11ee47bf86b67db100d76932a912d8239fa9d9 (diff)
download	bcfg2-33e53dde2a85b8783c8e4935868d9c5f50dea440.tar.gz bcfg2-33e53dde2a85b8783c8e4935868d9c5f50dea440.tar.bz2 bcfg2-33e53dde2a85b8783c8e4935868d9c5f50dea440.zip